Exploit Wednesday December 2018: for tests of time patches to spare - drove ...

    Yesterday, on Tuesday, at about 10:00 pm in Moscow, Microsoft rolled out patches for new vulnerabilities, thereby giving a start to the monthly race between security administrators and intruders. While the former are checking whether the installation of updates by critical business servers will fall into a blue screen, the latter will disassemble the code of the updated libraries and try to create working exploits for still vulnerable systems.

    For lovers of the details - a short reference to the new vulnerabilities under the cut.

    image

    Vulnerabilities of the remote code execution class (RCE - remote code execution) always deserve special attention, therefore we will begin with them.

    A vulnerability was discovered in Windows DNS service CVE-2018-8626 , which allows an attacker to execute arbitrary code on the server, for which he needs to send a specially crafted DNS query. If your domain name service is built on Microsoft technologies, then it’s definitely worth raising the priority of installing this update.

    Outlook is a very popular client, and phishing using malicious email attachments is a classic of modern attacks. Therefore, the potential RCE in Outlook is a tasty morsel for malware distributors. In this regard, it is worthwhile to attend to the closure of the attack vector using CVE-2018-8587and do not forget about closing the vulnerability fan in the entire office suite: Edge, Internet Explorer, Excel and PowerPoint eliminated 8 vulnerabilities that allow installing a malicious module in the system.

    Adobe products also often become entry points in an enterprise network. For example, last month a medical institution of a large Russian state structure was attacked using the zero-day vulnerability in Flashplayer, and the code from CVE-2018-15982 is already available for two days on Github (the link will not be given for obvious reasons). Yesterday, Adobe released patches for Acrobat Reader - if in your company it, as well as in many, is a standard application for viewing PDF, then increase the priority and this update.

    We remind you that security updates must be tested before use in a combat environment. But do not delay with the tests, as while you are busy with them, comrades on the other side of the barricades are actively trying to write new exploits until the systems are patched.

    A list of known problems with patches from MS can be found here .

    Also popular now: