Martijn Lammerts
My own digital place with a little of everything

March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild

Microsoft’s Patch Tuesday for March addressed 64 vulnerabilities, 17 of which were rated critical, 45 important, one moderate, and another low in severity. Two of these vulnerabilities, CVE-2019-0797 and CVE-2019-0808, were reported to have been actively exploited in the wild. The patches addressed security flaws in a number of Microsoft products and services: .NET Framework, Edge, Exchange, Internet Explorer, Office, Office Services and Web Apps, NuGet, Team Foundation Server, and Windows. Seven of the vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI).

The post March’s Patch Tuesday Fixes Privilege Escalation Vulnerabilities Exploited in the Wild appeared first on .

Continue reading...

February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server

Microsoft released 77 updates, along with three new advisories, in this month’s Patch Tuesday. The bulletin patches four publicly known bugs, rated Important, and one that is under active attack. It includes fixes for ChakraCore, Edge, Exchange Server, Internet Explorer (IE), Microsoft Windows, Office and Microsoft Office Services and Web Apps, Azure, Team Foundation Services, and the .NET Framework.

The post February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server appeared first on .

Continue reading...

January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities

Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.

The post January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities appeared first on .

Continue reading...

December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities

The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.

The post December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities appeared first on .

Continue reading...

SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload

Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe.

The post SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload appeared first on .

Continue reading...

Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode

We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has been effectively disabled by default.

The post Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode appeared first on .

Continue reading...

Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode

We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has been effectively disabled by default.

The post Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode appeared first on .

Continue reading...