Tag: security | Qualys Blog

Windows RDP Remote Code Execution Vulnerability (BlueKeep) – How to Detect and Patch

Posted by Jimmy Graham in The Laws of Vulnerabilities on May 15, 2019

This month’s Microsoft Patch Tuesday included a very high-risk vulnerability (CVE-2019-0708, aka BlueKeep) in Remote Desktop that impacts Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2. This vulnerability allows an unauthenticated attacker (or malware) to execute code on the vulnerable system. It is very likely that PoC code will be published soon, and this may result in a WannaCry-style attack.

Microsoft has not only released patches for Windows 7, Server 2008 & R2, but also has taken the extra step to issue patches for Windows XP and Server 2003. Patch now!

UPDATE: Network Level Authentication (NLA) partially mitigates this vulnerability. QID 90788 (Microsoft Windows Network Level Authentication Disabled) can be used to find hosts that have NLA disabled. This forces the attacker to have valid credentials in order to perform RCE.

12 Comments
Permalink
Tags: bluekeep, microsoft, patch, Patch Tuesday, security, threats & worms, vulnerability management

April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on April 9, 2019

This month’s Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution (RCE) vulnerabilities are patched in GDI+ and IOleCvt. Two privilege escalation vulns in Win32k are reported as Actively Attacked, while another in the Windows AppX Deployment Service has a public PoC exploit.

No Comments
Permalink
Tags: adobe, microsoft, patch, Patch Tuesday, security, vulnerabilities

March 2019 Patch Tuesday – 65 Vulns, 18 Critical, RCEs in DHCP Client, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on March 12, 2019

This month’s Patch Tuesday addresses 65 vulnerabilities, with 18 of them labeled as Critical. Thirteen of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office. Three remote code execution (RCE) vulnerabilities are patched in the Windows DHCP Client, as well as an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365. Adobe’s release is light, with only two CVEs patched in Photoshop CC and Digital Editions.

1 Comment
Permalink
Tags: adobe, microsoft, Patch Tuesday, security, vulnerabilities

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on February 12, 2019

This month’s Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, along with a patch for one of the two reported vulns. Adobe also released updates for Acrobat/Reader, Flash, Coldfusion, and Creative Cloud.

No Comments
Permalink
Tags: 0 day, adobe, flash, microsoft, Patch Tuesday, security, vulnerabilities

November 2018 Patch Tuesday – 62 Vulns, TFTP Server RCE, Adobe PoC

Posted by Jimmy Graham in The Laws of Vulnerabilities on November 13, 2018

This month’s Patch Tuesday addresses 62 vulnerabilities, with 12 of them labeled as Critical. Out of the Criticals, 8 are for the Chakra Scripting Engine used by Microsoft Edge. A Remote Code Execution vulnerability in Windows Deployment Services’ TFTP server is also addressed in this release. Adobe also patched three Important vulnerabilities this month, although there is a PoC exploit available for Adobe Acrobat and Reader.

No Comments
Permalink
Tags: adobe, microsoft, patch, Patch Tuesday, security, vulnerabilities, vulnerability management

October 2018 Patch Tuesday – 49 Vulns, Critical browser patches, Hyper-V, Adobe vulns

Posted by Animesh Jain in The Laws of Vulnerabilities on October 9, 2018

In this month’s Patch Tuesday release there are 49 vulnerabilities patched with 12 Criticals. Out of the criticals, over half are browser-related, with the rest including Hyper-V and MSXML Parser. Microsoft Exchange covers CVE-2010-3190 which was not identified as in-scope product when originally published, per Microsoft. Microsoft Office covers 9 Important CVEs including Sharepoint and Graphics component.

No Comments
Permalink
Tags: adobe, microsoft, Patch Tuesday, security, vulnerabilities, vulnerability management

September 2018 Patch Tuesday – 61 Vulns, FragmentSmack, Hyper-V Escape

Posted by Jimmy Graham in The Laws of Vulnerabilities on September 11, 2018

In this month’s Patch Tuesday release there are 61 vulnerabilities patched with 17 Criticals. Out of the criticals, most are browser-related, with the rest including Windows, Hyper-V, and .net Framework. A vulnerability (CVE-2018-8475) in Windows’ image parsing has been publicly disclosed, in addition to a vulnerability (CVE-2018-8457) in the Scripting Engine.

No Comments
Permalink
Tags: adobe, flash, microsoft, patch, Patch Tuesday, security, vulnerabilities, vulnerability management

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

Posted by Jimmy Graham in Security Labs, Web Application Security on August 23, 2018

A new remote code execution vulnerability in Apache Struts 2, CVE-2018-11776, was disclosed yesterday. While this vulnerability does not exist with a default configuration of Struts, it does exist in commonly seen configurations for some Struts plugins.

Update August 24, 2018: A dashboard for this vulnerability is now available to download.

No Comments
Permalink
Tags: apache, security, Struts, vulnerabilities, vulnerability

August Patch Tuesday – 63 Vulns, L1TF (Foreshadow), Exchange, SQL, Active Attacks on IE flaw

Posted by Jimmy Graham in The Laws of Vulnerabilities on August 14, 2018

In this month’s Patch Tuesday release there are 63 vulnerabilities patched with 20 Criticals. Out of the criticals, over half are browser-related, with the rest including Windows, SQL, and Exchange. Active exploits have been detected against CVE-2018-8373, one of the scripting engine vulnerabilities.

No Comments
Permalink
Tags: adobe, microsoft, Patch Tuesday, security, vulnerabilities, vulnerability management

July Patch Tuesday – Critical browser patches, Lazy FP, Exchange, Adobe vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on July 10, 2018

This month’s Patch Tuesday is medium in weight, with 54 CVEs containing 17 Criticals. All but two of the Critical vulnerabilities are in Microsoft’s browsers or browser-related technologies. An additional speculative execution vulnerability announced in June was patched as well. Adobe has also released patches covering multiple product each with multiple CVEs.

No Comments
Permalink
Tags: adobe, microsoft, oracle, patch, Patch Tuesday, security, vulnerabilities