Hackers Exploit Sirens in Dallas
Spring has sprung and the sirens are already sounding – that is for 1.6 million residents in Dallas last week. It has been reported that 156 emergency sirens were enabled for 90 minutes last weekend due to a possible hack of the computer system. This is one of the largest breaches known to have happened for this vital warning system which is normally reserved for alerting residents of tornadoes and other dangerous weather. See the full details of the recent hack on Dallas here.
The next time you hear about a complex cyber-attack on a business, there is a good chance it was performed by one or a small group of individuals taking advantage of basic vulnerabilities in the environment.
There is little evidence to suggest that all successful attacks are complex and require whole teams of computer geeks, armed to the teeth with the latest security probing tools. The root cause of cyber-attacks is often far more straightforward – you are not patching your environment, or you are only patching in response to threats. Keep an eye out later this month as we release our “Avoiding Patch Doomsday” advice. This whitepaper gives you the knowledge and tools to protect your environment.
Microsoft Updates
We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.
| ID | Description | CVSS Score | Recommended High Priority |
| CVE-2017-0158 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | 8.8 | Yes |
| CVE-2017-0197 | Microsoft Office Insecure Library Loading Vulnerability | 8.8 | Yes |
| CVE-2017-0199 | Microsoft Office Arbitrary Code Execution Vulnerability | 8.8 | Yes |
| CVE-2017-0200 | Microsoft Edge Memory Corruption Vulnerability | 8.8 | Yes |
| CVE-2017-0204 | Microsoft Office Security Bypass Vulnerability | 8.8 | Yes |
| CVE-2017-0205 | Microsoft Edge Memory Corruption Vulnerability | 8.8 | Yes |
| CVE-2017-0166 | Microsoft Windows LDAP Request Processing Privilege Escalation Vulnerability | 8.1 | Yes |
| CVE-2017-0106 | Microsoft Outlook Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-0160 | Microsoft .NET Framework Arbitrary Code Execution Vulnerability | 7.8 | Yes |
| CVE-2017-0189 | Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability | 7.7 | Yes |
| CVE-2017-0162 | Microsoft Windows Hyper-V Arbitrary Code Execution Vulnerability | 7.6 | Yes |
| CVE-2017-0163 | Microsoft Windows Hyper-V Arbitrary Code Execution Vulnerability | 7.6 | Yes |
| CVE-2017-0180 | Microsoft Windows Arbitrary Code Execution Vulnerability | 7.6 | Yes |
| CVE-2017-0181 | Microsoft Windows Arbitrary Code Execution Vulnerability | 7.6 | Yes |
| CVE-2017-0194 | Microsoft Office Memory Corruption Vulnerability | 7.5 | Yes |
| CVE-2017-0169 | Microsoft Windows Hyper-V Information Disclosure Vulnerability | 7.3 | Yes |
| CVE-2017-0202 | Microsoft Internet Explorer Memory Corruption Vulnerability | 7.1 | Yes |
| CVE-2017-0155 | Microsoft Windows Graphics Elevation of Privilege Vulnerability | 6.9 | |
| CVE-2017-0156 | Microsoft Windows Graphics Component Privilege Escalation Vulnerability | 6.9 | |
| CVE-2017-0165 | Microsoft Windows Privilege Escalation Vulnerability | 6.6 | |
| CVE-2017-0201 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | 6.4 | |
| CVE-2017-0179 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.8 | |
| CVE-2017-0182 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.8 | |
| CVE-2017-0183 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.8 | |
| CVE-2017-0185 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.7 | |
| CVE-2017-0186 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.7 | |
| CVE-2017-0191 | Microsoft Windows Denial of Service Vulnerability | 5.7 | |
| CVE-2017-0178 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.4 | |
| CVE-2017-0184 | Microsoft Windows Hyper-V Denial of Service Vulnerability | 5.4 | |
| CVE-2017-0210 | Microsoft Internet Explorer Security Bypass Vulnerability | 5.3 | |
| CVE-2017-0211 | Microsoft Windows Document Processing Privilege Escalation Vulnerability | 4.9 | |
| CVE-2017-0058 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.7 | |
| CVE-2017-0164 | Microsoft Windows Active Directory Denial of Service Vulnerability | 4.4 | |
| CVE-2017-0188 | Microsoft Windows Win32k Kernel Driver Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-0192 | Microsoft Windows Font Driver Library Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-0195 | Microsoft Office Cross-Site Scripting Vulnerability | 4.3 | |
| CVE-2017-0207 | Microsoft Office Security Bypass Vulnerability | 4.3 | |
| CVE-2017-0208 | Microsoft Edge Scripting Engine Information Disclosure Vulnerability | 4.3 | |
| CVE-2017-0093 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability | 4.2 | |
| CVE-2017-0203 | Microsoft Edge Security Bypass Vulnerability | 4.2 | |
| CVE-2017-0168 | Microsoft Windows Hyper-V Information Disclosure Vulnerability | 3.8 | |
| CVE-2017-0159 | Microsoft Windows Active Directory Federation Services Security Bypass Vulnerability | 3.7 | |
| CVE-2017-0167 | Microsoft Windows Kernel Information Disclosure Vulnerability | 3.3 |
Get Started
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.
