make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

Vulnerability Information Update: May 2017

05/23/2017  |  By: Jason Riddle, CISSP, President, Information Security

Share

Social Logo Social Logo Social Logo Social Logo

Microsoft Releases Emergency Out-of-Band Patch for Malware Protection Engine

Just one day before Microsoft’s monthly Patch Tuesday, the company released a security advisory to address a severe remote code execution vulnerability in the Microsoft Malware Protection Engine.  According to Microsoft, if the engine scans a specially crafted file that is present on a system, an attacker could execute code in the security context of the LocalSystem account and take full control of the affected host.  The Microsoft Malware Protection Engine is used in numerous Microsoft antimalware products, such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, Microsoft System Center Endpoint Protection, Microsoft Forefront Endpoint Protection 2010, Microsoft Forefront Security for SharePoint Service Pack 3, and Windows Intune Endpoint Protection.  It is recommended that users ensure that any affected products are updated to the latest version to ensure that the installation is not vulnerable to exploitation.

Additional information on this vulnerability:

Intel Patches Nine-Year-Old Privilege Escalation Vulnerability in CPUs

Intel recently addressed a nine-year-old privilege escalation vulnerability in certain versions of its Active Management Technology (AMT), Standard Manageability (ISM), and Small Business Technology (SBT) products.  According to Intel, there are two avenues to exploit this vulnerability.  First, an unprivileged network attacker could gain system privileges to systems running vulnerable versions of ATM and ISM products.  Second, an unprivileged local attacker could provision manageability features and obtain unprivileged network or local system privileges on systems running vulnerable versions of AMT, ISM, or SBT.  Intel has released a firmware update to address this and has stated that consumer PCs are not impacted.  Additionally, there have not been any reports indicating that this vulnerability is currently exploited in the wild.  It is recommended to apply the update as soon as possible if Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 are used.

Additional information on this patch:

Microsoft Patches Three Actively Exploited Vulnerabilities for Patch Tuesday

This month Microsoft released updates to address 57 vulnerabilities, three of which are zero day vulnerabilities that are currently under attack in the wild.  The first is a remote code execution vulnerability in Microsoft Office (CVE-2017-0261) that can be exploited if a user opens a specially crafted Encapsulated PostScript (EPS) file containing a malformed graphics image.  Current attacks have been utilizing phishing techniques to convince users to open an EPS file.  The second is a privilege escalation vulnerability in Windows (CVE-2017-0263) that is due to the kernel-mode driver’s failure to properly handle objects in memory.  According to Microsoft, if an attacker is able to successfully exploit this vulnerability, they could run arbitrary code in kernel mode.  The attacker would have the potential to create new accounts with full user rights as well as install programs.  The third zero day vulnerability is a remote execution vulnerability that exists in Internet Explorer (CVE-2017-0222) and is due to an incorrect way of accessing objects in memory.  An attacker who successfully exploits this vulnerability could execute code in the context of the current user.  This can be especially dangerous if the current user has administrative level privileges.  Microsoft states that an attacker could host a specially crafted webpage that exploits this vulnerability and employ phishing techniques to lure users to visit the website.  It is strongly recommended to apply the updates to address these three vulnerabilities immediately.  Microsoft also released updates to address numerous vulnerabilities in SMBv1, including three critical remote code execution vulnerabilities.  It is recommended to apply these updates as soon as possible or disable SMBv1 if it is not necessary.

Additional information on this patch:

Vulnerability Information Update: May 2017