Don’t Let Ransomware Ruin Your Summer

Summertime beckons lazy days to unwind by the pool. Unfortunately, threatening vulnerabilities and menacing ransomware do not take vacations.

IT security officers must remain ever vigilant in protecting their companies’ systems. In July, Microsoft released a total of 11 bulletins—six rated Critical and five rated Important. Thirty KB updates covering Office 2007 (another junk mail filter update) were also released. Two major antivirus solutions became exposed to critical vulnerabilities in the core engine used in both solutions. In a recent Google Project Zero blog, Tavis Ormandy commented, “These vulnerabilities are as bad as it gets.”He added, “They don’t require any user interaction, they affect the default configuration and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption” (full article here).

The US-CERT (United States Computer Emergency Readiness Team) provides advice on protecting systems from Ransomware infections. Since vulnerable applications and operating systems are targeted in most attacks, it’s recommended to keep operating systems and software up-to-date with the latest patches. Being patched with the latest updates reduces the number of exploitable entry points available to an attacker.Antivirus solutions are not the be-all and end-all solution for securing environments. Recently, two very popular antivirus solutions were exposed. Without a well-planned patch remediation policy, those environments would be in serious trouble if a vulnerability was to spread through their network. Based on insights from industry experts (including our own), it’s vital to pay special attention to the following updates from this month’s Patch Tuesday. The recommendation underscores the anticipated business impact, and most importantly, the independent CVSS score for the vulnerability.START FREE TRIAL

Microsoft Updates

MS16-084 resolves 15 vulnerabilities with Internet Explorer 9 (Windows Vista) to Internet Explorer 11. It affects how IE handles objects within memory, how the Jscript scripting engine works and fixes some XSS/HTML filter validation. Due to the number of customers still using IE, it’s recommended to make this a priority for this month.

MS16-085 plugs 13 vulnerabilities with Microsoft Edge by remediating several memory handle issues, including how Edge implements Address Space Layout Randomisation (ASLR), and how the browser parses HTTP responses. Although there are no known exploits currently publicly disclosed, due to the increase in Windows 10 usage, it’s recommended to make this update a priority this month.

MS16-088 resolves several vulnerabilities with Office 2007 to 2016 by closing several memory/ object issues and how some libraries are validated by Windows. With the rise in exploits being seen using Word, Excel and PowerPoint documents, it’s vital to make this a priority this month.

MS16-093 fixes 52 individual vulnerabilities with Adobe Flash Player on Windows 8.1, Windows 10 and Windows Server 2012 (known as APSB16-25). This update resolves a race condition, as well as improves type confusion and several buffer overflow and memory leaks, including stack corruption that could be used to execute code or information disclosure. Make sure Adobe updates are included within a monthly patching cycle. This is critical, especially when the number of vulnerabilities is resolved by a single update, which dwarfs the number resolved in the entire Microsoft bulletin list.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium and 0-3.9 are Low.

MS16-084 Cumulative Security Update for Internet Explorer (3169991)

(Impact: Remote Code Execution, Restart Requirement: Yes, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker, who successfully exploited the vulnerabilities, could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker is able to install programs as well as view, change or delete data. Even new accounts can be created by the attacker with full user rights.

MS16-085 Cumulative Security Update for Microsoft Edge (3169999)

(Impact: Remote Code Execution, Restart Requirement: Yes, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-086 Cumulative Security Update for JScript and VBScript (3169996)

(Impact: Remote Code Execution, Restart Requirement: Maybe, Severity: Critical, CVSS Score: 9.3)

This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker, who successfully exploited the vulnerability, could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker, who successfully exploited the vulnerabilities, could take control of an affected system. An attacker is able to install programs as well as view, change or delete data. Even new accounts can be created by the attacker with full user rights.

MS16-087 Security Update for Windows Print Spooler Components (3170005)

(Impact: Remote Code Execution, Restart Requirement: Maybe, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.

MS16-088 Security Update for Microsoft Office (3170008)

(Impact: Remote Code Execution, Restart Requirement: Maybe, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-089 Security Update for Windows Secure Kernel Mode (3170050)

(Impact: Information Disclosure, Restart Requirement: Yes, Severity: Important, CVSS Score: 1.7)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.

MS16-090 Security Update for Windows Kernel-Mode Drivers (3171481)

(Impact: Elevation of Privilege, Restart Requirement: Yes, Severity: Important, CVSS Score: 7.2)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-091 Security Update for .NET Framework (3170048)

(Impact: Information Disclosure, Restart Requirement: Maybe, Severity: Important, CVSS Score: 4.3)

This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.

MS16-092 Security Update for Windows Kernel (3171910)

(Impact: Security Feature Bypass, Restart Requirement: Yes, Severity: Important, CVSS Score: 2.1)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features.

MS16-093 Security Update for Adobe Flash Player (3174060)

(Impact: Remote Code Execution, Restart Requirement: Yes, Severity: Critical, CVSS Score: No Score Stated)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2 and Windows 10.

MS16-094 Security Update for Secure Boot (3177404)

(Impact: Security Feature Bypass, Restart Requirement: Yes, Severity: Important, CVSS Score: 1.7)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.

Learn more about Patch Management with Syxsense

This article was originally posted on Channel Partners.