Skip to main content
Tag

Decemeber Patch Tuesday

||

December Patch Tuesday: Bad Winter

By News, Patch TuesdayNo Comments
[vc_single_image image=”13259″ img_size=”full”]

On the 12th day of December, Verismic sent to me … Top 10 Breaches of 2017!

Throughout this year we have been breaking some of the worst IT security breaches of 2017, which have impacted millions of users worldwide.  We continue to advise our clients the single most important decision you can make to achieve a level of protection for your organization is to onboard a tool like Syxsense to automate the detection of all devices and to automate a rigorous patching processes.  If you need help, please download our Avoiding Patch Doomsday whitepaper or get in touch.

Here are our top 10 IT security breaches for 2017: 

  1. TeamViewer Exploited.  A new vulnerability within TeamViewer has been making news across the internet. In an official statement by the company, they revealed that a GitHub user discovered a vulnerability in TeamViewer’s set of permissions.
  2. Worldwide Malware Attack: Exploring WannaCry.  WannaCry is the worst malware attack of 2017.  As computer virus outbreaks go, this ransomware attack is being called one of the biggest cyberattacks in history and continues to spread worldwide.
  3. Equifax Hack – Cyberattack.  Criminals gained access to certain files in Equifax’s system from mid-May to July by exploiting a weak point in website software affecting 143 million customers worldwide.
  4. Hyatt Hack: Major Data Breach.  41 of its hotels spread across 13 countries confirmed unauthorized access to payment card information.  Hyatt suffered a similar breach affecting 250 hotels located in 50 countries back in 2015.
  5. HBO – Game of Thrones series stolen.  The recent HBO hack may have exposed up to 1.5 terabytes of data.  This is 7 times what Sony lost in the 2014 cyberattack.
  6. CIA Hacks.  Wikileaks recently published the article “Vault 7: CIA Hacking Tools Revealed.”   This list of compromised software includes Notepad++.  When Notepad++ is launched, the original scilexer.dll is replaced by a modified scilexer.dll built by the CIA.
  7. BadRabbit: Newest Ransomware to Target Corporate Networks.  The outbreak began in Russia, infecting big Russian media outlets, but it has already spread.  Several US and UK firms, with corporate entities in the Ukraine and Russia, have already been infected.
  8. Hidden Cobra: North Korea’s History of Hacking.  Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature.
  9. Invasion of the Body Hackers.  On August 29th, the FDA issued an alert regarding Abbott pacemakers.  Formerly known as St. Jude Medical, the Abbott pacemakers have vulnerabilities in their software.
  10. BitPaymer Ransomware Hits NHS.  The hack caused major disruption, leading to thousands of cancelled appointments.

BREAKING NEWS: 1.4 Billion credentials leaked on the Dark Web!

A huge data dump has been found on the dark web containing 1.4 clear text credentials.  At over 41 gigabytes in size, this will take some time to pass through however you can be assured sophisticated programs will be ready soon to exploit software, apps or websites you are using.  Robert Brown, Director of Services at Verismic said, “No matter how complex your passwords are, it is not going to be complex enough if your password is discovered in this data dump.  Two-factor authentication has been around for years, and Syxsense has been using Two-factor since the beginning to protect our customer identity.  Two-factor authentication within Syxsense requires an additional automatically generated password be entered via email or Google Authenticator ensuring no single password gives you full access to the system.  We would highly encourage our clients to leave it enabled as it is enabled by default.”

Companies Plan to Change Third-Party Vendors that Pose Highest Risks!

Global consulting firm Protiviti and the Shared Assessments Program’s annual Vendor Risk Management Benchmark Study finds that a majority (53 percent) of organizations surveyed are likely to exit or change (de-risk) relationships with some vendors due to heightened risk levels.  The study finds that 71 percent of these organizations will likely change their high-risk relationships over the next 12 months.  Robert Brown, Director of Services for Verismic said, “Deployment of Third-party updates to bring them into compliancy is simple if you are using the right systems management toolset & the right approach to deployment of detected updates.”  The full article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

[vc_single_image image=”10055″ img_size=”180×180 px” alignment=”center”]

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

December Patch Tuesday Release

Microsoft addressed 32 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Excel, Microsoft PowerPoint, and Microsoft SharePoint.  The vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security protections, view sensitive information, or cause a denial of service condition.  We have chosen a few updates to prioritise this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact & most importantly the independent CVSS score for the vulnerability.  The independent CVSS scores used in the table below range from 0 to 10.  Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium, and 0-3.9 are Low.

 

CVE ID Vulnerability Alert CVSS Base Score Recommended
CVE-2017-11886 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11890 Microsoft Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11894 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11895 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11899 Microsoft Windows Security Feature Bypass Vulnerability 7.5 Yes
CVE-2017-11901 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11903 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11907 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11912 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11913 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11919 Microsoft Edge and Internet Explorer Information Disclosure Vulnerability 7.5 Yes
CVE-2017-11930 Microsoft Edge and Internet Explorer Memory Corruption Vulnerability 7.5 Yes
CVE-2017-11885 Microsoft Windows RRAS Arbitrary Code Execution Vulnerability 6.6 Yes
CVE-2017-11932 Microsoft Exchange Spoofing Vulnerability 5.4 Yes
CVE-2017-11936 Microsoft SharePoint Cross-Site Scripting Vulnerability 5.4 Yes
CVE-2017-11887 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11906 Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability 4.3
CVE-2017-11927 Microsoft Windows Information Disclosure Vulnerability 4.3
CVE-2017-11934 Microsoft PowerPoint Information Disclosure Vulnerability 4.3
CVE-2017-11888 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11889 Microsoft Edge Memory Corruption Vulnerability 4.2
CVE-2017-11893 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11905 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11908 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11909 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11910 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11911 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11914 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11916 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11918 Microsoft Edge Scripting Engine Memory Corruption Vulnerability 4.2
CVE-2017-11935 Microsoft Excel Arbitrary Code Execution Vulnerability 4.2
CVE-2017-11939 Microsoft Office Information Disclosure Vulnerability 3.1
[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”][dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
|

December Patch Tuesday: Patching Through The Snow

By Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Add Some Layers… To Your Security

Grab your hot chocolate and bundle up: it’s time to stay inside and catch up on the latest Microsoft updates. On this day of December, Microsoft sent to us … 12 bulletins. The holiday month has come around again, and like last year Microsoft have delivered 12 more bulletins to keep us safe.

Of the 12 bulletins, 6 are rated Critical and 6 are rated Important. Last week Microsoft also released 31 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

What do you know about Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)? Microsoft have announced that on 31st July 2018, it will be no longer supported. Why is EMET important? It’s important because it is a freeware security toolkit for Windows.

It provides a unified interface to enable and fine-tune Windows security features. It can be used as an extra layer of defense against malware attacks, after the firewall and before antivirus software.

[vc_single_image image=”11077″]

Robert Brown, Director of Services for Verismic says, “Microsoft have suggested Windows 10 has all the protection it needs and therefore no longer has a need for another layer of security.

Without EMET, customers will have a need greater than ever before to implement a patching policy. Does Windows 10 offer the same level of security? See for yourself here.”

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

This month to help your IT Security Officer we have chosen a few updates from the Microsoft Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS16-144 – This update addresses the vulnerabilities by correcting how Microsoft browser and affected components handle objects in memory, Microsoft browser checks Same Origin Policy for scripts running inside Web Workers and Scripting engines handle objects in memory. As it is publically disclosed and is used by a great number of our customers, we would recommend this be a priority this month.

MS16-145 – An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. As it is publically disclosed and is used by a great number of our customers, we would recommend this be a priority this month.

MS16-146 – This security update addresses the vulnerabilities by correcting how the Windows GDI component handles objects in memory.

]MS16-154 – The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number Bulletin ID Description Impact Restart Requirement Publically Disclosed Exploited Severity CVSS Score
1 MS16-144 Cumulative Security Update for Internet Explorer (3204059)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution Yes Yes No Critical 9.3
2 MS16-145 Cumulative Security Update for Microsoft Edge (3204062)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Remote Code Execution Yes Yes No Critical 9.3
3 MS16-146 Security Update for Microsoft Graphics Component (3204066)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution Yes No No Critical 9.3
4 MS16-147 Security Update for Microsoft Uniscribe (3204063)

This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

Remote Code Execution Yes No No Critical 9.3
5 MS16-148 Security Update for Microsoft Office (3204068)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Remote Code Execution Maybe No No Critical 9.3
6 MS16-149 Security Update for Microsoft Windows (3205655)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

 

Elevation of Privilege Yes No No Important 6.8
7 MS16-150 Security Update for Secure Kernel Mode (3205642)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

 

Elevation of Privilege Yes No No Important 6.8
8 MS16-151 Security Update for Windows Kernel-Mode Drivers (3205651)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

 

Elevation of Privilege Yes No No Important 7.2
9 MS16-152 Security Update for Windows Kernel (3199709)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

 

Information Disclosure Yes No No Important 1.7
10 MS16-153 Security Update for Common Log File System Driver (3207328)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

 

Information Disclosure Yes No No Important 7.2
11 MS16-154 Security Update for Adobe Flash Player (3209498)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

 

Remote Code Execution Yes NA NA Critical NA
12 MS16-155 Security Update for .NET Framework (3205640)

This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

 

Information Disclosure Yes Yes No Important 2.1

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]