Zero Day Vulnerabilities Exploited by Microsoft Patches

This Patch Tuesday has seen Microsoft release several updates for serious vulnerabilities, some of which are being constantly exploited in the open. Microsoft is pleading with companies to apply the patches now to keep their systems safe. Some of the vulnerabilities are simple to exploit, requiring little experience or knowledge

Overall, 62 vulnerabilities have been patched, including 33 that can lead to remote code execution. Out of the 62 vulnerabilities, 23 are rated as critical and 34 as important.

A critical vulnerability in the Windows Search service, CVE-2017-11771 can be exploited via SMB and used to take control of a server or workstation. While this vulnerability is not connected to the SMBv1 vulnerabilities that were exploited in the WannaCry ransomware cyberattacks, it is just as dangerous and should be addressed as a matter of urgency.

Three of critical vulnerabilities are related to the Windows DNS client and are heap buffer-overflow vulnerabilities, all of which have been tackled with the CVE-2017-11779 security update. These flaws could be exploited with no user interaction needed.

The flaws are found in a data record feature – NSEC3 – of the secure Domain Name System protocol, DNSSEC. DNSSEC digitally signs the DNS to stop spoofing and was introduced to help cut out man-in-the-middle attacks. Nick Freeman, a senior researcher at Bishop Fox discovered weaknesses.

Exploitation of the vulnerabilities would require an person to be on the same network, which would limit the attack method to those internal to an organization. However, if an attacker was able to carry out a man-in-the-middle attack and intercept DNS requests from the target’s machine, it would be possible to control DNS flow and gain full management of the victim’s machine. This cyberattack would be relatively simple to pull off if a person used their work laptop to log on via an unsecured WiFi hotspot.

A remote code execution vulnerability in Microsoft Office, CVE-2017-011826 is already being used in attacks against organizations. The weakness is being exploited by sending specially crafted office files via email. If these office files are opened, the attacker gains the same management rights as the user. If opened by a user with an administrator privileges, the attacker could take full control of the user’s system. Even though the flaw is being exploited in the open, it has only been marked as critically important by Microsoft.

Microsoft has also announced that it is discontinuing support for Windows 10 November Update Version 1511 and Office 2007 as of October 11, 2017.

As was seen during the WannaCry and NotPetya attacks, and the Equifax data breach, neglecting to patch diligently can lead to a very costly data violation. The latest batch of patches released by Microsoft should therefore be applied as quickly as possible.

Author: Defensorum

Share This Post On