Skip to main content
Tag

US-CERT

Microsoft Releases Out-of-Band Security Updates

By News, Patch Management, Patch TuesdayNo Comments

Microsoft Releases Out-of-Band Security Updates

Microsoft's out-of-band security updates address two vulnerabilities, including a zero-day vulnerability in the Internet Explorer (IE) scripting engine.

Microsoft Urges Users to Install Emergency Patches

Microsoft released an emergency set of cumulative updates for Windows 10 devices running the May 2019 update (Windows 10 version 1903) and earlier.

The out-of-band security updates address two vulnerabilities, including a zero-day vulnerability in the Internet Explorer (IE) scripting engine that has been actively exploited in the wild as well as a Microsoft Defender bug.

The IE zero-day vulnerability (CVE-2019-1367) is a remote code execution flaw that could easily enable an attacker who successfully exploited it to gain the same user rights as the current logged-in user.

“If the current user is logged-on with administrative rights, an attacker who successfully exploited the vulnerability could take control of an affected system,” stated Microsoft.

This flaw could also be exploited remotely and online; the attacker could even potentially host their own website specifically-designed to exploit the vulnerability within IE and then trick the end-user to view said website, via email or other means.

U.S. CERT Warns of Microsoft Vulnerabilities

The other released vulnerability (CVE-2019-1255) is a denial-of-service flaw in Microsoft Defender, Microsoft’s standard antivirus that ships with Windows 8 and later operating systems.

According to Microsoft, “an attacker could exploit the vulnerability to prevent legitimate accounts from executing legitimate system binaries.” The flaw allows an attacker to disable the Defender components from executing. Microsoft has released V1.1.16400.2 to the Microsoft Malware Protection Engine to resolve the concern.

“Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software,” stated the U.S. Computer Emergency Readiness Team (CERT). “A remote attacker could exploit one of these vulnerabilities to take control of an affected system.”

These updates stand out seeing as Microsoft typically only releases security updates on Patch Tuesday, the second Tuesday of every month. Microsoft rarely changes their frequency of release unless the updates are considered critically important for security issues.

This release is indeed very important and all Windows users are strongly advised to patch as soon as possible. The update for the IE zero-day vulnerability is a manual update while the Defender bug will be patched automatically and silently within 48 hours of its availability.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Patch Tuesday

HTTP.sys vulnerability fixed in April’s Patch Tuesday

By News, Patch Management, Patch Tuesday5 Comments

In this month’s patch updates from Microsoft there’s a total of 11 bulletins – four Critical and seven Important – covering 26 separate vulnerabilities. “We’re going to look at each of the four Critical updates in turn”, says Robert Brown, Director of Services at Verismic.

Data Encryption The first of the Critical updates from Microsoft, MS15-032, covers 10 separate vulnerabilities in Internet Explorer – nine of which are the most severe and can allow for remote code execution. However, there are two other Critical updates that you should be paying attention to – MS15-033 and MS15-034.

MS15-033 addresses five separate vulnerabilities in Microsoft Office, all of which could allow remote code execution. If that doesn’t encourage you to apply this patch, perhaps you should consider that one of the vulnerabilities within the update is currently being exploited in the wild. This is the only vulnerability in this month’s update that is known to be actively exploited.

The third Critical vulnerability has a CVSS of 10.0 from US-CERT, which is the highest rating possible. This patch should be your first priority above all others. Although the likelihood of this vulnerability being exploited is low it is a credible threat to your business and the potential damage it could cause is massive. The vulnerability can be exploited if an attacker sends a specially crafted HTTP request to an affected Windows system. Unlike the other Critical patches this month, MS15-034 requires no user interaction whatsoever, which makes it so dangerous.

The final Critical bulletin for April, like the first two this month, has a CVSS of 9.3. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or Instant Messenger messages.

The remaining Important bulletins address vulnerabilities that could allow elevation of privilege, bypassing security features, information disclosures, and denial of service vulnerabilities.

Once you’ve prioritised your patches, I would always advise that you stage your roll out by testing and piloting the updates before deploying widely. This will help identify any compatibility issues. This should be done as standard each month, which is something we’ll always do for customers and MSPs through Syxsense.

Update no.

CVSS Score Microsoft rating Affected software Details

MS15-034

10.0 Critical Microsoft Windows Vulnerability in HTTP.sys could allow remote code execution
MS15-032 9.3 Critical Microsoft Windows, Internet Explorer

Cumulative security update for Internet Explorer

MS15-033

9.3 Critical Microsoft Office Vulnerabilities in Microsoft Office could allow remote code execution
MS15-035 9.3 Critical Microsoft Windows Vulnerability in Microsoft Graphics Component could allow remote code execution
MS15-038 7.2 Important Microsoft Windows Vulnerabilities in Microsoft Windows could allow elevation of privilege
MS15-037 6.9 Important Microsoft Windows Vulnerability in Windows Task Scheduler could allow elevation of privilege
MS15-036 4.3 Important Microsoft Server Software, Productivity Software Vulnerability in Microsoft SharePoint Server could allow elevation of privilege
MS15-039 4.3 Important Microsoft Windows Vulnerability in XML Core Services could allow security bypass feature
MS15-042 2.7 Important Microsoft Windows Vulnerability in Hyper-V could allow denial of service
MS15-041 2.6 Important Microsoft Windows, Microsoft .NET Framework Vulnerability in .NET Framework could allow information disclosure
MS15-040 1.9 Important Microsoft Windows

Vulnerability in Active Directory Federation Services could allow information disclosure