Microsoft and Adobe June 2017 Patch Tuesday: Two Exploited Vulnerabilities Patched
Today, Microsoft and Adobe released their usual monthly security updates. Microsoft patched a total of 96 different vulnerabilities. Three vulnerabilities have already been disclosed publicly, and two vulnerabilities stick out for being already exploited according to Microsoft:
This vulnerability can be exploited when a user views a malicious shortcut file. Windows shortcuts use small files that describe the shortcut. The file will tell Windows what icon to display to represent the file. By including a malicious icon reference, the attacker can execute arbitrary code. This problem is probably easiest exploited by setting up a malicious file share, and tricking the user into opening the file share via a link. Similar vulnerabilities have been exploited in Windows in the past. Exploits should surface shortly in public. Microsoft's description of the vulnerability is a bit contradicting itself. In the past, if a vulnerability had already been exploited in the wild, Microsoft labeled them with an exploitability of "0". In this case, Microsoft uses "1", which indicates that exploitation is likely. But on the other hand, the vulnerability is already being exploited.
ETERNALBLUE Reloaded? This vulnerability is another one that is already exploited according to Microsoft. The vulnerability is triggered by sending a malicious "Search" message via SMB. The bulletin does not state if exploitation requires authentications. The attacker will have full administrative access to the system, so this vulnerability can also be exploited for privilege escalation.
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments
Anonymous
Jun 13th 2017
7 years ago
Anonymous
Jun 13th 2017
7 years ago
Anonymous
Jun 13th 2017
7 years ago
"At this time, .NET Framework 4.7 is not supported by Exchange Server. Please resist installing it on any of your systems after its release to Windows Update."
https://blogs.technet.microsoft.com/exchange/2017/06/13/net-framework-4-7-and-exchange-server/
Anonymous
Jun 14th 2017
7 years ago
Anonymous
Jun 14th 2017
7 years ago
high priority / newly released WinXP32 fixes for issues currently being exploited:
KB4024402 - CVE-2017-8543 - Windows Search Remote Code Execution Vulnerability
KB3197835 - CVE-2017-7269 - WebDAV remote code execution vulnerability
KB4024323 - CVE-2017-8461 - Windows RPC remote code execution vulnerability
KB4025218 - CVE-2017-8487 - Windows olecnv32.dll remote code execution vulnerability
KB4012598 - MS17-010 (WannaCry) - Critical Security Update for Microsoft Windows SMB Server
KB4022747 - CVE-2017-0176 - Remote desktop protocol remote code execution vulnerability
KB4018271 - CVE-2017-0222 - Internet Explorer Memory Corruption Vulnerability
older but critical fixes:
KB958644 - MS08-067 - Critical Vulnerability in Server Service Could Allow Remote Code Execution
KB2347290 - MS10-061 - Critical Vulnerability in Print Spooler Service Could Allow Remote Code Execution
medium priority WinXP32 fixes:
KB4019204 - CVE-2017-8552 - Win32k Elevation of Privilege Vulnerability
* KB4019204 is not remotely exploitable; have to login to system first
lower priority WinXP32 fixes:
KB4018466 - CVE-2017-0267 to 0280 - Windows SMB Remote Code Execution Vulnerabilities
* KB4018466 not being currently exploited
KB4012583 - MS17-013 - Critical Security Update for Microsoft Graphics Component
* KB4012583 has no public exploit; but NSA has an exploit that may have been stolen by Russia
Anonymous
Jun 15th 2017
7 years ago
Both KB4022719 and KB4022726 mention updates for IE and the corresponding security-only updates KB4022722 and KB4022717 do not.
But the previous months, the support articles for the security-only updates explicitly mentioned this difference and listed the KB numbers for the IE updates.
Where are the updates for IE this month?
Anonymous
Jun 16th 2017
7 years ago
"If an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected."
"Microsoft is researching this problem and will post more information in this article when the information becomes available."
I learned this in a BAD way. :[
Anonymous
Jun 19th 2017
7 years ago