Exploit Wednesday December 2018: for tests of new patches of time to spare - drove ...
Yesterday, on Tuesday, at about 10 p.m. Moscow time, Microsoft rolled out patches for new vulnerabilities, thereby giving a start to the monthly race between security administrators and intruders. While the first ones check if the installation of updates of critical business servers will drop into the blue screen, the second ones will disassemble the updated libraries code and try to create working exploits for still vulnerable systems.
For lovers of details - a short reference to the new vulnerabilities under the cut.
Vulnerabilities of the class remote code execution (RCE - remote code execution) always deserve special attention, therefore we will begin with them.
')
A vulnerability was discovered in Windows DNS service CVE-2018-8626 , which allows an attacker to execute arbitrary code on the server, for which he needs to send a specially crafted DNS query. If your domain name service is built on Microsoft technologies, then it’s definitely worth raising the priority for installing this update.
Outlook is a very popular client, and phishing using malicious email attachments is a classic of modern attacks. Therefore, the potential RCE in Outlook is a tasty morsel for malware distributors. In this regard, it is worthwhile to attend to closing the attack vector using CVE-2018-8587 , and not to forget about closing the vulnerability fan in the entire office suite: Edge, Internet Explorer, Excel and PowerPoint fixed 8 vulnerabilities that allow installing a malicious module into the system.
Adobe products also often become entry points in an enterprise network. For example, last month, a medical institution of a large Russian state structure was attacked using the zero-day vulnerability in Flashplayer, and the code from CVE-2018-15982 is already available for two days on Github (the link will not be given for obvious reasons). Yesterday, Adobe released patches for Acrobat Reader - if in your company it, as well as in many, is a standard application for viewing PDF, then increase the priority and this update.
We remind you that security updates must be tested before use in a combat environment. But do not delay with the tests, as while you are busy with them, comrades on the other side of the barricades are actively trying to write new exploits until the systems are patched.
A list of known problems with patches from MS can be found here .
For lovers of details - a short reference to the new vulnerabilities under the cut.
Vulnerabilities of the class remote code execution (RCE - remote code execution) always deserve special attention, therefore we will begin with them.
')
A vulnerability was discovered in Windows DNS service CVE-2018-8626 , which allows an attacker to execute arbitrary code on the server, for which he needs to send a specially crafted DNS query. If your domain name service is built on Microsoft technologies, then it’s definitely worth raising the priority for installing this update.
Outlook is a very popular client, and phishing using malicious email attachments is a classic of modern attacks. Therefore, the potential RCE in Outlook is a tasty morsel for malware distributors. In this regard, it is worthwhile to attend to closing the attack vector using CVE-2018-8587 , and not to forget about closing the vulnerability fan in the entire office suite: Edge, Internet Explorer, Excel and PowerPoint fixed 8 vulnerabilities that allow installing a malicious module into the system.
Adobe products also often become entry points in an enterprise network. For example, last month, a medical institution of a large Russian state structure was attacked using the zero-day vulnerability in Flashplayer, and the code from CVE-2018-15982 is already available for two days on Github (the link will not be given for obvious reasons). Yesterday, Adobe released patches for Acrobat Reader - if in your company it, as well as in many, is a standard application for viewing PDF, then increase the priority and this update.
We remind you that security updates must be tested before use in a combat environment. But do not delay with the tests, as while you are busy with them, comrades on the other side of the barricades are actively trying to write new exploits until the systems are patched.
A list of known problems with patches from MS can be found here .
Source: https://habr.com/ru/post/432930/
All Articles