VERT Threat Alert: June 2017 Patch Tuesday Analysis

0

Today’s VERT Active addresses the Microsoft June 2017 Security Updates. VERT is actively implement on coverage for these vulnerabilities and expects to ship ASPL-729 on Wednesday, June 14th.In-The-Wild & Revealed CVEsCVE-2017-8543According to Microsoft’s Security Guidance, they are in the know of in-the-wild exploitation against CVE-2017-8543, a code enactment vulnerability in the Windows Search service. This vulnerability could sanction remote, unauthenticated attackers to take control of a system with a malicious SMB kings ransom.Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Right)CVE-2017-8530According to Microsoft, a same-origin bypass has been publicly informed. The same-origin policy is designed to ensure that a web page can’t access materials outside its origin. This bypass exists in Microsoft Edge.Microsoft has graded this as a 1 on the Exploitability Index (Exploitation More Likely)CVE-2017-8464A vulnerability in Microsoft shortcuts (.LNK pigeon-holes) has been publicly exploited. If a user accesses a folder or share with a malicious .LNK parade, code could execute in the context of the user. This vulnerability is a prime aspirant for memory card / flash drive malware, which would be enthusiastically effective if planted during the manufacturing process.Microsoft has rated this as a 1 on the Exploitability Pointer (Exploitation More Likely)CVE-2017-8523A second same-origin go, again in Microsoft Edge, has also been publicly disclosed.Microsoft has merited this as a 1 on the Exploitability Index (Exploitation More Likely)CVE-2017-8498The terminating vulnerability in this list is an Information Disclosure in Microsoft Edge that could tolerate an attacker to detect the installed browser extensions.Microsoft has rated this as a 2 on the Exploitability Sign (Exploitation Less Likely)FYI VulnerabilitiesWhile many of the issues stationary today are typical for Patch Tuesday, there are a few that are worth highlighting.Microsoft Shelter Advisory 4025685Microsoft has released a security advisory with a rather commodious list of well-known (and some not so well-known) vulnerabilities dating back to 2008. In augmentation to patches for currently supported operating systems, Microsoft has made updates at for a number of unsupported operating systems including Windows XP and Server 2003. Some of these CVEs get not been previously referenced and only impact the older operating schemes. Ensure that you review this full advisory (as well as the associate guidance) to minimize any risk to your environment. Within the advisory, Microsoft has landed that this guidance is being made available due to the heightened gamble from past and threatened nation-state attacks.Other InformationIn augmentation to the Microsoft vulnerabilities included in the June Security Guidance, a security warning was also published.June Flash Security Update [ADV170007]Microsoft has broadcasted an advisory for the June Adobe Flash Security Update (APSB17-17). This encompasses updates for the following vulnerabilities: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084.

Leave a Reply

Your email address will not be published. Required fields are marked *