All Posts

86 posts

September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.

Update: Following Patch Tuesday, Microsoft updated the entries for CVE-2019-1214 and CVE-2019-1215 to remove the “exploited” label.

Continue reading …

August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns

Update Aug 13, 2019: Detect and Patch Windows Remote Desktop Vulnerabilities

This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.

Continue reading …

Countdown to Black Hat: Top 10 Sessions to Attend — #9 and #10

With Black Hat USA 2019 now in progress, we wrap up this blog series with our final two session recommendations: Attacking and Defending the Microsoft Cloud and Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale.

Attacking and Defending the Microsoft Cloud, which focuses on protecting Office 365 and Azure Active Directory, explores the most common attacks against the cloud and describes effective defenses and mitigation. While it focuses on Microsoft, some topics apply to other providers. The speakers — Trimarc CTO Sean Metcalf, and Mark Morowczynski, a Principal Program Manager at Microsoft, will cover topics including account compromise and token theft; methods to detect attack activity; and secure cloud administration.

Meanwhile, Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale, outlines how Netflix identifies and eliminates vulnerabilities in the open source software components it uses in its applications at scale. The speaker, Aladdin Almubayed, is a Senior Application Security Engineer at Netflix who will describe the stages in Netflix’s automation strategy and the tools it uses.

Continue reading …

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 77 vulnerabilities with 15 of them labeled as Critical. Of the 15 Critical vulns, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server. In addition, Microsoft has released Important patches for two actively exploited privilege escalation vulnerabilities, as well as a SQL Server RCE. Microsoft also issued two advisories for Outlook on the web and Linux Kernel vulnerabilities. Adobe issued patches today for Bridge CC, Experience Manager, and Dreamweaver.

Continue reading …

Exim MTA Vulnerability (The Return of the WIZard – CVE-2019-10149)

Last week, Qualys issued a security advisory for a vulnerability we discovered during a code review of Exim. This vulnerability can lead to Remote Command Injection, and is currently being actively attacked in the wild. This blog will show you how to quickly identify assets that are impacted by this vulnerability.

Continue reading …

June 2019 Patch Tuesday – 88 Vulns, 21 Critical, Hyper-V Escape, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 88 vulnerabilities with 21 of them labeled as Critical. Of the 21 Critical vulns, 17 are for scripting engines and browsers, and 3 are potential hypervisor escapes in Hyper-V. The remaining vulnerability is an RCE in the Microsoft Speech API. Microsoft also issued guidance on Bluetooth Low Energy FIDO keys, HoloLens, and Microsoft Exchange. Adobe issues patches today for Flash, ColdFusion, and Campaign.

Continue reading …

May 2019 Patch Tuesday – 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.

UPDATE May 15: Microsoft has also issued Remote Desktop patches for Windows XP and Server 2003.

Continue reading …

April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns

This month’s Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution (RCE) vulnerabilities are patched in GDI+ and IOleCvt. Two privilege escalation vulns in Win32k are reported as Actively Attacked, while another in the Windows AppX Deployment Service has a public PoC exploit.

Continue reading …

March 2019 Patch Tuesday – 65 Vulns, 18 Critical, RCEs in DHCP Client, Adobe Vulns

This month’s Patch Tuesday addresses 65 vulnerabilities, with 18 of them labeled as Critical. Thirteen of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office. Three remote code execution (RCE) vulnerabilities are patched in the Windows DHCP Client, as well as an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365. Adobe’s release is light, with only two CVEs patched in Photoshop CC and Digital Editions.

Continue reading …

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

This month’s Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, along with a patch for one of the two reported vulns. Adobe also released updates for Acrobat/Reader, Flash, Coldfusion, and Creative Cloud.

Continue reading …