fixes for 67 security issues . This month , Microsoft fixedVulnerability-related.PatchVulnerabilitysecurity flaws in Microsoft Windows , Internet Explorer , Microsoft Edge , ChakraCore , .NET Framework , Microsoft Exchange Server , Windows Host Compute Service Shim , and Microsoft Office and Microsoft Office Services and Web Apps . Microsoft patchesVulnerability-related.PatchVulnerabilitytwo zero-days The biggest issue patchedVulnerability-related.PatchVulnerabilitythis month is a zero-day in Internet Explorer that has been abused by a cyber-espionage campaign earlier this month . The zero-day ( CVE-2018-8174 ) affectsVulnerability-related.DiscoverVulnerabilitynot only IE but also any other projects that embed the IE web rendering engine . Microsoft credited researchers from both Qihoo 360 Core Security and Kaspersky Lab for discoveringVulnerability-related.DiscoverVulnerabilitythis issue . The second zero-day is CVE-2018-8120 , an elevation-of-privilege vulnerability in the Win32k component . `` An attacker who successfully exploitedVulnerability-related.DiscoverVulnerabilitythis vulnerability could run arbitrary code in kernel mode . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights , '' Microsoft says . But the flaw is not as dangerous as it sounds , as an attacker already needs a foothold on Windows systems to run his malicious code in the first place , to elevate his access rights . Microsoft also patchedVulnerability-related.PatchVulnerabilityCVE-2018-8141 ( Windows Kernel Information Disclosure Vulnerability ) and CVE-2018-8170 ( Windows Image Elevation of Privilege Vulnerability ) , for which exploitation details became public . Despite info about these two flaws being publishedVulnerability-related.DiscoverVulnerabilityonline , Microsoft saysVulnerability-related.DiscoverVulnerabilitynone were exploitedVulnerability-related.DiscoverVulnerabilityin the wild . Flash fixes also included Last but not least , the Microsoft May 2018 Patch Tuesday also included a patch for an Adobe Flash Player vulnerability ( CVE-2018-4944 ) that Adobe patchedVulnerability-related.PatchVulnerabilityearlier today . Below is a table listing of all the security issues Microsoft fixedVulnerability-related.PatchVulnerabilitythis month . We used PowerShell and the Microsoft API to assemble the table below , but the report is much longer . We hosted the full report on GitHub , here .
A flaw in Safari – that allows an attacker to spoofAttack.Phishingwebsites and trickAttack.Phishingvictims into handing over their credentials – has yet to be patchedVulnerability-related.PatchVulnerability. A browser address bar spoofing flaw was foundVulnerability-related.DiscoverVulnerabilityby researchers this week in Safari – and Apple has yet issueVulnerability-related.PatchVulnerabilitya patch for the flaw . Researcher Rafay Baloch on Monday disclosedVulnerability-related.DiscoverVulnerabilitytwo proof-of-concepts revealingVulnerability-related.DiscoverVulnerabilityhow vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers ’ address bars , tricking victims into thinking they are visiting a legitimate website . Baloch told Threatpost Wednesday that Apple has promised to fixVulnerability-related.PatchVulnerabilitythe flaw in its next security update for Safari . “ Apple has told [ me ] that the latest beta of iOS 12 also addressesVulnerability-related.PatchVulnerabilitythe issue , however they haven ’ t provided any dates , ” he said . Apple did not respond to multiple requests for comment from Threatpost . Microsoft for its part has fixedVulnerability-related.PatchVulnerabilitythe vulnerability Baloch foundVulnerability-related.DiscoverVulnerabilityin the Edge browser , ( CVE-2018-8383 ) in its August Patch Tuesday release . According to Microsoft ’ s vulnerability advisory releasedVulnerability-related.PatchVulnerabilityAugust 14 , the spoofing flaw exists because Edge does not properly parse HTTP content . Both flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading . This means that an attacker could request data from a non-existent port and , due to the delay induced by the setInterval function , trigger the address bar spoofing . The browser would then preserve the address bar and load the content from the spoofed page , Baloch said in his blog breaking down both vulnerabilities . From there , the attacker could spoofAttack.Phishingthe website , using it to lureAttack.Phishingin victims and potentially gather credentials or spread malware . For instance , the attacker could sendAttack.Phishingan email message containing the specially crafted URL to the user , convince the user to click it , and take them to the link which could gather their credentials or sensitive information . “ As per Google , Address bar is the only reliable indicator for ensuring the identity of the website , if the Address bar points to Facebook.com and the content is hosted on attacker ’ s website , there is no reason why someone would not fall for this , ” Baloch told Threatpost . In a video demonstration , Baloch showed how he could visit a link for the vulnerable browser on Edge ( http : //sh3ifu [ . ] com/bt/Edge-Spoof.html ) , which would take him to a site purporting to beAttack.PhishingGmail login . However , while the URL points to a Gmail address , the content is hosted on sh3ifu.com , said Baloch . The Safari proof-of-concept is similar , except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state . However , Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript – a common practice in banking sites . No other browsers – including Chrome or Firefox – were discoveredVulnerability-related.DiscoverVulnerabilityto have the flaw , said Baloch . Baloch is known for discoveringVulnerability-related.DiscoverVulnerabilitysimilar vulnerabilities in Chrome , Firefox and other major browsers in 2016 , which also allowed attackers to spoof URLs in the address bar . The vulnerabilities were disclosedVulnerability-related.DiscoverVulnerabilityto both Microsoft and Apple and Baloch gave both a 90-day deadline before he went publicVulnerability-related.DiscoverVulnerabilitywith the flaws . Due to the Safari browser bug being unpatchedVulnerability-related.PatchVulnerability, Baloch said he has not yet released a Proof of Concept : “ However considering there is a slight difference between the Edge browser POC and Safari , anyone with decent knowledge of Javascript can make it work on Safari , ” he told us .
Adobe has posted an update to addressVulnerability-related.PatchVulnerability85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS . The PDF apps have receivedVulnerability-related.PatchVulnerabilitya major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploitedVulnerability-related.DiscoverVulnerability. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities . Fortunately , Adobe said that none of the bugs was currently being targeted in the wild - yet . For Mac and Windows Acrobat/Reader DC users , the fixes will be presentVulnerability-related.PatchVulnerabilityin versions 2019.008.20071 . For those using the older Acrobat and Reader 2017 versions , the fix will be labeledVulnerability-related.PatchVulnerability2017.011.30105 . Because PDF readers have become such a popular target for email and web-based malware attacks , users and admins alike would do well to test and install the updates as soon as possible . Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone 's machine . In total , Adobe credited 19 different researchers with discoveringVulnerability-related.DiscoverVulnerabilityand reportingVulnerability-related.DiscoverVulnerabilitythe vulnerabilities . Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software , who was credited for findingVulnerability-related.DiscoverVulnerabilityand reportingVulnerability-related.DiscoverVulnerability35 CVE-listed bugs , and Ke Liu and Tencent Security Xuanwu Lab , who was credited with findingVulnerability-related.DiscoverVulnerability11 of the patched Adobe vulnerabilities . Beihang University 's Lin Wang was given credit for nine vulnerabilities . While we 're on the subject of massive security updates , both users and admins will want to mark their calendars for a week from Tuesday . October 9 is slated to be this month 's edition of the scheduled 'Patch Tuesday ' monthly security update .
Microsoft issuedVulnerability-related.PatchVulnerabilitynumerous bug fixes on its most recent Patch Tuesday , but according to the security firm 0patch , there were issues with one of the flaws for a critical vulnerability . The vulnerability in questionVulnerability-related.DiscoverVulnerability, ( CVE-2018-8423 ) , is a memory corruption vulnerability that exists inVulnerability-related.DiscoverVulnerabilitythe Jet Database Engine that , when exploitedVulnerability-related.DiscoverVulnerability, allows for remote code execution . 0patch noticed that the patch Microsoft had issuedVulnerability-related.PatchVulnerabilitywas flawed as a result of studying the official patch of the Jet Database Engine and a “ micropatch ” that the security researchers had created for the same flaw . They explain this revelation as follows : As expected , the update brought a modified msrd3x40.dll binary : this is the binary with the vulnerability , which we had micropatched with 4 CPU instructions ( one of which was just for reporting purposes ) . The version of msrd3x40.dll changed from 4.0.9801.0 to 4.0.9801.5 and of course , its cryptographic hash also changed - which resulted in our micropatch for this issue no longer getting applied to msrd3x40.dll . So far so good , but the problems became glaring once further analysis began : We BinDiff-ed the patched msrd3x40.dll to its vulnerable version and reviewed the differences . At this point we will only state that we found the official fix to be slightly different to our micropatch , and unfortunately in a way that only limited the vulnerability instead of eliminating it . We promptly notified Microsoft about it and will not reveal further details or proof-of-concept until they issueVulnerability-related.PatchVulnerabilitya correct fix . It may be a little frustrating to not know what the problem is from a tech journalist ’ s perspective , but as I am also an “ ethical ” hacker , I totally understand the lack of disclosure on the part of both Microsoft and 0patch . If the flaw is not public knowledge and has not been patchedVulnerability-related.PatchVulnerability, it makes no sense to hand a cybercriminal the keys to Windows user ’ s machines . What this story shows is how vital the relationship between third-party security researchers and vendors . Without the due diligence of first Trend Micro ’ s ZDI discoveringVulnerability-related.DiscoverVulnerabilitythe original flaw , and then 0patch uncoveringVulnerability-related.DiscoverVulnerabilitythe secondary flaw in the patch , Microsoft and their customers would be exposed to hackers with bad intentions .
A security bug in Systemd can be exploitedVulnerability-related.DiscoverVulnerabilityover the network to , at best , potentially crash a vulnerable Linux machine , or , at worst , execute malicious code on the box . The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking : maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems , leading to potential code execution . This code could install malware , spyware , and other nasties , if successful . The vulnerability – which was made publicVulnerability-related.DiscoverVulnerabilitythis week – sits within the written-from-scratch DHCPv6 client of the open-source Systemd management suite , which is built into various flavors of Linux . This client is activated automatically if IPv6 support is enabled , and relevant packets arrive for processing . Thus , a rogue DHCPv6 server on a network , or in an ISP , could emit specially crafted router advertisement messages that wake up these clients , exploit the bug , and possibly hijack or crash vulnerable Systemd-powered Linux machines . Here 's the Red Hat Linux summary : systemd-networkd is vulnerableVulnerability-related.DiscoverVulnerabilityto an out-of-bounds heap write in the DHCPv6 client when handling options sent by network adjacent DHCP servers . A attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines , resulting in a denial of service or potential code execution . Felix Wilhelm , of the Google Security team , was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw , designated CVE-2018-15688 . Wilhelm found that a specially crafted DHCPv6 network packet could trigger `` a very powerful and largely controlled out-of-bounds heap write , '' which could be used by a remote hacker to inject and execute code . `` The overflow can be triggered relatively easy by advertising a DHCPv6 server with a server-id > = 493 characters long , '' Wilhelm noted . In addition to Ubuntu and Red Hat Enterprise Linux , Systemd has been adopted as a service manager for Debian , Fedora , CoreOS , Mint , and SUSE Linux Enterprise Server . We 're told RHEL 7 , at least , does not use the vulnerable component by default . Systemd creator Lennart Poettering has already publishedVulnerability-related.PatchVulnerabilitya security fix for the vulnerable component – this should be weaving its way into distros as we type . If you run a Systemd-based Linux system , and rely on systemd-networkd , updateVulnerability-related.PatchVulnerabilityyour operating system as soon as you can to pick up the fix when availableVulnerability-related.PatchVulnerabilityand as necessary . The bug will come as another argument against Systemd as the Linux management tool continues to fight for the hearts and minds of admins and developers alike . Though a number of major admins have in recent years adopted and championed it as the replacement for the old Init era , others within the Linux world seem to still be less than impressed with Systemd and Poettering 's occasionally controversial management of the tool .
Overall , the chip giant patchedVulnerability-related.PatchVulnerabilityfive vulnerabilities across an array of its products . Intel on Tuesday patchedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixedVulnerability-related.PatchVulnerabilityfive bugs – three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel ’ s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a “ high ” CVSS score of 7.8 , according to Intel ’ s update . “ Intel is releasingVulnerability-related.PatchVulnerabilitysoftware updates to mitigateVulnerability-related.PatchVulnerabilitythis potential vulnerability , ” it said , urging users to updateVulnerability-related.PatchVulnerabilityto version 20.90.0.7 or later of the software . The vulnerability , reportedVulnerability-related.DiscoverVulnerabilityby Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software ’ s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists inVulnerability-related.DiscoverVulnerabilitythe company ’ s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impactedVulnerability-related.DiscoverVulnerability; Intel recommendsVulnerability-related.PatchVulnerabilityusers updateVulnerability-related.PatchVulnerabilityto versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw . The chip-maker also patchedVulnerability-related.PatchVulnerabilitya high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . “ Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , ” saidVulnerability-related.DiscoverVulnerabilityIntel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted inVulnerability-related.DiscoverVulnerabilityimproper file verification in the install routine for Intel ’ s SGX SDK and Platform Software for Windows before 2.2.100 . It was discoveredVulnerability-related.DiscoverVulnerabilityby researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That ’ s due to data leakageAttack.Databreachin the cryptographic libraries of the SGX platform ’ s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel ’ s SSD data-center tool for Windows has been patchedVulnerability-related.PatchVulnerability. “ Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , ” saidVulnerability-related.DiscoverVulnerabilityIntel ’ s update . The company recommends users update to v3.0.17 or later . Intel ’ s patch comesVulnerability-related.PatchVulnerabilityduring a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .
Yesterday , on Microsoft ’ s Patch Tuesday the company releasedVulnerability-related.PatchVulnerabilityits monthly security patches that fixedVulnerability-related.PatchVulnerability62 security flaws . These fixes also included a fix for a zero-day vulnerability that was under active exploitation before these patches were made availableVulnerability-related.PatchVulnerability. Microsoft also announced the re-release of its Windows 10 version 1809 and Windows Server 2019 . Microsoft credited Kaspersky Lab researchers for discoveringVulnerability-related.DiscoverVulnerabilitythis zero-day , which is also known asVulnerability-related.DiscoverVulnerabilityCVE-2018-8589 and impactsVulnerability-related.DiscoverVulnerabilitythe Windows Win32k component . A Kaspersky spokesperson told ZDNet , “ they discoveredVulnerability-related.DiscoverVulnerabilitythe zero-day being exploitedVulnerability-related.DiscoverVulnerabilityby multiple cyber-espionage groups ( APTs ) . ” The zero-day had been used to elevate privileges on 32-bit Windows 7 versions . This is the second Windows elevation of privilege zero-day patchedVulnerability-related.PatchVulnerabilityby Microsoft discoveredVulnerability-related.DiscoverVulnerabilityby Kaspersky researchers . Last month , Microsoft patchedVulnerability-related.PatchVulnerabilityCVE-2018-8453 , another zero-day that had been used by a state-backed cyber-espionage group known as FruityArmor . However , in this month ’ s Patch Tuesday , Microsoft has not patchedVulnerability-related.PatchVulnerabilitya zero-day that is affectingVulnerability-related.DiscoverVulnerabilitythe Windows Data Sharing Service ( dssvc.dll ) . This zero-day was disclosedVulnerability-related.DiscoverVulnerabilityon Twitter at the end of October . According to ZDNet , “ Microsoft has published this month a security advisory to instruct users on how to properly configure BitLocker when used together with solid-state drives ( SSDs ) . ” As reported by Microsoft , the Windows 10 October 2018 update caused user ’ s data loss post updating . Due to this , the company decided to pause the update . However , yesterday , Microsoft announced that it is re-releasing Windows 10 version 1809 . John Cable , the director of Program Management for Windows Servicing and Delivery at Microsoft said , “ the data-destroying bug that triggered that unprecedented decision , as well as other quality issues that emerged during the unscheduled hiatus , have been thoroughly investigated and resolved. ” Microsoft also announced the re-release of Windows Server 2019 , which was affectedVulnerability-related.DiscoverVulnerabilityby the same issue . According to ZDNet , “ The first step in the re-release is to restore the installation files to its Windows 10 Download page so that “ seekers ” ( the Microsoft term for advanced users who go out of their way to install a new Windows version ) can use the ISO files to upgrade PCs running older Windows 10 versions. ” Michael Fortin , Windows Corporate Vice President , in a blog post , offered some context behind the recent issues and announced changes to the way the company approaches communications and also the transparency around their process . Per Fortin , “ We obsess over these metrics as we strive to improve product quality , comparing current quality levels across a variety of metrics to historical trends and digging into any anomaly. ” To know more about this in detail , visit Microsoft ’ s official blog post .
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub , and foundVulnerability-related.DiscoverVulnerability117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials . The researchers identified popular tutorials by inputing search terms such as “ mysql tutorial ” , “ php search form ” , “ javascript echo user input ” , etc . into Google Search . The first five results for each query were then manually reviewed and evaluated for SQLi and XSS vulnerabilities by following OWASP ’ s guidelines ( Reviewing Code for SQL Injection , Cross Site Scripting Prevention Cheat Sheat ) . This resulted in the discoveryVulnerability-related.DiscoverVulnerabilityof 9 tutorials containing vulnerable code ( 6 with SQLi , 3 with XSS ) . Based on these , they created two types of queries that they used against the aforementioned data set obtained from GitHub . “ We use strict queries to identify known vulnerable patterns in web applications , and normal queries to identify code analogues of tutorial code , ” they explained . The results were , finally , manually reviewed by the researchers . “ Thanks to our framework , we have uncoveredVulnerability-related.DiscoverVulnerabilityover 100 vulnerabilities in web application code that bear a strong resemblance to vulnerable code patterns foundVulnerability-related.DiscoverVulnerabilityin popular tutorials . More alarmingly , we have confirmedVulnerability-related.DiscoverVulnerabilitythat 8 instances of a SQLi vulnerability present inVulnerability-related.DiscoverVulnerabilitydifferent web applications are an outcome of code copied from a single vulnerable tutorial , ” they noted . “ Our results indicateVulnerability-related.DiscoverVulnerabilitythat there is a substantial , if not causal , link between insecure tutorials and web application vulnerabilities. ” “ [ Our findings ] suggest that there is a pressing need for code audit of widely consumed tutorials , perhaps with as much rigor as for production code , ” they pointed out . In their research , they evaluated only PHP application code , but their approach can be easily used to evaluate codebases in other programming languages , especially because they have made available their crawler ( GithubSpider ) and code analogue detector ( CADetector ) tools . Unfortunately , such a search can be easily replicated – “ even with limited resources such as a standard PC and a broadband DSL connection ” – by individuals or groups intent of discoveringVulnerability-related.DiscoverVulnerabilityvulnerabilities in software for future exploitation .
Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses around the world . But what makes these attacks unusual is the criminals ’ use of widely used legitimate tools and fileless malware , which explains why the attacks went largely unnoticed . “ This threat was originally discoveredVulnerability-related.DiscoverVulnerabilityby a bank ’ s security team , after detectingVulnerability-related.DiscoverVulnerabilityMeterpreter code inside the physical memory of a domain controller ( DC ) , ” the researchers explainedVulnerability-related.DiscoverVulnerability. “ Kaspersky Lab participated in the forensic analysis after this attack was detected , discoveringVulnerability-related.DiscoverVulnerabilitythe use of PowerShell scripts within the Windows registry . Additionally it was discoveredVulnerability-related.DiscoverVulnerabilitythat the NETSH utility as used for tunnelling traffic from the victim ’ s host to the attacker´s C2 ” . Meterpreter is a well known Metasploit payload that allows attackers to control the screen of a device using VNC and to browse , upload and download files . NETSH ( network shell ) , is a Windows command-line utility that allows local or remote configuration of network devices . The attackers also took advantage of the Windows SC utility to install a malicious service to execute PowerShell scripts , and Mimikatz to extract credentials from compromised machines .