Weekly Infosec News Brief: 11-18 June 2017


Microsoft Patch Tuesday Fixes Massive Batch of Vulnerabilities, Including One Being Actively Exploited

Microsoft's "Patch Tuesday" this month fixes 94 vulnerabilities, 27 of which involve potential remote code execution (generally the worst type of vulnerability). The most concerning vulnerability is CVE-2017-8543, a vulnerability in the Windows Search service that Microsoft says is already being actively exploited by malicious parties in the wild. The Search service is remotely accessed via Server Message Block (SMB), the same service that the ETERNALBLUE exploit (abused by WannaCry) abused -- organizations should ensure that the SMB protocol is not exposed outside their firewall.
https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
https://blog.qualys.com/laws-of-vulnerabilities/2017/06/13/microsoft-fixes-94-security-issues-in-massive-june-update
https://www.scmagazine.com/microsoft-releases-patch-tuesday-fixes-including-wannacry-defense/article/668303/
https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/

Adobe Issues Fixes for Flash, Shockwave, and Digital Editions

Adobe released updates for four of their products last week on their usual second-Tuesday patch release day. The updates for Flash, Shockwave, and Digital Editions all fix critical vulnerabilities which can allow for remote code execution, and should be applied immediately (unless you can remove Flash and Shockwave entirely, which you probably can (and should)).
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
https://www.scmagazine.com/adobe-issues-patch-tuesday-fixes/article/668122/


Group Found Using Intel's AMT to Bypass Firewall

Microsoft has published a report detailing the hacking activities of a group they have named "PLATINUM." This group has been observed exploiting Intel's Advanced Management Technology (AMT) to access a virtual serial port to communicate with compromised systems, avoiding detection by conventional network security monitoring technologies at both the network and host levels. This is one reason in favor of segregating server and device management activity onto a separate subnet and allowing access only from specific hosts. This will not entirely avoid such exploits, but it does make them both more difficult and less useful to attackers.
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
https://arstechnica.com/security/2017/06/sneaky-hackers-use-intel-management-tools-to-bypass-windows-firewall/

Comments

Popular posts from this blog

Weekly Infosec News Brief 20-26 July

Weekly Infosec News Brief: 14-20 March

Critical Vulnerability Discovered in IIS 6.0 Web Services