This month’s Patch Tuesday, Microsoft disclosed a critical “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. The exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.

Qualys released a blog post earlier on how to identify SMBv3 vulnerability in your environment:
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

Here we describe how to resolve it with Qualys VMDR®.

Continue reading …

This month’s Patch Tuesday, Microsoft disclosed a remote code execution vulnerability in SMB 3.1.1 (v3) protocol. Even though initial release of the Patch Tuesday did not mention this vulnerability, details of the issue (CVE-2020-0796) were published accidentally on another security vendor’s blog. Microsoft published security advisory ADV200005  and technical guidance soon after the accidental disclosure of the vulnerability.

UPDATE March 12, 2020: Microsoft updated ADV200005 to include CVE-2020-0796 and released patches for affected Windows systems.

Continue reading …

This week offered a representative sampling of different corners of the cyber security world: The monthly Patch Tuesday, a brazen attack against the Olympics, new Meltdown and Spectre concerns, and a boost for Intel’s bug bounty program.

Oh, and the gargantuan Equifax data breach may have been even bigger than previously thought.

Winter Olympics hack confirmed

The 2018 Winter Olympics in Pyeongchang, South Korea are in full swing, featuring the world’s best ice skaters, skiers, hockey players and snowboarders, and also attracting, unfortunately, malicious hackers.

Attackers’ goals seem to be to disrupt the games in a variety of ways by interfering with and disabling IT systems.

Continue reading …

Due to the disclosure of Meltdown and Spectre, Microsoft released several patches last week with the ranking “Important.” While there are no active attacks against these vulnerabilities, a special focus should be placed on any of the browser patches, due to potential attacks using JavaScript.

Continue reading …

This December Patch Tuesday is considerably lighter than last month’s patch releases.  While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based.

Overall, this month’s updates address are fixes for 32 unique CVEs, 19 of which are critical, and 24 of which address remote code execution at varying severity levels. No active exploits are listed by Microsoft again this month.

Continue reading …

Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.

Continue reading …

Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.

Continue reading …

Happy New Year! In the first Patch Tuesday of 2017 Microsoft fixed only 3 vulnerabilities which makes it one of the smallest patch months ever. Patches were released for Microsoft Office, the Edge browser and LSASS.  It’s an unusually small patch update and will definitely make system administrators happy. It is worth noting that starting next month Microsoft will scrap the existing system where users get a document each month in favor of a new ‘single destination for security vulnerability information’ called the Security Updates Guide. The new security portal is driven by an online database, and instead of having to browse through an index of documents, users can sort, search, and filter the database to find details about a specific security bulletin and its associated updates.

Continue reading …