Part of Patch Tuesday also included an advisory ( ADV170020), which is related to Microsoft Office Defense in Depth Update series. This is exactly the sort of bug malware authors seek, as it allows them to have their exploit appear as a trusted file to the target,” ZDI wrote. Since Device Guard relies on a valid signature to determine trustworthiness, malicious files could be executed by making untrusted files seem trusted. ![]() This means attackers could make an unsigned file appear to be signed. “Speaking of malware, this patch fixes a CVE ( CVE-2017-11830) that allows Device Guard to incorrectly validates an untrusted file. It wrote, “ CVE-2017-11830 patches a Device Guard security feature bypass vulnerability that would allow malware authors to falsely authenticated files… CVE-2017-11877 fixes an Excel security feature bypass vulnerability that fails to enforce macro settings, which are often used by malware developers.” Researchers at Zero Day Initiative said that of the critical vulnerabilities it spotted, a distinct malware bypass theme emerged. “These websites could contain specially crafted content that could exploit the vulnerability.” “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website,” Microsoft wrote. Microsoft said if exploited, an attacker could gain the same user rights as the current user. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” wrote Microsoft regarding CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873. “A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Security experts say companies should prioritize patching a half-dozen scripting engine memory corruption vulnerabilities impacting Microsoft’s Edge and Internet Explorer 11 browsers running on versions of Windows 10, Windows 8.1, Windows 7 and Windows Server (version 1709). But, according to an analysis of Patch Tuesday fixes by Qualys, none of the four are being used in active campaigns. In total, 20 of Microsoft’s security fixes were rated critical. ![]() Remote code execution bugs dominated this month’s patches, representing 25 fixes. ![]() Microsoft tackled 53 vulnerabilities with today’s Patch Tuesday bulletin.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |