EDX-Explorer

As part of its monthly Update Tuesday , Microsoft announced Vulnerability-related.PatchVulnerability this week that they ’ ve released Vulnerability-related.PatchVulnerability a preliminary fix for a vulnerability rated important , and present in Vulnerability-related.DiscoverVulnerability all supported versions of Windows in circulation ( basically any client or server version of Windows from 2008 onward ) . The flaw affects Vulnerability-related.DiscoverVulnerability the Credential Security Support Provider ( CredSSP ) protocol , which is used in all instances of Windows ’ Remote Desktop Protocol ( RDP ) and Remote Management ( WinRM ) . The vulnerability , CVE-2018-0886 , could allow remote code execution via a physical or wifi-based Man-in-the-Middle attack , where the attacker steals Attack.Databreach session data , including local user credentials , during the CredSSP authentication process . Although Microsoft says Vulnerability-related.DiscoverVulnerability the bug has not yet been exploited Vulnerability-related.DiscoverVulnerability , it could cause serious damage if left unpatched . RDP is widely used in enterprise environments and an attacker who successfully exploits Vulnerability-related.DiscoverVulnerability this bug could use it to gain a foothold from which to pivot and escalate . It ’ s also popular with small businesses who outsource their IT administration and , needless to say , an attacker with an admin account has all the aces . Security researchers at Preempt say Vulnerability-related.DiscoverVulnerability they discovered and disclosed Vulnerability-related.DiscoverVulnerability this vulnerability to Microsoft last August , and Microsoft has been working since then to create Vulnerability-related.PatchVulnerability the patch released Vulnerability-related.PatchVulnerability this week . Now it ’ s out there , it ’ s a race against time to make sure you aren ’ t an easy target for an attacker who wants to try and kick the tires on this vulnerability . Obviously , patch as soon as possible and please follow Microsoft ’ s guidance carefully : Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers . We recommend that administrators apply the policy and set it to “ Force updated clients ” or “ Mitigated ” on client and server computers as soon as possible . These changes will require a reboot of the affected systems . Pay close attention to Group Policy or registry settings pairs that result in “ Blocked ” interactions between clients and servers in the compatibility table later in this article . Both the “ Force updated clients ” and “ Mitigated ” settings prevent RDP clients from falling back to insecure versions of CredSSP . The “ Force updated clients ” setting will not allow services that use CredSSP to accept unpatched clients but “ Mitigated ” will .

Samba has released Vulnerability-related.PatchVulnerability security updates addressing Vulnerability-related.PatchVulnerability a possible avenue for DoS attacks and attackers changing administrator passwords . Samba 4 users should update now . Open source server platform Samba has issued Vulnerability-related.PatchVulnerability patches for two critical vulnerabilities that could be used to launch denial-of-service attacks or allow anyone to change user and administrator passwords . Samba is a free , open source interoperability suite that extends Windows file and print services to Unix and Linux machines . Businesses that run Unix/Linux and Windows side by side frequently use Samba to link the two operating systems together , making any risk to the security and stability of Samba a serious risk . The vulnerabilities in question Vulnerability-related.DiscoverVulnerability , CVE-2018-1050 and CVE-2018-1057 , are both serious risks for anyone using Samba . If your business has a Samba implementation it 's highly recommended that you install the applicable security updates . What the Samba vulnerabilities can do The first vulnerability , 1050 , affects Vulnerability-related.DiscoverVulnerability all Samba instances version 4.0.0 and up . More specifically , it only affects Vulnerability-related.DiscoverVulnerability version 4.0.0 and up Samba installations that are also running their Remote Procedure Call ( RPC ) Spool Subsystem Service ( spoolss ) as an external daemon ( RPC spoolss is configured to internal by default ) . If the RPC spoolss misses an input sanitization check it can cause the print spooler to crash , effectively killing the ability for anyone using Samba to send files to a printer . The second vulnerability , 1057 , is a far greater risk to Samba security . Like 1050 , it affects Vulnerability-related.DiscoverVulnerability all Samba installations version 4.0.0 and up and allows users to change the passwords of other users , including those with admin rights . 1057 's problem stems from a problem with how Samba Active Directory domain controllers handle permission validations using the lightweight directory access protocol ( LDAP ) . `` The LDAP server incorrectly validates certain LDAP password modifications against the 'Change Password ' privilege , but then performs a password reset operation , '' Samba said . This vulnerability only affects Vulnerability-related.DiscoverVulnerability Samba installations being used as Active Directory domain controllers , so those using Samba in non-domain control roles do n't need to be concerned . If you are using Samba as an AD DC and ca n't install the security patch yet , there is a workaround Samba says you can put in place as a temporary protection measure : revoking password change permissions for `` the world '' group .

Microsoft has rolled-out Vulnerability-related.PatchVulnerability security updates to fix Vulnerability-related.PatchVulnerability a critical remote code execution flaw affecting Vulnerability-related.DiscoverVulnerability Windows Defender and other anti-malware products . Ahead of April 's Patch Tuesday , Microsoft has released Vulnerability-related.PatchVulnerability patches for the critical flaw , which affects Vulnerability-related.DiscoverVulnerability Microsoft Malware Protection Engine , or mpengine.dll , the core of Windows Defender in Windows 10 . `` An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability this vulnerability could execute arbitrary code in the security context of the LocalSystem Account and take control of the system , '' warns Microsoft . `` An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . '' Google Project Zero researcher Thomas Dullien , aka Halvar Flake , discovered Vulnerability-related.DiscoverVulnerability that attackers can trigger a memory-corruption issue in the engine if they can get Windows Defender and other affected Vulnerability-related.DiscoverVulnerability security products to scan a specially-crafted file . Microsoft warns there are many ways an attacker could achieve this , including placing the file on a website , in an email or instant message , on any site that hosts files , or in a shared directory . As with similar vulnerabilities reported Vulnerability-related.DiscoverVulnerability last year by the UK 's National Cyber Security Centre ( NCSC ) and Project Zero , an attack would be instant if the affected antivirus has real-time protection enabled . Although the patch is being released Vulnerability-related.PatchVulnerability before Microsoft 's monthly security update , the bug , CVE2018-0986 , is not an out-of-band patch as Microsoft updates Vulnerability-related.PatchVulnerability the engine as needed . Microsoft also notes that the default configuration for Microsoft 's anti-malware products in the enterprise is to automatically receive Vulnerability-related.PatchVulnerability updates .

Microsoft published earlier today the Patch Tuesday security bulletin for May 2018 , containing Vulnerability-related.PatchVulnerability fixes for 67 security issues . This month , Microsoft fixed Vulnerability-related.PatchVulnerability security flaws in Microsoft Windows , Internet Explorer , Microsoft Edge , ChakraCore , .NET Framework , Microsoft Exchange Server , Windows Host Compute Service Shim , and Microsoft Office and Microsoft Office Services and Web Apps . Microsoft patches Vulnerability-related.PatchVulnerability two zero-days The biggest issue patched Vulnerability-related.PatchVulnerability this month is a zero-day in Internet Explorer that has been abused by a cyber-espionage campaign earlier this month . The zero-day ( CVE-2018-8174 ) affects Vulnerability-related.DiscoverVulnerability not only IE but also any other projects that embed the IE web rendering engine . Microsoft credited researchers from both Qihoo 360 Core Security and Kaspersky Lab for discovering Vulnerability-related.DiscoverVulnerability this issue . The second zero-day is CVE-2018-8120 , an elevation-of-privilege vulnerability in the Win32k component . `` An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability this vulnerability could run arbitrary code in kernel mode . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights , '' Microsoft says . But the flaw is not as dangerous as it sounds , as an attacker already needs a foothold on Windows systems to run his malicious code in the first place , to elevate his access rights . Microsoft also patched Vulnerability-related.PatchVulnerability CVE-2018-8141 ( Windows Kernel Information Disclosure Vulnerability ) and CVE-2018-8170 ( Windows Image Elevation of Privilege Vulnerability ) , for which exploitation details became public . Despite info about these two flaws being published Vulnerability-related.DiscoverVulnerability online , Microsoft says Vulnerability-related.DiscoverVulnerability none were exploited Vulnerability-related.DiscoverVulnerability in the wild . Flash fixes also included Last but not least , the Microsoft May 2018 Patch Tuesday also included a patch for an Adobe Flash Player vulnerability ( CVE-2018-4944 ) that Adobe patched Vulnerability-related.PatchVulnerability earlier today . Below is a table listing of all the security issues Microsoft fixed Vulnerability-related.PatchVulnerability this month . We used PowerShell and the Microsoft API to assemble the table below , but the report is much longer . We hosted the full report on GitHub , here .

Another critical security hole has been found Vulnerability-related.DiscoverVulnerability in Apache Struts 2 , requiring an immediate update . The vulnerability – CVE-2018-11776 – affects Vulnerability-related.DiscoverVulnerability core code and allows miscreants to pull off remote code execution against vulnerable servers and websites . It affects Vulnerability-related.DiscoverVulnerability all versions of Struts 2 , the popular open-source framework for Java web apps . The Apache Software Foundation has `` urgently advised '' anyone using Struts to update Vulnerability-related.PatchVulnerability to the latest version immediately , noting that the last time a critical hole was found Vulnerability-related.DiscoverVulnerability , the holes were being exploited Vulnerability-related.DiscoverVulnerability in the wild just a day later . In other words , if you delay in patching Vulnerability-related.PatchVulnerability , your organization will be compromised in short order via this bug , if you are running vulnerable systems . It was that earlier flaw that led to a nightmare data breach Attack.Databreach from credit company Equifax after it failed to patch Vulnerability-related.PatchVulnerability swiftly enough . The details of nearly 150 million people were exposed Attack.Databreach , costing the company more than $ 600m , so this is not something to be taken lightly . The company that discovered Vulnerability-related.DiscoverVulnerability the vulnerability – Semmle Security Research Team – warns that this latest one is actually worse that the one last year , which it also found Vulnerability-related.DiscoverVulnerability . It has published a blog post with more information . Semmle found Vulnerability-related.DiscoverVulnerability the hole back in April and reported Vulnerability-related.DiscoverVulnerability it to Apache , which put out Vulnerability-related.PatchVulnerability a patch in June that it has now pulled Vulnerability-related.PatchVulnerability into formal updates ( 2.3.35 for those using version 2.3 and 2.5.17 for those on 2.5 ) . As mentioned , the vulnerability is in the core code and does n't require additional plugins to work . It is caused by insufficient validation of untrusted user data in the core of the Struts framework , and can be exploited in several different ways . Semmle says it has identified two different vectors but warns there may be others . Since it can be used remotely and due to the fact that Struts is typically used to create applications that are on the public internet , hackers are going to be especially focused on exploiting it so they can gain access to corporate networks . And there are some big targets out there : Apache Struts is extremely common with most large corporations using it somewhere in their systems for web apps . Semmle 's VP of engineering , Pavel Avgustinov , had this to say about the hole on Wednesday this week : `` Critical remote code execution vulnerabilities like the one that affected Vulnerability-related.DiscoverVulnerability Equifax and the one we announced today are incredibly dangerous for several reasons : Struts is used for publicly-accessible customer-facing websites , vulnerable systems are easily identified , and the flaw is easy to exploit Vulnerability-related.DiscoverVulnerability . A hacker can find their way in within minutes , and exfiltrate Attack.Databreach data or stage further attacks from the compromised system . It ’ s crucially important to update affected systems immediately ; to wait is to take an irresponsible risk . '' This is very far from the first time that big security holes have been found Vulnerability-related.DiscoverVulnerability in Struts , leading some to recommend that people simply stop using it .

As part of Microsoft 's monthly Patch Tuesday updates , a critical flaw in Windows has been patched Vulnerability-related.PatchVulnerability that is actively being exploited Vulnerability-related.DiscoverVulnerability . A vulnerability in the VBScript engine allowed for a zero-day exploit to infect machines by opening specially crafted scripts that can corrupt memory leading to the opportunity for arbitrary code execution . In a web-based attack , specially designed web pages could exploit the same vulnerability when using Internet Explorer . Embedding AcitveX controls that were marked `` safe for initialization '' inside of a Microsoft Office document also allowed for unsafe code to be executed since the IE rendering engine is used . One of the more interesting parts of the attack is that it does not matter what a user 's default browser is . When using VBScript , it is possible to force a web page to be loaded using Internet Explorer even if Chrome , FireFox , Safari , Opera or another browser is set to default . This particular vulnerability has been found Vulnerability-related.DiscoverVulnerability in use and affects Vulnerability-related.DiscoverVulnerability Windows 7 and Windows Server 2008 and newer . Kasperksy Lab has provided a fairly detailed analysis of how the exploit functions . In short , a statement from their security researchers says it all . `` We expect this vulnerability to become one of the most exploited in the near future , as it won ’ t be long until exploit kit authors start abusing it in both drive-by ( via browser ) and spear-phishing Attack.Phishing ( via document ) campaigns . '' In addition to the VBScript flaw discovered Vulnerability-related.DiscoverVulnerability and patched Vulnerability-related.PatchVulnerability , Microsoft has also patched Vulnerability-related.PatchVulnerability a privilege escalation vulnerability . A failure of the Win32k component allows for arbitrary code to be executed in kernel mode . This allows for a standard user account to obtain full system access , although it should be noted that a user must be logged in already to perform the exploit . In this case , both exploits have been patched Vulnerability-related.PatchVulnerability but that does not mean end users and administrators are going to patch Vulnerability-related.PatchVulnerability their systems in a timely manner . It is advised to manually check for updates to verify that all of the latest patches are installed . In total , 67 updates were issued Vulnerability-related.PatchVulnerability solving 21 critically rated vulnerabilities .

Microsoft this week released Vulnerability-related.PatchVulnerability software updates to fix Vulnerability-related.PatchVulnerability roughly 50 security problems with various versions of its Windows operating system and related software , including one flaw that is already being exploited Vulnerability-related.DiscoverVulnerability and another for which exploit code is publicly available . The zero-day bug — CVE-2018-8453 — affects Vulnerability-related.DiscoverVulnerability Windows versions 7 , 8.1 , 10 and Server 2008 , 2012 , 2016 and 2019 . According to security firm Ivanti , an attacker first needs to log into the operating system , but then can exploit this vulnerability to gain administrator privileges . Another vulnerability patched Vulnerability-related.PatchVulnerability on Tuesday — CVE-2018-8423 — was publicly disclosed Vulnerability-related.DiscoverVulnerability last month along with sample exploit code . This flaw involves a component shipped on all Windows machines and used by a number of programs , and could be exploited Vulnerability-related.DiscoverVulnerability by getting a user to open a specially-crafted file — such as a booby-trapped Microsoft Office document . KrebsOnSecurity has frequently suggested that Windows users wait a day or two after Microsoft releases Vulnerability-related.PatchVulnerability monthly security updates before installing the fixes , with the rationale that occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out . This month , Microsoft briefly paused Vulnerability-related.PatchVulnerability updates for Windows 10 users after many users reported losing all of the files in their “ My Documents ” folder . The worst part ? Rolling back to previous saved versions of Windows prior to the update did not restore the files . Microsoft appears to have since fixed Vulnerability-related.PatchVulnerability the issue , but these kinds of incidents Vulnerability-related.PatchVulnerability illustrate the value of not only waiting a day or two to install updates but also manually backing up your data prior to installing patches ( i.e. , not just simply counting on Microsoft ’ s System Restore feature to save the day should things go haywire ) . Mercifully , Adobe has spared Vulnerability-related.PatchVulnerability us an update this month for its Flash Player software , although it has shipped Vulnerability-related.PatchVulnerability a non-security update for Flash .

After scrambling to patch Vulnerability-related.PatchVulnerability a critical vulnerability late last month , Drupal is at it again . The open source content management project has issued Vulnerability-related.PatchVulnerability an unscheduled security update to augment its previous patch for Drupalgeddon2 . There was also a cross-site scripting bug advisory in mid-April . The latest Drupal core vulnerability , designated Vulnerability-related.DiscoverVulnerability , SA-CORE-2018-004 and assigned Vulnerability-related.DiscoverVulnerability CVE-2018-7602 , is related to the March SA-CORE-2018-002 flaw ( CVE-2018-7600 ) , according to the Drupal security team . It can be exploited Vulnerability-related.DiscoverVulnerability to take over a website 's server , and allow miscreants to steal information or alter pages . `` It is a remote code execution vulnerability , '' explained a member of the Drupal security team in an email to The Register . `` No more technical details beyond that are available . '' The vulnerability affects Vulnerability-related.DiscoverVulnerability at least Drupal 7.x and Drupal 8.x . And a similar issue has been found Vulnerability-related.DiscoverVulnerability in the Drupal Media module . In a blog post from earlier this month about the March patch , Dries Buytaert , founder of the Drupal project , observed Vulnerability-related.DiscoverVulnerability that all software has security issues and critical security bugs are rare . While the March bug is being actively exploited Vulnerability-related.DiscoverVulnerability , the Drupal security team says it 's unaware of any exploitation of the latest vulnerability . But it wo n't be long – those maintaining the project observed automated attacks appearing about two weeks after the SA-CORE-2018-002 notice . The fix is to upgrade Vulnerability-related.PatchVulnerability to the most recent version of Drupal 7 or 8 core . The latest code can be found at Drupal 's website . For those running 7.x , that means upgrading to Drupal 7.59 . For those running , 8.5.x , the latest version if 8.5.3 . And for those still on 8.4.x , there 's an upgrade to 8.4.8 , despite the fact that as an unsupported minor release , the 8.4.x line would not normally get Vulnerability-related.PatchVulnerability security updates . And finally , if you 're still on Drupal 6 , which is no longer officially supported , unofficial patches are being developed Vulnerability-related.PatchVulnerability here . Drupal users appear to be taking the release in stride , though with a bit of grumbling . `` Drupal Wednesday looks like the new Windows patch day , '' quipped designer Tom Binroth via Twitter . `` I would rather spend my time on creating new stuff than patching Vulnerability-related.PatchVulnerability Drupal core sites . ''

Microsoft releases Vulnerability-related.PatchVulnerability Intel 's microcode updates , including one to address Vulnerability-related.PatchVulnerability the recently revealed Foreshadow flaw . Microsoft has released Vulnerability-related.PatchVulnerability a set of new microcode patches from Intel that address Vulnerability-related.PatchVulnerability Spectre vulnerabilities , as well as the recently disclosed Foreshadow attacks . The updates are available Vulnerability-related.PatchVulnerability for all supported versions of Windows 10 and Windows Server . As noted on the support page for Windows 10 version 1803 , the microcode updates include mitigations for Spectre Variant 3a , CVE-2018-3640 , Spectre Variant 4 , CVE-2018-3639 , as well as two of the Foreshadow bugs , CVE-2018-3615 and CVE-2018-3646 , which are also known as Vulnerability-related.DiscoverVulnerability L1TF or 'L1 Terminal Fault ' . As Microsoft recently highlighted Vulnerability-related.DiscoverVulnerability , Windows machines with affected Intel CPUs will need microcode as well as software patches to mitigate Vulnerability-related.PatchVulnerability the Foreshadow attacks . Microsoft began helping Intel deliver Vulnerability-related.PatchVulnerability its microcode updates after Intel first started addressing Vulnerability-related.PatchVulnerability the Meltdown and Spectre CPU flaws in January . The microcode updates help mitigate Vulnerability-related.PatchVulnerability Spectre Variant 2 , CVE-2017-5715 . Foreshadow includes CVE-2018-3615 , which affects Vulnerability-related.DiscoverVulnerability Intel 's Software Guard Extensions ( SGX ) enclaves , while CVE-2018-3620 affects Vulnerability-related.DiscoverVulnerability operating systems and System Management Mode ( SMM ) memory . CVE-2018-3646 impacts Vulnerability-related.DiscoverVulnerability virtualization . Microsoft made Vulnerability-related.PatchVulnerability the updates , all dated 8/20/2018 , available Vulnerability-related.PatchVulnerability on the Microsoft Update Catalog this week .

A vulnerability affects Vulnerability-related.DiscoverVulnerability all versions of the OpenSSH client released in the past two decades , ever since the application was released in 1999 . The security bug received Vulnerability-related.PatchVulnerability a patch this week , but since the OpenSSH client is embedded in a multitude of software applications and hardware devices , it will take months , if not years , for the fix to trickle down Vulnerability-related.PatchVulnerability to all affected systems . This particular bug was analyzed Vulnerability-related.DiscoverVulnerability last week by security researchers from Qualys who spotted Vulnerability-related.DiscoverVulnerability a commit in OpenBSD 's OpenSSH source code for a bug report submitted Vulnerability-related.DiscoverVulnerability by Darek Tytko from securitum.pl . After analyzing the commit , researchers realized that the code inadvertently fixed Vulnerability-related.PatchVulnerability a security bug lying dormant in the OpenSSH client since its creation . This bug allows a remote attacker to guess the usernames registered on an OpenSSH server . Since OpenSSH is used with a bunch of technologies ranging from cloud hosting servers to mandate IoT equipment , billions of devices are affected . As researchers explain , the attack scenario relies on an attacker trying to authenticate on an OpenSSH endpoint via a malformed authentication request ( for example , via a truncated packet ) . A vulnerable OpenSSH server would react in two very different ways when this happens . If the username included in the malformed authentication request does not exist , the server responds with authentication failure reply . If the user does exist , the server closes the connection without a reply . This small behavioral detail allows an attacker to guess valid usernames registered on a SSH server . Knowing the exact username may not pose an immediate danger , but it exposes that username to brute-force or dictionary attacks that can also guess its password . Because of OpenSSH 's huge install base , the bug is ideal for both attacks on high-value targets , but also in mass-exploitation scenarios . The bug — tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-15473— has been patched Vulnerability-related.PatchVulnerability in the stable version of OpenSSH —1:6.7p1-1 and 1:7.7p1-1— and the 1:7.7p1-4 unstable branch . Patches have also trickled down Vulnerability-related.PatchVulnerability to Debian , and most likely other Linux distros .

Apache Software Foundation has patched Vulnerability-related.PatchVulnerability a remote code execution vulnerability affecting Vulnerability-related.DiscoverVulnerability the Jakarta Multipart parser in Apache Struts . Administrators need to update Vulnerability-related.PatchVulnerability the popular Java application framework or put workarounds in place because the vulnerability is actively being targeted in attacks . The issue affects Vulnerability-related.DiscoverVulnerability Apache Struts versions 2.3.5 through 2.3.31 and versions 2.5 through 2.5.10 . The presence of vulnerable code is enough to expose the system to attack—the web application doesn ’ t need to implement file upload for attackers to exploit Vulnerability-related.DiscoverVulnerability the flaw , said Vulnerability-related.DiscoverVulnerability researchers from Cisco Talos . Talos “ found a high number of exploitation events , ” said Cisco threat researcher Nick Biasini . “ With exploitation actively underway , Talos recommends immediate upgrading if possible or following the workaround referenced in the above security advisory ” . The remote code execution vulnerability ( CVE-2017-5638 ) in the Jakarta Multipart parser is the result of improper handling of the Content-Type header , Apache said Vulnerability-related.DiscoverVulnerability in its emergency security advisory . The header indicates the media type of the resource , such as when the client tells the server what type of data was sent as part of a POST or PUT request , or the server telling the client what type of content is being returned as part of the response . The flaw is triggered when Struts parses a malformed Content-Type HTTP header and lets attackers remotely take complete control of the system without needing any kind of authentication .

Troubled browser has once again come under attack , with flaw discovered Vulnerability-related.DiscoverVulnerability in multiple versions of Internet Explorer . Microsoft has been forced to issue Vulnerability-related.PatchVulnerability an emergency security patch for its Internet Explorer browser . The release came after Google security engineer Clement Lecigne uncovered Vulnerability-related.DiscoverVulnerability a critical vulnerability in several versions of Microsoft 's browser , and could have been activated simply by directing users to a malicious website The flaw , known as CVE-2018-8653 , affects Vulnerability-related.DiscoverVulnerability Internet Explorer 9 , 10 and 11 , with the update issued Vulnerability-related.PatchVulnerability to Windows 7 , 8.1 and 10 versions , as well as Windows Server 2008 , 2012 , 2016 and 2019 . `` A remote code execution vulnerability exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer , '' Microsoft stated in its support document for the threat . `` The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . '' The company has issued Vulnerability-related.PatchVulnerability a fix for the flaw now , outside of its typical Patch Tuesday security cycle , signifying it is a significant threat and should be patched Vulnerability-related.PatchVulnerability immediately . Microsoft has gradually retired Internet Explorer from public view over the past few years as it focuses on its newer browser Edge , with only customised versions available to certain business users . The company may also be about to pull the plug on Edge as well , with report recently confirming Microsoft is set to introduce a new browser built on Google 's Chromium platform .

Microsoft has issued Vulnerability-related.PatchVulnerability an emergency , out-of-band patch for an Internet Explorer zero-day that was being actively exploited Vulnerability-related.DiscoverVulnerability in targeted attacks . The company says that it learned about the vulnerability through a report from Google . CVE-2018-8653 affects Vulnerability-related.DiscoverVulnerability a range of versions of Internet Explorer from 9 to 11 , across Windows 7 to 10 and Windows Server . The vulnerability amounts to a remote code execution exploit , and it was first spotted Vulnerability-related.DiscoverVulnerability by Google 's Threat Analysis Group . Microsoft explains Vulnerability-related.DiscoverVulnerability that a problem with Internet Explorer 's scripting engine could be exploited Vulnerability-related.DiscoverVulnerability by an attacker to execute arbitrary code on a victim 's computer . In a short security advisory , the company says : Today , we released Vulnerability-related.PatchVulnerability a security update for Internet Explorer after receiving a report Vulnerability-related.DiscoverVulnerability from Google about a new vulnerability being used in targeted attacks . Customers who have Windows Update enabled and have applied Vulnerability-related.PatchVulnerability the latest security updates , are protected automatically . We encourage customers to turn on automatic updates . Microsoft would like to thank Google for their assistance . In a more detailed security vulnerability posting , Microsoft explains the impact of the problem : A remote code execution vulnerability exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer . The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could gain the same user rights as the current user . If the current user is logged on with administrative user rights , an attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could take control of an affected system . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . In a web-based attack scenario , an attacker could host a specially crafted website that is designed Attack.Phishing to exploit the vulnerability through Internet Explorer and then convince Attack.Phishing a user to view the website , for example , by sending Attack.Phishing an email . The security update addresses Vulnerability-related.PatchVulnerability the vulnerability by modifying Vulnerability-related.PatchVulnerability how the scripting engine handles objects in memory .

Cisco has released Vulnerability-related.PatchVulnerability fixes for 34 flaws in its software , including 24 that affect Vulnerability-related.DiscoverVulnerability its FXOS software for Firepower firewalls and NX-OS software for Nexus switches . Cisco 's June updates include fixes for five critical arbitrary code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability FXOS and NX-OS and 19 high-rated flaws affecting Vulnerability-related.DiscoverVulnerability the software . Four of the critical flaws affect Vulnerability-related.DiscoverVulnerability FXOS and NX-OS Cisco Fabric Services , while the fifth one affects Vulnerability-related.DiscoverVulnerability the NX-API feature of NX-OS . All have a CVSS v3 score of 9.8 out of a maximum of 10 . Cisco Fabric Services facilitate distribution and synchronization of configuration data between Cisco devices on the same network . Some of the flaws allow an unauthenticated , remote attack to execute arbitrary code and one allows an attacker to do so as root . Multiple switches are vulnerable Vulnerability-related.DiscoverVulnerability if they 've been configured to use Cisco Fabric Services , including its Nexus 2000 series through to Nexus 9000 series switches , as well as Cisco 's Firepower 4100 Series Next-Gen Firewalls and other hardware . The insufficient input validation may occur when FXOS and NX-OS process Cisco Fabric Services packets received during distribution and synchronization . There are various ways to exploit each of the flaws , depending on what Cisco Fabric Services distribution types have been configured . For example , if Fibre Channel ports are configured as a distribution type for a device , the attack could occur via Fibre Channel over Ethernet ( FCoE ) or Fibre Channel over IP ( FCIP ) . Cisco has already rolled out Vulnerability-related.PatchVulnerability fixes in some releases of FXOS and NX-OS . Cisco posted a blog this week explaining why it often fixes Vulnerability-related.PatchVulnerability bugs in IOS and NX-OS releases before disclosing Vulnerability-related.DiscoverVulnerability them in an advisory . It 's a practice that appears to cause confusion for customers wondering why it has n't told them fixed code has been available Vulnerability-related.PatchVulnerability for several months before it discloses Vulnerability-related.DiscoverVulnerability them . Cisco 's answer is that some flaws affect Vulnerability-related.DiscoverVulnerability more than 50 versions of its software . `` There have been some questions as to why creating Vulnerability-related.PatchVulnerability fixes and releasing Vulnerability-related.PatchVulnerability updates can take several weeks , or sometimes even months , before an advisory is published , '' Cisco 's Customer Assurance Security Programs team wrote . `` In some cases , there is a large number of supported software versions to be updated . The number of affected versions that will be updated Vulnerability-related.PatchVulnerability can range from single digits to nearly 50 or more . We are committed to issuing Vulnerability-related.PatchVulnerability fixes for every one of those supported versions . '' `` If we disclosed Vulnerability-related.DiscoverVulnerability the vulnerability after only fixing Vulnerability-related.PatchVulnerability one release , we would unnecessarily expose all customers running Vulnerability-related.PatchVulnerability other releases to potential exploitation once details about the attack itself became public . '' There are also 10 medium-severity flaws , including one that affects Vulnerability-related.DiscoverVulnerability some WebEx endpoints due to an already disclosed flaw in Nvidia 's Tegra TX1 chips .

Admins can now grab Cisco 's updates for 13 high-severity flaws affecting Vulnerability-related.DiscoverVulnerability gear that uses its IOS and IOS XE networking software . All the bugs have been rated as having a high security impact because they could be used to gain elevated privileges or jam a device with denial-of-service ( DoS ) attacks . The company also has fixes available Vulnerability-related.PatchVulnerability for 11 more flaws outlined in 10 advisories with a medium-severity rating , most of which also address Vulnerability-related.PatchVulnerability issues in IOS and IOS XE , the Linux-based train of Cisco 's popular networking operating system . The updates for the 13 high-severity IOS and IOS XE flaws are part of Cisco 's scheduled twice-yearly patch bundle for this software targeted for September . The company reported Vulnerability-related.DiscoverVulnerability this week that some IOS XE releases were among 88 Cisco products vulnerable to the DoS attack on Linux systems known as FragmentSmack . And earlier this month it plugged Vulnerability-related.PatchVulnerability a critical hard-coded password bug in its video surveillance software . None of the flaws in the latest advisory is known to have been used in attacks and Cisco is n't aware of any public disclosures . Some of the higher severity flaws include a DoS flaw affecting Vulnerability-related.DiscoverVulnerability the IOS XE Web UI , which could allow a remote attacker to trigger a reload of the device by sending special HTTP requests to the UI . An unauthenticated attacker could exploit this bug in IOS XE releases prior to 16.2.2 , while 16.2.2 and later require authentication . Another DoS flaw is rooted in the IPsec driver code of multiple Cisco IOS XE platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ( ASA ) . The buggy code improperly processes malformed IPsec Authentication Header ( AH ) or Encapsulating Security Payload ( ESP ) packets . `` An attacker can exploit this vulnerability by using a crafted ESP or AH packet that meets several other conditions , such as matching the IPsec SA SPI and being within the correct sequence window , '' notes Cisco . This flaw affects Vulnerability-related.DiscoverVulnerability six ASR 1000 Series Aggregation Services Routers , and two 4000 Series Integrated Routers . Cisco notes Vulnerability-related.DiscoverVulnerability that its software is affected Vulnerability-related.DiscoverVulnerability if the system has been modified from its default state and configured to terminate IPsec VPN connections , such as LAN-to-LAN VPN , and remote access VPN , but not SSL VPN .

Cisco has resolved Vulnerability-related.PatchVulnerability a set of critical vulnerabilities in Policy Suite which permit attackers to cause havoc in the software 's databases . This week , the tech giant released Vulnerability-related.PatchVulnerability a security advisory detailing four vulnerabilities which could place enterprise users at risk of information leaks , account compromise , database tampering , and more . The first vulnerability , CVE-2018-0374 , has earned a CVSS base score of 9.8 . Described as Vulnerability-related.DiscoverVulnerability an unauthenticated bypass bug , the security flaw `` could allow an unauthenticated , remote attacker to connect directly to the Policy Builder database , '' according to Cisco . The bug has been caused by a simple lack of authentication and as there is no requirement for identity verification , Policy Builder databases can be accessed and tampering with without limitation . Cisco Policy Suite releases prior to 18.2.0 are affected Vulnerability-related.DiscoverVulnerability . The second vulnerability , CVE-2018-0375 , is a default password error . The CVSS 9.8 bug is present in Vulnerability-related.DiscoverVulnerability the Cluster Manager of Cisco Policy Suite and could allow an unauthenticated , remote attacker to log in to a vulnerable system using a root account . The serious security problem has emerged Vulnerability-related.DiscoverVulnerability due to the use of undocumented , static user credentials for root accounts . If a hacker has knowledge of these credentials , they can become a root user and are able to execute arbitrary commands . Versions of the software prior to 18.2.0 are vulnerable Vulnerability-related.DiscoverVulnerability to exploit . The third bug , CVE-2018-0376 , is another unauthenticated access problem and is also caused by a lack of authentication measures . `` A successful exploit could allow the attacker to make changes to existing repositories and create new repositories , '' Cisco says Vulnerability-related.DiscoverVulnerability . Cisco Policy Suite versions prior to 18.2.0 are affected Vulnerability-related.DiscoverVulnerability . The fourth security flaw , CVE-2018-0377 , affects Vulnerability-related.DiscoverVulnerability the Open Systems Gateway initiative ( OSGi ) interface of Cisco Policy Suite . There is a lack of authentication within the OSGi interface which permits attackers to circumvent security processes and directly connect to the interface , access any files contained within they wish , and modify any content which is accessible through the process . This vulnerability impacts Vulnerability-related.DiscoverVulnerability Policy Suite versions prior to 18.1.0 . There are no workarounds to circumvent these vulnerabilities . However , patches have been issued to address Vulnerability-related.PatchVulnerability them and Cisco says that no reports have been received which indicate the bugs are being exploited Vulnerability-related.DiscoverVulnerability in the wild . In addition , Cisco has revealed Vulnerability-related.DiscoverVulnerability seven now-patched bugs affecting Vulnerability-related.DiscoverVulnerability SD-WAN solutions . The vulnerabilities included command injection security flaws , a remote code execution bug , and arbitrary file overwrite issues .

A few days ago , Microsoft issued Vulnerability-related.PatchVulnerability an emergency patch for Internet Explorer to fix Vulnerability-related.PatchVulnerability a zero-day vulnerability in the web browser . The problem affects Vulnerability-related.DiscoverVulnerability versions of Internet Explorer from 9 to 11 across multiple versions of Windows , but it seems that the patch has been causing problems for many people . Specifically , people with some Lenovo laptops have found that after installing Vulnerability-related.PatchVulnerability the KB4467691 patch they are unable to start Windows . When the patch was released Vulnerability-related.PatchVulnerability , it was known that there were a few issues with older versions of Windows 10 -- for example , problems with the .NET framework , and with web links in the Start menu . But since the initial release , Microsoft has updated Vulnerability-related.PatchVulnerability the patch page to indicate Vulnerability-related.DiscoverVulnerability a further potential problem with some Lenovo laptops : After installing KB4467691 , Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM . The company goes on to suggest a couple of possible workarounds for those running into issues : Restart the affected machine using the Unified Extensible Firmware Interface ( UEFI ) . Disable Secure Boot and then restart . If BitLocker is enabled on your machine , you may have to go through BitLocker recovery after Secure Boot has been disabled . Microsoft says that it is `` working with Lenovo and will provide Vulnerability-related.PatchVulnerability an update in an upcoming release '' .

Microsoft today released Vulnerability-related.PatchVulnerability an emergency software patch to plug Vulnerability-related.PatchVulnerability a critical security hole in its Internet Explorer ( IE ) Web browser that attackers are already using to break into Windows computers . The software giant said Vulnerability-related.DiscoverVulnerability it learned Vulnerability-related.DiscoverVulnerability about the weakness ( CVE-2018-8653 ) after receiving a report Vulnerability-related.DiscoverVulnerability from Google about a new vulnerability being used in targeted attacks . Satnam Narang , senior research engineer at Tenable , said Vulnerability-related.DiscoverVulnerability the vulnerability affects Vulnerability-related.DiscoverVulnerability the following installations of IE : Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012 , 2016 and 2019 ; IE 9 on Windows Server 2008 ; and IE 10 on Windows Server 2012 . “ As the flaw is being actively exploited Vulnerability-related.DiscoverVulnerability in the wild , users are urged to update Vulnerability-related.PatchVulnerability their systems as soon as possible to reduce the risk of compromise , ” Narang said . According to a somewhat sparse advisory about the patch , malware or attackers could use the flaw to break into Windows computers simply by getting a user to visit a hacked or booby-trapped Web site . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . Microsoft says users who have Windows Update enabled and have applied Vulnerability-related.PatchVulnerability the latest security updates are protected automatically . Windows 10 users can manually check for updates this way ; instructions on how to do this for earlier versions of Windows are here .

The bug was found Vulnerability-related.DiscoverVulnerability in the core infrastructure of Apache Struts 2 . The Apache Software Foundation has patched Vulnerability-related.PatchVulnerability a critical security vulnerability which affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Uncovered Vulnerability-related.DiscoverVulnerability by researchers from cybersecurity firm Semmle , the security flaw is caused by the insufficient validation of untrusted user data in the core Struts framework . When Apache Struts uses results with no namespace and in the same time , upper actions have no wild namespace . The same opportunity for exploit exists when the URL tag is in use and there is no value or action set . As the bug , CVE-2018-11776 , has been discovered Vulnerability-related.DiscoverVulnerability in the Struts core , the team says there are multiple attack vectors threat actors could use to exploit the vulnerability . If the alwaysSelectFullNamespace flag is set to true in the Struts configuration , which is automatically the case when the Struts Convention plugin is in use , or if a user 's Struts configuration file contains a tag that does not specify the optional namespace attribute or specifies a wildcard namespace . Man Yue Mo from the Semmle Security Research Team first reported Vulnerability-related.DiscoverVulnerability the flaw . `` This vulnerability affects Vulnerability-related.DiscoverVulnerability commonly-used endpoints of Struts , which are likely to be exposed , opening up an attack vector to malicious hackers , '' Mo says Vulnerability-related.DiscoverVulnerability . `` On top of that , the weakness is related to the Struts OGNL language , which hackers are very familiar with , and are known to have been exploited Vulnerability-related.DiscoverVulnerability in the past . '' The vulnerability affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Companies which use the popular open-source framework are urged to update their builds immediately . Users of Struts 2.3 are advised to upgrade Vulnerability-related.PatchVulnerability to 2.3.35 ; users of Struts 2.5 need to upgrade Vulnerability-related.PatchVulnerability to 2.5.17 . As the latest releases only contain Vulnerability-related.PatchVulnerability fixes for the vulnerability , Apache does not expect users to experience any backward compatibility issues . `` Previous disclosures Vulnerability-related.DiscoverVulnerability of similarly critical vulnerabilities have resulted in exploits being published Vulnerability-related.DiscoverVulnerability within a day , putting critical infrastructure and customer data at risk , '' Semmle says . `` All applications that use Struts are potentially vulnerable Vulnerability-related.DiscoverVulnerability , even when no additional plugins have been enabled . '' Mo first reported Vulnerability-related.DiscoverVulnerability the findings in April . By June , the Apache Struts team published the code which resolved Vulnerability-related.PatchVulnerability the problem , leading to the release Vulnerability-related.PatchVulnerability of official patches on August 22 .

Juniper Networks has released Vulnerability-related.PatchVulnerability its first cluster of security updates for 2019 , with the patches addressing Vulnerability-related.PatchVulnerability vulnerabilities in various products developed by the US networking equipment firm . Among the 19 security advisories released on Wednesday is a critical bug impacting Vulnerability-related.DiscoverVulnerability Junos OS , the FreeBSD-based operating system used in Juniper ’ s routers . CVE-2019-0006 affects Vulnerability-related.DiscoverVulnerability Junos OS versions 14.1X53 , 15.1 , 15.1X53 , where it was found Vulnerability-related.DiscoverVulnerability that a specially crafted HTTP packet could crash the fxpc daemon or could potentially lead to remote code execution ( RCE ) . Also marked as critical is CVE-2019-0007 , which addresses Vulnerability-related.PatchVulnerability a vulnerability in vMX series virtual routers running Junos OS 15.1 . “ The vMX series software uses a predictable IP ID Sequence Number , ” said Juniper . “ This leaves the system as well as clients connecting through the device susceptible to a family of attacks. ” Patches have also been released Vulnerability-related.PatchVulnerability for eight vulnerabilities in the libxml2 software library that impact Vulnerability-related.DiscoverVulnerability Junos OS . Eight additional security updates have been released Vulnerability-related.PatchVulnerability by Juniper that feature mitigations for high-level impact bugs , while a further six deal with less severe flaws . Multiple vulnerabilities were also discovered Vulnerability-related.DiscoverVulnerability in Juniper ’ s Advanced Threat Prevention ( ATP ) cloud security service . And finally , Juniper said nearly 40 vulnerabilities have been resolved Vulnerability-related.PatchVulnerability in the Junos Space Network Management Platform 18.3R1 and 18.4R1 by upgrading Vulnerability-related.PatchVulnerability third party components or fixing Vulnerability-related.PatchVulnerability internally discovered security vulnerabilities . Commenting on the advisories , the National Cybersecurity and Communications Integration Center ( NCCIC ) , said : “ Users and administrators should review Juniper ’ s Security Advisories webpage and apply the necessary updates . ”

Researchers from security firm ERPScan have disclosed Vulnerability-related.DiscoverVulnerability a vulnerability in the SAP GUI application which it has described as Vulnerability-related.DiscoverVulnerability perhaps the most dangerous SAP issue since 2011 , as it affects not only every SAP customer but also every user . The vulnerability allows an attacker to make all endpoints with compromised SAP GUI clients automatically install malware that locks their computers when an SAP user logs in to the system . When the user next logs into the SAP GUI application , the malicious software will run and prevent them from logging on to SAP Server . Firstly , in this case , patching process is especially laborious and time-consuming , as the vulnerability affects Vulnerability-related.DiscoverVulnerability client side , so an SAP administrator has to apply Vulnerability-related.PatchVulnerability the patch on every endpoint with SAP GUI in a company and a typical enterprise has thousands of them , ” said Vulnerability-related.DiscoverVulnerability Vahagn Vardanyan , senior security researcher , ERPScan . The vulnerability was patched Vulnerability-related.PatchVulnerability by SAP with a fix as part of its March Security Note 2407616 . An SAP spokesperson confirmed that a SAP GUI vulnerability was fixed Vulnerability-related.PatchVulnerability in the March Patch Day , with further details available via this blog post . “ It has a priority of High , based on CVSS rating of 8.0 ( but not Very High ) . We have no information or evidence of this vulnerability being exploited Vulnerability-related.DiscoverVulnerability at a customer but advise all customers to patch Vulnerability-related.PatchVulnerability their infrastructure immediately . Customers are required to apply Vulnerability-related.PatchVulnerability the SAP GUI patch released Vulnerability-related.PatchVulnerability on their landscape using their standard client software distribution and update tools ( which they would have in place for end-user software licensed from other vendors as well ) , ” the spokesperson said . Pingback : SAP GUI vulnerability “ most dangerous ” since 201

Splunk has patched Vulnerability-related.PatchVulnerability a slip in its JavaScript implementation that leaks Attack.Databreach user information . The advisory at Full Disclosure explains that the leak Attack.Databreach happens if an attacker tricks Attack.Phishing an authenticated user into visiting a malicious Web page . It only leaks Attack.Databreach the username , and whether or not that user has enabled remote access ; but this would provide enough for an attacker to try follow-up phishing attacks Attack.Phishing to try and get the user 's credentials . The bug , the advisory says Vulnerability-related.DiscoverVulnerability , is how Splunk used Object prototypes in JavaScript . Here 's the proof-of-concept JavaScript from the advisory : The issue affects Vulnerability-related.DiscoverVulnerability Splunk Enterprise versions 6.5.x before 6.5.3 , 6.4.x before 6.4.6 , 6.3.x before 6.3.10 , 6.2.x before 6.2.13.1 , 6.1.x before 6.1.13 , 6.0.x before 6.0.14 , 5.0.x before 5.0.18 and Splunk Light before 6.5.2 , and the company has issued Vulnerability-related.PatchVulnerability patches for all versions

Researchers at Germany-based security firm Cure53 have conducted a 32-day audit of the Network Time Protocol ( NTP ) and the NTPsec project and discovered Vulnerability-related.DiscoverVulnerability more than a dozen vulnerabilities . Experts identified Vulnerability-related.DiscoverVulnerability a total of 16 security-related issues , including 8 weaknesses that only affect Vulnerability-related.DiscoverVulnerability NTP and two that only impact Vulnerability-related.DiscoverVulnerability NTPsec , which is meant to be a secure , hardened and improved implementation of NTP . Cure53 has published separate reports focusing on the NTP and NTPsec problems . The Network Time Foundation addressed Vulnerability-related.PatchVulnerability the flaws earlier this month with the release of ntp-4.2.8p10 . Cure53 has classified Vulnerability-related.DiscoverVulnerability one vulnerability as being critical . CVE-2017-6460 , which only affects Vulnerability-related.DiscoverVulnerability NTP , has been described Vulnerability-related.DiscoverVulnerability as a stack-based buffer overflow that can be triggered by a malicious server when a client requests the restriction list . The flaw can be exploited Vulnerability-related.DiscoverVulnerability to cause a crash and possibly to execute arbitrary code . The security holes rated Vulnerability-related.DiscoverVulnerability by Cure53 as high severity are CVE-2017-6463 and CVE-2017-6464 , both of which can be exploited Vulnerability-related.DiscoverVulnerability for DoS attacks . It ’ s worth noting that while some of the vulnerabilities have been classified Vulnerability-related.DiscoverVulnerability as critical and high severity by Cure53 , NTP developers have only assigned Vulnerability-related.DiscoverVulnerability medium , low and informational-level severity ratings to the discovered flaws . Ntp-4.2.8p10 patches Vulnerability-related.PatchVulnerability a total of 15 vulnerabilities and also includes just as many non-security fixes and improvements . Of the 15 security holes resolved Vulnerability-related.PatchVulnerability in the latest version , 14 were discovered Vulnerability-related.DiscoverVulnerability by Cure53 , which also noticed Vulnerability-related.DiscoverVulnerability that a flaw initially patched Vulnerability-related.PatchVulnerability in December 2014 was reintroduced Vulnerability-related.DiscoverVulnerability in November 2016 . One of the vulnerabilities fixed Vulnerability-related.PatchVulnerability in ntp-4.2.8p10 was reported Vulnerability-related.DiscoverVulnerability by researchers at Cisco Talos . Experts identified Vulnerability-related.DiscoverVulnerability a DoS vulnerability affecting Vulnerability-related.DiscoverVulnerability the origin timestamp check functionality

This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers ' virtualized servers share the same underlying hardware . The open-source Xen hypervisor is used by cloud computing providers and virtual private server hosting companies , as well as by security-oriented operating systems like Qubes OS . The new vulnerability affects Vulnerability-related.DiscoverVulnerability Xen 4.8.x , 4.7.x , 4.6.x , 4.5.x , and 4.4.x and has existed in the Xen code base for over four years . It was unintentionally introduced Vulnerability-related.DiscoverVulnerability in December 2012 as part of a fix for a different issue . The Xen project released Vulnerability-related.PatchVulnerability a patch Tuesday that can be applied manually to vulnerable deployments . The good news is that the vulnerability can only be exploited Vulnerability-related.DiscoverVulnerability from 64-bit paravirtualized guest operating systems . Xen supports two types of virtual machines : Hardware Virtual Machines ( HVMs ) , which use hardware-assisted virtualization , and paravirtualized ( PV ) VMs that use software-based virtualization . Based on whether they use PV VMs , Xen users might be affected or not . For example , Amazon Web Services said in Vulnerability-related.DiscoverVulnerability an advisory that its customers ' data and instances were not affected Vulnerability-related.DiscoverVulnerability by this vulnerability and no customer action is required . Meanwhile , virtual private server provider Linode had to reboot some of its legacy Xen servers in order to apply Vulnerability-related.PatchVulnerability the fix . Qubes OS , an operating system that uses Xen to isolate applications inside virtual machines , also put out an advisory warning Vulnerability-related.DiscoverVulnerability that an attacker who exploits another vulnerability , for example inside a browser , can exploit Vulnerability-related.DiscoverVulnerability this Xen issue to compromise the whole Qubes system . The Qubes developers have released Vulnerability-related.PatchVulnerability a patched Xen package for Qubes 3.1 & 3.2 and reiterated their intention to stop using paravirtualization altogether in the upcoming Qubes 4.0 . Vulnerabilities that allow breaking the isolation layer of virtual machines can be very valuable for attackers .

The bug affects Vulnerability-related.DiscoverVulnerability all supported versions of Microsoft Word , but will be fixed Vulnerability-related.PatchVulnerability this week . Unlike most document-related vulnerabilities , this zero-day bug that has yet to be patched Vulnerability-related.PatchVulnerability does n't rely on macros -- in which Office typically warns users of risks when opening macro-enabled files . Instead , the vulnerability is triggered when a victim opens a trick Word document , which downloads a malicious HTML application from a server , disguised to look like Attack.Phishing a Rich Text document file as a decoy Attack.Phishing . The HTML application meanwhile downloads and runs a malicious script that can be used to stealthily install malware . Researchers at McAfee , who first reported the discovery Vulnerability-related.DiscoverVulnerability on Friday , said Vulnerability-related.DiscoverVulnerability because the HTML application is executable , the attacker can run code on the affected computer while evading memory-based mitigations designed to prevent these kinds of attacks . The issue relates to the Windows Object Linking and Embedding ( OLE ) function , which allows an application to link and embed content to other documents , according to researchers . The Windows OLE feature is used primarily in Office and Windows ' in-built document viewer WordPad , but has been the cause of numerous vulnerabilities over the past few years . The researchers recently focused a Black Hat talk on the Windows OLE attack surface . The bug can be exploited Vulnerability-related.DiscoverVulnerability on all versions of Office , including the latest Office 2016 running on Windows 10 , and have spotted attacks in the wild since January . A Microsoft spokesperson confirmed that the company will issue Vulnerability-related.PatchVulnerability a fix for the bug on Tuesday as part of its monthly release Vulnerability-related.PatchVulnerability of security fixes and patches .

Microsoft is aware of the zero-day , but it 's highly unlikely it will be able to deliver Vulnerability-related.PatchVulnerability a patch until its next Patch Tuesday , which is scheduled in three days . McAfee researchers , who disclosed Vulnerability-related.DiscoverVulnerability the zero-day 's presence , say Vulnerability-related.DiscoverVulnerability they 've detected Vulnerability-related.DiscoverVulnerability attacks leveraging this unpatched vulnerability going back to January this year . Attacks with this zero-day follow a simple scenario , and start with an adversary emailing a victim a Microsoft Word document . The Word document contains a booby-trapped OLE2link object . If the victim uses Office Protected View when opening files , the exploit is disabled and wo n't execute . If the user has disabled Protected View , the exploit executes automatically , making an HTTP request to the attacker 's server , from where it downloads an HTA ( HTML application ) file , disguised as Attack.Phishing an RTF . The HTA file is executed automatically , launching exploit code to take over the user 's machine , closing the weaponized Word file , and displaying a decoy document instead . According to FireEye , `` the original winword.exe process is terminated in order to hide a user prompt generated by the OLE2link . '' While the attack uses Word documents , OLE2link objects can also be embedded in other Office suite applications , such as Excel and PowerPoint . McAfee experts say Vulnerability-related.DiscoverVulnerability the vulnerability affects Vulnerability-related.DiscoverVulnerability all current Office versions on all Windows operating systems . The attack routine does not rely on enabling macros , so if you do n't see a warning for macro-laced documents , that does n't mean the document is safe .

A particular TP-Link router model will spew out its admin password in cleatext to anyone that sends an SMS message to the router 's SIM card with a particular script inside , according to German security researcher Jan Hörsch , who shared Vulnerability-related.DiscoverVulnerability his findings with German newspaper Heise.de . The vulnerability affects Vulnerability-related.DiscoverVulnerability TP-Link model M5350 , a 3G mobile Wi-Fi router , often distributed by mobile telco providers to their customers , along with a SIM card they insert in the router . This SIM card allows the router to connect to the mobile operator 's network , and just like any SIM card , has its own telephone number . In an online conversation with Bleeping Computer , Hörsch , who 's a researcher for German cyber-security firm Securai , says that after he analyzed the router 's firmware , he discovered Vulnerability-related.DiscoverVulnerability a vulnerability in the feature that handles incoming SMS messages . By sending the following SMS , the router would answer back with the admin account password , the Wi-Fi network SSID , and the Wi-Fi network 's password . The issue is n't as dangerous as it sounds , mainly because the attacker needs to know the router SIM card 's phone number in order to exploit it , Hörsch told Bleeping Computer . This issue is one of many the researcher discovered Vulnerability-related.DiscoverVulnerability in recent months in various devices . His findings were summarized and presented in a talk at the recently concluded Kaspersky Security Analyst Summit ( SAS ) , held last week . In the same talk , Hörsch also presented Vulnerability-related.DiscoverVulnerability several other vulnerabilities that allowed him to obtain root access to Hootoo Travelmate and Trendnet TEW714TRU routers and Vstarcam webcams . Other vulnerabilities the researcher discovered Vulnerability-related.DiscoverVulnerability and presented Vulnerability-related.DiscoverVulnerability at SAS include the presence of a hardcoded Telnet password in Startech modems , and a very simple to exploit authentication bypass for Panasonic BM ET200 retina scanners , which allowed anyone access to the admin panel just by deleting a few parameters in an URL . His presentation Vulnerability-related.DiscoverVulnerability also detailed Vulnerability-related.DiscoverVulnerability several flaws in Western Digital MyCloud NAS hard drives , some of which were made public at the start of March by another researcher who disclosed Vulnerability-related.DiscoverVulnerability the bugs .

A new variant of the IoT/Linux botnet “ Tsunami ” has been identified by Unit 42 researchers , according to a blog post by Palo Alto Networks . Co-authored by Claud Xiao , Cong Zheng and Yanhui Jia , the post names the new variant as Amnesia , a botnet that targets an unpatched remote code execution vulnerability . This vulnerability was publicly disclosed Vulnerability-related.DiscoverVulnerability over a year ago in March 2016 in DVR ( digital video recorder ) devices made by TVT Digital and branded by over 70 vendors across the globe . This unpatched remote code execution vulnerability affects Vulnerability-related.DiscoverVulnerability about 227,000 devices around the world especially Taiwan , the United States , Israel , Turkey , and India . The researchers note that the Amnesia malware is the first Linux malware to adopt virtual machine evasion techniques to defeat malware analysis sandboxes . Typically , these virtual machine evasion techniques are more commonly associated with Microsoft Windows and Google Android malware . Amnesia aims to detect whether it ’ s running in a VirtualBox , VMware or QEMU-based virtual machine . Once these environments are detected , Amnesia will wipe the virtualized Linux system by deleting all the files in file system . Eventually the deletion will impact Linux malware analysis sandboxes and also some QEMU-based Linux servers on VPS or on public cloud . Although the Amnesia botnet hasn ’ t yet been used to mount large scale attacks , it has the potential to cause large-scale harm using IoT-based botnets .

Security researchers from Neseso are sounding the alarm on a vulnerability they 've discovered Vulnerability-related.DiscoverVulnerability in Samsung smart TVs that Samsung declined to fix Vulnerability-related.PatchVulnerability . The security flaw affects Vulnerability-related.DiscoverVulnerability Wi-Fi Direct , a Wi-Fi standard that enables devices to connect with each other without requiring a wireless access point . Smasung uses Wi-Fi Direct with its smart TVs to allow TV owners to connect to the TV via their phones , laptops , or tablets , directly , and not through the local access point . Neseso researchers claim Vulnerability-related.DiscoverVulnerability that Samsung has failed Vulnerability-related.DiscoverVulnerability in the implementation of this standard , as Samsung TVs only use MAC addresses to authenticate users . Other vendors use more solid authentication systems based on a Push-Button or PIN . Because anyone can sniff and spoof MAC addresses , this vulnerability opens the user 's TV to getting hacked by anyone in the range of the TV 's Wi-Fi Direct coverage . `` Once connected , the attacker has access to all the services provided by the TV , such as remote control service or DNLA screen mirroring , '' Neseso researchers wrote in their report . The dangers are palpable for companies , as most have smart TVs in their offices , employee lounges , customer waiting rooms , or board rooms . Worse is that the Samsung smart TV Wi-Fi Direct feature is enabled by default every time the device boots up . Users are notified on screen when a whitelisted device connects to the TV via Wi-Fi Direct , but those warnings could be misinterpreted by TV owners , or missed altogether if nobody 's watching the TV . Contacted by Neseso in mid-March , Samsung answered it does n't view this feature as a security risk and declined to provide Vulnerability-related.PatchVulnerability a firmware update , telling Neseso they do n't view this issue as a `` security threat . '' Researchers tested their attack on Samsung UN32J5500 Firmware version 1480 , but say that other versions are most likely vulnerable Vulnerability-related.DiscoverVulnerability as well . There is currently no workaround for protecting against attacks via Wi-Fi Direct except turning off the feature every time you boot/reboot your device . Earlier this month , at the Security Analyst Summit 2017 , security expert Amihai Neiderman disclosed Vulnerability-related.DiscoverVulnerability about the presence of 40 zero-day vulnerabilities in Tizen , the operating system that runs on Samsung smart TVs . The flaws were all unpatched Vulnerability-related.PatchVulnerability at the time they were reported Vulnerability-related.DiscoverVulnerability .

Intel is reporting Vulnerability-related.DiscoverVulnerability a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade . The vulnerability , disclosed Vulnerability-related.DiscoverVulnerability on Monday , affects Vulnerability-related.DiscoverVulnerability features in Intel firmware that are designed for enterprise IT management . Enterprises using Intel Active Management Technology , Intel Small Business Technology and Intel Standard Manageability on their systems should patch Vulnerability-related.PatchVulnerability them as soon as possible , the company says . The vulnerable firmware features can be found Vulnerability-related.DiscoverVulnerability in some current Core processors and all the way back to Intel 's first-generation Core , called Nehalem , which shipped in 2008 . They 're part of versions 6.0 through 11.6 of Intel 's manageability firmware . No consumer PCs are affected , the company said . Nor are data-center servers running Intel Server Platform Services . Intel Active Management Technology is a feature in Core processors that lets organizations remotely track , manage and secure whole fleets of connected computers . For example , it can be used to monitor and repair retail checkout systems , digital signage and PCs at places like stores , offices and schools . Intel didn ’ t provide Vulnerability-related.DiscoverVulnerability technical details of the vulnerability , but it said Vulnerability-related.DiscoverVulnerability a hacker could use the flaw to take over the remote management functions . In an email , Intel said Vulnerability-related.DiscoverVulnerability it learned Vulnerability-related.DiscoverVulnerability about the vulnerability from a security researcher in March . “ We are not aware Vulnerability-related.DiscoverVulnerability of any exploitation of this vulnerability , ” the company said . Intel said it has prepared Vulnerability-related.PatchVulnerability a patch and is working with manufacturers to roll it out Vulnerability-related.PatchVulnerability to users as soon as possible . Intel ’ s security advisory also lays out steps users can take to find out if they ’ re affected . For example , PCs built with its vPro technology will have the vulnerable Intel Active Management feature .

Polish security expert Dawid Golunski has discovered Vulnerability-related.DiscoverVulnerability a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link , under certain circumstances . The researcher published his findings Vulnerability-related.DiscoverVulnerability yesterday , after reporting Vulnerability-related.DiscoverVulnerability the flaw to the WordPress security team last July . After more than ten months and no progress , Golunski decided to go public and inform Vulnerability-related.DiscoverVulnerability WordPress site owners of this issue so they could protect their sites by other means . The issue , tracked Vulnerability-related.DiscoverVulnerability via the CVE-2017-8295 identifier , affects Vulnerability-related.DiscoverVulnerability all WordPress versions and is related to how WordPress sites put together the password reset emails . According to Golunski , an attacker can craft a malicious HTTP request that triggers a tainted password reset operation by injecting a custom SERVER_NAME variable , such as `` attacker-domain.com '' . This means that when the WordPress site puts together the password reset email , the `` From '' and `` Return-Path '' values will be in the form of `` wordpress @ attacker-domain.com '' . Most users would think this zero-day is useless , as the attacker would n't achieve anything more than sending Attack.Phishing a password reset email to the legitimate site owner , but from the wrong Sender address . These complex exploitation scenarios are most likely the main reason why the WordPress team has not prioritized patching Vulnerability-related.PatchVulnerability this issue until now . The same opinion is shared by security experts from Sucuri , a vendor of web-based security products , recently acquired by GoDaddy . `` The vulnerability exists Vulnerability-related.DiscoverVulnerability , but is not as critical as advertised for several reasons , '' said Sucuri vulnerability researcher Marc Montpas . `` The whole attack relies on the fact that the victim 's email is not accessible at the time the attack is occurring , which greatly reduces the chance of a successful attack . '' His colleague , Denis Sinegubko , also shared his thoughts on the issue . `` After a brief reading and assuming the attack works , it has limited impact as it requires an individual site to be accessible by IP address , so will not work for most sites on shared servers . Only for poorly configured dedicated servers . '' `` The whole attack scenario is theoretically possible but in practice , I do n't see thousands of sites getting hacked because of this vulnerability any time soon , '' Montpas added . But if some users are not willing to take risks , webmasters managing high-value sites looking for a way to prevent exploitation of this zero-day have some options at their dispossable . `` As a temporary solution users can enable UseCanonicalName to enforce [ a ] static SERVER_NAME value , '' Golunski proposes . On Reddit , other users also recommended that site owners `` create a dummy vhost that catches all requests with unrecognized Host headers . '' Depending on your technical prowess , you can also experiment with other mitigations discussed in this Reddit thread , at least until the WordPress team patches Vulnerability-related.PatchVulnerability this issue .

Researchers from Positive Technologies have unearthed Vulnerability-related.DiscoverVulnerability a critical vulnerability ( CVE-2017-6968 ) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions . Checker ATM Security is a specialized security solution aimed at keeping ATMs safe from logical attacks . It does so by enforcing application whitelisting , full hard disk encryption , providing ACL-based control of process execution and resource access , enforcing security policies , restricting attempts to connect peripheral devices , and so on . The found flaw can be exploited Vulnerability-related.DiscoverVulnerability to remotely run code on a targeted ATM , increase the attacker ’ s privileges in the system , and compromise the machine completely . “ To exploit the vulnerability , a criminal would need to pose as Attack.Phishing the control server , which is possible via ARP spoofing Attack.Phishing , or by simply connecting the ATM to a criminal-controlled network connection , ” researcher Georgy Zaytsev explained . “ During the process of generating the public key for traffic encryption , the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution . This can give an attacker full control over the ATM and allow a variety of manipulations , including unauthorized money withdrawal ” . ” When informed Vulnerability-related.DiscoverVulnerability of the vulnerability and provided with test exploits , GMV confirmed Vulnerability-related.DiscoverVulnerability its existence and that it affects Vulnerability-related.DiscoverVulnerability versions 4.x and 5.x of the software , and ultimately pushed Vulnerability-related.PatchVulnerability out a patch , which users are urged to install Vulnerability-related.PatchVulnerability as soon as possible . Exploitation not detected in the wild A company spokesperson has made sure to point out that there is no indication that the vulnerability has been exploited Vulnerability-related.DiscoverVulnerability in attacks in the wild . Also , that exploitation is not that easy , as the attacker must first gain access to the ATM network and log into the target system . “ Secondly , the attack is difficult to be systematically exploited in an ATM network . In order to exploit it , the attacker needs some memory address that are strongly dependent on Windows kernel version , while in Windows XP systems could be theoretically possible to take advantage of the vulnerability , in Windows 7 is almost impossible because those memory address are different in every windows installation , ” the spokesperson told The Register . Like any software , security software is not immune to vulnerabilities and can open systems to exploitation . While antivirus and other security solutions for personal computers are often scrutinized and tested for flaws by third-party researchers , specialized security software has not , so far , received that amount of attention . So , it ’ s good to hear that some researchers have decided to focus on them , and that vendors are positively responding to vulnerability disclosures Vulnerability-related.DiscoverVulnerability .

A security vulnerability in Intel Corp. chips first disclosed Vulnerability-related.DiscoverVulnerability last week looks far worse than initially thought , as hackers can hijack Intel processors without even needing a password . The vulnerability , which affects Vulnerability-related.DiscoverVulnerability all Intel chips manufactured since 2008 , from those code-named Nahalem to today ’ s Kaby Lake , stems from a flaw in vPro firmware suite including Intel Active Management Technology from versions 6 to 11.6 . The security hole allows an unprivileged attacker to gain control of the manageability features provided by the firmware suite , giving a would-be hacker the same access that a systems administrator would have , including the ability to change boot up code and access the computer ’ s mouse , keyboard , monitor and programs installed . Intel argued that access to the vulnerability was fairly limited , in that a password was required to access AMT . But Tenable Network Security Inc . has discovered Vulnerability-related.DiscoverVulnerability that the verification process for AMT accepts a blank password submission . As Rick Falkvinge at Private Internet Access explains : In order to get administrator privileges to the server memory , all you needed to do was to submit a blank password field instead of the expected privileged-access password hash , and you would have unlimited and unlogged read/write access to the entire server memory . With the ability to gain access to an Intel central processing unit as simple as submitting no password , experts are warning that the worst should be presumed . “ If you have anything connected to the Internet with AMT on , disable it now . Assume the server has already been compromised , ” SSH inventor Tatu Ylonen said in a blog post . “ The exploit is trivial , a maximum of five lines of Python , and could be doable in a one-line shell command. ” He said the flaw gives full control of affected machines , including the ability to read and modify everything . “ It can be used to install persistent malware – possibly in the firmware – and read and modify any data . Ylonen recommended that AMT be disabled today and that affected users “ mobilize whomever you need. ” More specifically , he said , “ start from the most critical servers : Active Directory , certificate authorities , critical databases , code signing servers , firewalls , security servers , HSMs ( if they have it enabled ) . ” Data center operators should “ block ports 16992 , 16993 , 16994 , 16995 , 623 , 664 in internal firewalls ” if they can .

Microsoft has released Vulnerability-related.PatchVulnerability an emergency security update to patch Vulnerability-related.PatchVulnerability below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine ( MMPE ) that affects Vulnerability-related.DiscoverVulnerability Windows 7 , 8.1 , RT and 10 computers , as well as Windows Server 2016 operating systems . Google Project Zero 's security researchers have discovered Vulnerability-related.DiscoverVulnerability another critical remote code execution ( RCE ) vulnerability in Microsoft ’ s Windows operating system , claiming that it is something truly bad . Tavis Ormandy announced during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered Vulnerability-related.DiscoverVulnerability `` the worst Windows remote code [ execution vulnerability ] in recent memory . This is crazy bad . Report on the way . '' Ormandy did not provide Vulnerability-related.DiscoverVulnerability any further details of the Windows RCE bug , as Google gives a 90-day security disclosure deadline to all software vendors to patch Vulnerability-related.PatchVulnerability their products and disclose Vulnerability-related.DiscoverVulnerability it to the public . This means the details of the new RCE vulnerability in Windows will likely be disclosed Vulnerability-related.DiscoverVulnerability in 90 days from now even if Microsoft fails to patch Vulnerability-related.PatchVulnerability the issue . However , Ormandy later revealed Vulnerability-related.DiscoverVulnerability some details of the Windows RCE flaw , clarifying that : The vulnerability they claimed to have discovered Vulnerability-related.DiscoverVulnerability works against default Windows installations . The attacker does not need to be on the same local area network ( LAN ) as the victim , which means vulnerable Windows computers can be hacked remotely . The attack is `` wormable , '' capability to spread itself . Despite not even releasing any technical details on the RCE flaw , some IT professionals working for corporates have criticized the Google Project Zero researcher for making the existence of the vulnerability public , while Twitter 's infosec community is happy with the work . `` If a tweet is causing panic or confusion in your organization , the problem is n't the tweet , the problem is your organization , '' Project Zero researcher Natalie Silvanovich tweeted . This is not the first time when Google 's security researchers have discovered Vulnerability-related.DiscoverVulnerability flaws in Microsoft ’ s products . Most recently in February , Google researchers disclosed Vulnerability-related.DiscoverVulnerability the details of an unpatched vulnerability impacting Vulnerability-related.DiscoverVulnerability Microsoft 's Edge and Internet Explorer browsers . Microsoft released Vulnerability-related.PatchVulnerability a patch as part of its next Patch Tuesday but criticized Google for making all details public , exposing millions of its Windows users at risk of being hacked . Microsoft has not yet responded to the latest claims , but the company has its May 2017 Patch Tuesday scheduled tomorrow , May 9 , so hopefully , it will include a security patch to resolve Vulnerability-related.PatchVulnerability this issue .

Last week , Intel revealed Vulnerability-related.DiscoverVulnerability that a serious security flaw in some of its chips left potentially thousands of devices vulnerable to attackers . Then , security researchers revealed Vulnerability-related.DiscoverVulnerability the problem was way worse than anyone initially thought as the vulnerability could allow attackers to remotely `` hijack '' affected machines . It 's still not clear just how many devices are impacted Vulnerability-related.DiscoverVulnerability as Intel has't said , but some in the industry have put the number as high as 8,000 . Here 's a look at what you need to know and how to protect yourself . The vulnerability stems from something called Intel Active Management Technology , ( AMT ) , a technology that allows devices to be remotely managed to make it easier to update software and perform maintenance remotely . It 's a feature typically used by businesses that may be responsible for many devices that may not all be in the same place . Since the technology is integrated at a chip level , AMT can do a bit more than other software-enabled management tools . Using AMT 's capabilities , for instance , a system administrator could remotely access and control a computer 's mouse and keyboard , or turn on a computer that 's already been powered down . While those can be helpful capabilities for corporate IT departments to have , it 's obviously the type of access you 'd want locked down pretty tightly . And that 's just the problem . Security researchers found that AMT 's web portal can be accessed with just the user admin and literally any password or even no password at all . That 's why some have labeled it a `` hijacking '' flaw since anyone who exploits the vulnerability would be able to remotely control so many processes . Most importantly , the flaw does n't impact Vulnerability-related.DiscoverVulnerability every Intel chip out there . Since it 's rooted in Vulnerability-related.DiscoverVulnerability AMT , the vulnerability primarily affects Vulnerability-related.DiscoverVulnerability businesses , though , as Intel points out , some consumers use computers made for businesses . One of the easiest ways to check if you might be affected is to check that Intel sticker that comes on so many PCs . Look for a `` VPro '' logo as that indicates the presence of AMT . Of course , looking for a sticker is hardly foolproof . Intel has also released a downloadable detections guide , which will guide you through the process of checking your machines . You can find the detection guide here . Though Intel has long supplied Apple with chips for Macs , AMT is only present on processors in Windows-based machines , so all Macs are safe from this particular exploit . If you do have a machine that 's impacted by the security flaw , you 'll need to update your firmware as soon as possible . Intel has already created Vulnerability-related.PatchVulnerability a patch and is now waiting on manufacturers to make it available Vulnerability-related.PatchVulnerability . Some , including Dell , Lenovo , HP , and Fujitsu , have already rolled it out . You can find links to those over on Intel 's website , which will be updated Vulnerability-related.PatchVulnerability as more manufacturers release Vulnerability-related.PatchVulnerability updates .

Vanilla Forums open source software suffers Vulnerability-related.DiscoverVulnerability from vulnerabilities that could let an attacker gain access to user accounts , carry out web-cache poisoning attacks , and in some instances , execute arbitrary code . Popular open source forum software suffers Vulnerability-related.DiscoverVulnerability from vulnerabilities that could let an attacker gain access to user accounts , carry out web-cache poisoning attacks , and in some instances , execute arbitrary code . Legal Hackers ‘ Dawid Golunski found Vulnerability-related.DiscoverVulnerability the vulnerabilities , a host header injection and an unauthorized remote code execution vulnerability–in software which is developed by Vanilla Forums . Golunski reported Vulnerability-related.DiscoverVulnerability the issues to Vanilla Forums in January and while a support team acknowledged his reports Vulnerability-related.DiscoverVulnerability , he ’ s experienced five months of silence from the company since , something that prompted him to finally disclose Vulnerability-related.DiscoverVulnerability the vulnerabilities Thursday via his ExploitBox.io service . The researcher confirmed Vulnerability-related.DiscoverVulnerability the vulnerabilities exist in Vulnerability-related.DiscoverVulnerability the most recent , stable version ( 2.3 ) of Vanilla Forums . He presumes Vulnerability-related.DiscoverVulnerability older versions of the forum software are also vulnerable Vulnerability-related.DiscoverVulnerability . When reached Thursday , Lincoln Russell , a senior developer at Vanilla Forums stressed the vulnerabilities , which are in the middle of being fixed Vulnerability-related.PatchVulnerability , only affect Vulnerability-related.DiscoverVulnerability the company ’ s free and open source product . Golunski says Vulnerability-related.DiscoverVulnerability the most concerning vulnerability , the RCE ( CVE-2016-10033 ) stems from a PHPMailer vulnerability he disclosed Vulnerability-related.DiscoverVulnerability last December . An attacker could remotely exploit Vulnerability-related.DiscoverVulnerability the same vulnerability in Vanilla Forums by sending a web request in which a payload is passed within the HOST header . Until a fix is pushed Vulnerability-related.PatchVulnerability Golunski is encouraging users to preset the sender ’ s support email address to a static value to prevent the dynamic creation of an email address , or the use of the HOST header , as a temporary mitigation . Golunski says Vulnerability-related.DiscoverVulnerability the second issue , the host header injection vulnerability ( CVE-2016-10073 ) also affects Vulnerability-related.DiscoverVulnerability version 2.3 of the software . The issue stems from the fact that the forum software uses user-supplied HTTP HOST header when sending emails from the host on which the forum was installed . That means an attacker could use HTTP HOST header to set the email domain to an arbitrary host . It would require user interaction but if exploited Vulnerability-related.DiscoverVulnerability , it ’ s possible the bug could help an attacker intercept Attack.Databreach a password reset hash and gain access Attack.Databreach to a victim ’ s account . An attacker would have send Attack.Phishing the victim an email tricking Attack.Phishing them into clicking through a password reset link , he says . “ The resulting email will have the sender ’ s address set to noreply @ attackers_server . The password reset link will also contain the attacker ’ s server which could allow the attacker to intercept the hash if the victim user clicked on the malicious link , ” Golunski wrote Thursday . It ’ s possible the vulnerability could also lead to web-cache poisoning if the HOST header is used to form links in web responses Golunski says Vulnerability-related.DiscoverVulnerability . According to Russell , when Vanilla Forums responded to Golunski in January it told him the issue would take some time to fix Vulnerability-related.PatchVulnerability due to the “ complexity of unwinding the use of this server variable without breaking the myriad scenarios it can be used for in open source environments. ” Golunski hinted Vulnerability-related.DiscoverVulnerability at the vulnerabilities in Vanilla Forums back in December but didn ’ t name the software . When he disclosed Vulnerability-related.DiscoverVulnerability the initial PHPMailer bug the researcher mentioned that he had developed an unauthenticated RCE exploit for “ a popular open-source application ( deployed on the Internet on more than a million servers ) as a PoC for real-world exploitation. ” Both the Vanilla Forums vulnerabilities and a similar RCE vulnerability in WordPress 4.6 Golunski disclosed Vulnerability-related.DiscoverVulnerability last week both relate to PHPMailer and PHP mail ( ) function injection . “ The exploits and techniques prove that these type of vulnerabilities could be exploited Vulnerability-related.DiscoverVulnerability by unauthenticated attackers via server headers such as HOST header that may be used internally by a vulnerable application to dynamically create a sender address , ” Golunski told Threatpost Thursday , “ This adds to the originally presented attack surface of contact forms that take user input including From/Sender address . ”

UPDATE At DEFCON 22 in 2014 , researchers demonstrated hacks against the Samsung Smartcam that allowed an attacker to remotely take over the device . Samsung ’ s reaction at the time was to remove the web interface enabling the attack rather than patch the code in question . The Exploitee.rs , formerly the GTVHacker group , said users weren ’ t pleased with the response and in turn , decided to take another crack at analyzing Vulnerability-related.DiscoverVulnerability the device for vulnerabilities . On Saturday , the group publicly disclosed Vulnerability-related.DiscoverVulnerability a remote code execution bug it found Vulnerability-related.DiscoverVulnerability in the SNH-1011 Smartcam , and cautioned that it likely exists Vulnerability-related.DiscoverVulnerability in all Samsung Smartcam devices . “ The vulnerability occurs Vulnerability-related.DiscoverVulnerability because of improper sanitization of the iWatch firmware update filename , ” the group wrote Vulnerability-related.DiscoverVulnerability in a technical description of the vulnerability that also included a proof-of-concept exploit and instructions on how to patch Vulnerability-related.PatchVulnerability the flaw . “ A specially crafted request allows an attacker the ability to inject his own command providing the attacker remote root command execution ” . A request for comment from Samsung was not returned in time for publication . A Samsung contact told Threatpost that the vulnerability affects Vulnerability-related.DiscoverVulnerability only the SNH-1011 model and it will be removed Vulnerability-related.PatchVulnerability in an upcoming firmware update . The Exploitee.rs said they were motivated to look further at the cameras because of Samsung ’ s response to their first disclosure Vulnerability-related.DiscoverVulnerability . “ This angered a number of users and crippled the device from being used in any DIY monitoring solutions . So , we decided to audit the device once more to see if there is a way we can give users back access to their cameras while at the same time verifying the security of the devices new firmware ” . The original response looks especially weak in a climate where connected devices are being especially scrutinized for their security . “ While this flaw by default would not directly allow attacks from the Internet suitable for something like Mirai , it would be pretty trivial to use CSRF to infect devices on home networks , ” Tripwire principal security researcher Craig Young said . “ It is always disappointing when a vendor eliminates features rather than fixing Vulnerability-related.PatchVulnerability vulnerabilities as was the case in this camera ” . While the original issue from 2014 has been addressed , the Exploitee.rs wrote that what remains of the web interface includes a set of PHP scripts that allow the camera ’ s firmware to be updated through the iWatch webcam monitoring service . “ These scripts contain a command injection bug that can be leveraged for root remote command execution to an unprivileged user , ” they said . The researchers said Vulnerability-related.DiscoverVulnerability the flaw in iWatch can be exploited Vulnerability-related.DiscoverVulnerability through a special filename stored in a tar command that is passed to a php system call . “ Because the web-server runs as root , the filename is user supplied , and the input is used without sanitization , we are able to inject our own commands within to achieve root remote command execution , ” they said . ASUS patched Vulnerability-related.PatchVulnerability a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root

Security researchers at Qualys Security have discovered Vulnerability-related.DiscoverVulnerability a Linux flaw that could be exploited Vulnerability-related.DiscoverVulnerability to gain root privileges and overwrite any file on the filesystem on SELinux-enabled systems . The high severity flaw , tracked as Vulnerability-related.DiscoverVulnerability CVE-2017-1000367 , resides in Vulnerability-related.DiscoverVulnerability the Sudo ’ s get_process_ttyname ( ) for Linux and is related to the way Sudo parses tty information from the process status file in the proc filesystem . The Linux flaw could be exploited Vulnerability-related.DiscoverVulnerability by a local user with privileges to execute commands via Sudo and could allow attackers to escalate their privileges to root . The Sudo ’ s get_process_ttyname ( ) function opens “ /proc/ [ pid ] /stat ” ( man proc ) and reads the device number of the tty from field 7 ( tty_nr ) . These fields are space-separated , the field 2 ( comm , the filename of the command ) can contain spaces . Sudoer users on SELinux-enabled systems could escalate their privileges to overwrite any file on the filesystem with their command ’ s output , including root-owned files . “ We discovered Vulnerability-related.DiscoverVulnerability a vulnerability in Sudo ’ s get_process_ttyname ( ) for Linux : this function opens “ /proc/ [ pid ] /stat ” ( man proc ) and reads the device number of the tty from field 7 ( tty_nr ) . Unfortunately , these fields are space-separated and field 2 ( comm , the filename of the command ) can contain spaces ( CVE-2017-1000367 ) . ” reads the security advisory . “ On an SELinux-enabled system , if a user is Sudoer for a command that does not grant him full root privileges , he can overwrite any file on the filesystem ( including root-owned files ) with his command ’ s output , because relabel_tty ( ) ( in src/selinux.c ) calls open ( O_RDWR|O_NONBLOCK ) on his tty and dup2 ( ) s it to the command ’ s stdin , stdout , and stderr . This allows any Sudoer user to obtain full root privileges. ” To exploit the issue , a Sudo user would have to choose a device number that doesn ’ t exist under “ /dev ” . If the terminal isn ’ t present under the /dev/pts directory when the Sudo performs a breadth-first search of /dev , the user could allocate a pseudo-terminal between the two searchers and create a “ symbolic link to the newly-created device in a world-writable directory under /dev , such as /dev/shm , ” “ Exploiting the bug requires that the user already have sudo privileges . SELinux must also be enabled on the system and sudo must have been built with SELinux support . To exploit the bug , the user can choose a device number that does not currently exist under /dev . If sudo does not find the terminal under the /dev/pts directory , it performs a breadth-first search of /dev . It is possible to allocate a pseudo-terminal after sudo has checked /dev/pts but before sudo performs its breadth-first search of /dev . The attacker may then create a symbolic link to the newly-created device in a world-writable directory under /dev , such as /dev/shm. ” read a Sudo alert . “ This file will be used as the command ’ s standard input , output and error when an SELinux role is specified on the sudo command line . If the symbolic link under /dev/shm is replaced with a link to an another file before it is opened by sudo , it is possible to overwrite an arbitrary file by writing to the standard output or standard error . This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. ” The Linux flaw affects Vulnerability-related.DiscoverVulnerability all Sudo versions from 1.8.6p7 through 1.8.20 , the Sudo 1.8.20p1 fixes Vulnerability-related.PatchVulnerability it , the issue was rated with a CVSS3 Base Score of 7.8 .

So when there is a security flaw in its system , it affects millions of users on the Internet . Sucuri found Vulnerability-related.DiscoverVulnerability a Content Injection or Privilege Escalation vulnerability affecting the REST API allowing an attacker to modify the content of any post or page within a WordPress site . However , there is good news since Sucuri discretely reported Vulnerability-related.DiscoverVulnerability the vulnerability to WordPress security team who handled the matter professionally and informed as many security providers and hosts and implemented a patch Vulnerability-related.PatchVulnerability before this became public . In their blog post , Marc Alexandre Montpas from Sucuri stated Vulnerability-related.DiscoverVulnerability that “ This privilege escalation vulnerability affects Vulnerability-related.DiscoverVulnerability the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0 . One of these REST endpoints allows access ( via the API ) to view , edit , delete and create posts . Within this particular endpoint , a subtle bug allows visitors to edit any post on the site . The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1 . We are hiding some technical details to make it harder for the bad guys , but depending on the plugins installed on a site , it can lead to a RCE ( remote command execution ) . Also , even though the content is passed through wp_kses , there are ways to inject Javascript and HTML through it

Microsoft Windows users beware of Vulnerability-related.DiscoverVulnerability an unpatched memory corruption bug which could be exploited Vulnerability-related.DiscoverVulnerability to cause denial of service ( DoS ) attacks as well as other exploits . The vulnerability is in the SMB ( Server Message Block ) and is caused by the platform 's inability to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure , according to a Feb 2 CERT advisory . If a user connects to a malicious SMB server , a vulnerable Windows client system may crash and display a blue screen of death ( BSOD ) in mrxsmb20.sys , the advisory said . Researchers have confirmed Vulnerability-related.DiscoverVulnerability the flaw affects Vulnerability-related.DiscoverVulnerability fully-patched Windows 10 and Windows 8.1 client systems , as well as the server equivalents of these platforms , Windows Server 2016 and Windows Server 2012 R2 . The vulnerability is still being examined and it is possible that the flaw may enable more exploits as well . A researcher by the moniker “ PythonResponder ” first reported Vulnerability-related.DiscoverVulnerability the zero day and a proof-of-concept code was published to GitHub shortly after . It is recommended that users consider blocking outbound SMB connections from the local network to the WAN in order to prevent remote attackers from causing denial of service attacks

The Internet Systems Consortium patched Vulnerability-related.PatchVulnerability the BIND domain name system this week , addressing Vulnerability-related.PatchVulnerability a remotely exploitable vulnerability it considers high severity and said could lead to a crash . The issue affects Vulnerability-related.DiscoverVulnerability servers that use both the DNS64 and RPZ function simultaneously . DNS64 is a mechanism for synthesizing AAAA records from A records . It ’ s traditionally used to allow IPv6-only clients to receive IPv6 addresses proxied to IPv4 addresses . The RPZ mechanism is used by Domain Name System recursive resolvers to allow for the customized handling of the resolution of collections of domain name information . Versions 9.8.8 , 9.9.3-S1 , 9.9.3 , 9.9.10b1 , 9.10.0 , and 9.10.5b1 , 9.11.0 are all considered vulnerable Vulnerability-related.DiscoverVulnerability , according to the ISC . When servers use both mechanisms simultaneously , a vulnerability ( CVE-2017-3135 ) that stems from query processing could result in an inconsistent state , triggering either an INSIST assertion failure or an attempt to read through a NULL pointer , according to a security advisory published Vulnerability-related.DiscoverVulnerability Wednesday . The INSIST assertion failure could lead to a subsequent abort , ISC said , while the NULL pointer in some instances can lead to a segmentation fault , which causes the process to be terminated . Ramesh Damodaran and Aliaksandr Shubnik , engineers at Infoblox , a Silicon Valley firm that does DNS , DHCP and IP management , uncovered Vulnerability-related.DiscoverVulnerability the vulnerability and reported Vulnerability-related.DiscoverVulnerability it to the ISC . Damodaran previously helped identified Vulnerability-related.DiscoverVulnerability an unspecified packet processing remote denial of service vulnerability in BIND 9 . The Internet Systems Consortium patched Vulnerability-related.PatchVulnerability the BIND domain name system this week , addressing Vulnerability-related.PatchVulnerability what it calls a critical error condition in the software . Researchers find industrial control system malware similar to BlackEnergy , Havex , and Stuxnet going undetected on Google VirusTotal for years . The Internet Systems Consortium ( ISC ) announced it is planning to patch Vulnerability-related.PatchVulnerability versions of its DHCP to mitigate Vulnerability-related.PatchVulnerability a denial of service vulnerability .

Data: CASIE

Trigger word: affects

Event Types (Count): Vulnerability-related.DiscoverVulnerability (49)

Negative Trigger