February and March Microsoft Patch Tuesday
Today, Microsoft released its monthly security bulletins. February's delayed release was combined with this March release, which likely caused the large number of bulletins (18 total, which includes the Adobe Flash bulletin)
You can review the patch summary here: https://isc.sans.edu/mspatchdays.html?viewday=2017-03-14 or via our API.
Probably the most "scary" set of vulnerabilities in this update are CVE-2017-0143, CVE-2017-0144, CVE-2017-0145,CVE-2017-0146, CVE-2017-0148 . These are remote code execution vulnerabilities that allow an unauthenticated user to execute arbitrary code. Microsoft rates the exploitability with "1", indicating that it wouldn't be terribly difficult to develop an exploit for these. Yes, you already blocked SMB at your perimeter. But further reducing your attack surface is always a good idea. You may want to consider disabling SMBv1 (which should not cause any problems if you only use currently supported Windows versions).
The other two server related bulletins, MS17-015 for Exchange and MS17-016 for IIS, are more benign in comparison. Both are XSS vulnerabilities and could be used to elevate privileges by running code in an administrators browser.
Some of the highlights:
Six of the bulletins include vulnerabilities that have either already been made public or that are already being exploited:
MS17-006: One of the Internet Explorer information disclosure vulnerabilities (CVE-2017-0008) has been publicly disclosed in the past. This vulnerability applies to Internet Explorer and Edge (MS17-007).
MS17-007: In addition to CVE-2017-0008, there is a remote code execution vulnerability (%cve:2017-0037%%) that has been disclosed publicly. There are also three different spoofing vulnerabilities that have been disclosed publicly.
MS17-012: A denial of service vulnerability (CVE-2017-0016) has been publicly disclosed. Microsoft does not list this one as exploited, but an exploit has been publicly available for a bit over a month now. This is the SMB_TREE_CONNECT vulnerability that made quite a few headlines when it was released.
MS17-013: One of the 4 GDI elevation of privilege vulnerabilities (CVE-2017-0005) has already been exploited, but details had not been disclosed publicly.
MS17-017: A privilege escalation vulnerability in the Windows Kernel (CVE-2017-0050) has been publicly disclosed.
MS17-022: The XML Core Services Information Disclosure Vulnerability (CVE-2017-0022) has already been exploited. This exploit would target a client, and by loading a malicious XML file and attacker may learn about the existence of files on the disk.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago