Microsoft Patches Vigorously Abused Zero Day Weaknesses

This Bit Tuesday has seen Microsoft release numerous updates for serious weaknesses, a few of which are vigorously misused in the wild. Microsoft is advising companies to use the patches instantly to keep their systems safe. A few of the weaknesses are easy to abuse, needing little skill.

In total, 62 weaknesses have been fixed, including 33 which can lead to distant code implementation. Out of the 62 weaknesses, 23 are ranked as critical and 34 as main.

CVE-2017-11771 is a serious weakness in the Windows Search service, which can be abused through SMB and used to take control of a workstation or server. Although this weakness isn’t related to the SMBv1 weaknesses that were abused in the WannaCry ransomware attacks, it’s just as serious and must be tackled like an urgency.

Three of dangerous weaknesses disturb the Windows DNS user and are heap buffer-overflow weaknesses, all of which have been tackled with the CVE-2017-11779 safety update. These faults could be misused with no user interaction needed.

The errors are in a data record characteristic – NSEC3 – of the safe Domain Name System procedure, DNSSEC. DNSSEC digitally authorizes the DNS to avoid spoofing and was launched to assist avoid man-in-the-middle attacks. A senior researcher at Bishop Fox, Nick Freeman found defects.

Misuse of the weaknesses would require a person on the same system, which would restrict the attack method to hateful insiders. Nevertheless, if an invader was capable to pull off a man-in-the-middle attack and interrupt DNS appeals from the aim’s machine, it would be probable to manage DNS flow and gain complete control of the prey’s machine. This attack would be comparatively easy to be successful if a person utilized their work laptop to gain access to an unsafe WiFi hotspot.

CVE-2017-011826 is a distant code execution weakness in Microsoft Office that is already used in attacks versus companies. The defect is exploited by sending specifically created office files through electronic mail. If opened, the attacker gets the same privileges as the operator. If opened by an operator with an administrator account, the assailant could take complete control of the operator’s system. Although the defect is being misused in the wild, it has just been graded as important by Microsoft.

Microsoft has also verified it has ended support for Windows 10 November Update Edition 1511 as well as Office 2007.

As was underscored by the NotPetya and WannaCry attacks, and the Equifax data breach, the failure to patch quickly can result in a very expensive data breach. The latest series of patches from Microsoft must, therefore, be used as soon as possible.