Data: CASIE
Trigger word:
remedy
Negative Trigger
an
emergency
security
update
to
correct
Vulnerability-related.PatchVulnerability
a
security
update
it
issued
Vulnerability-related.PatchVulnerability
earlier
this
month
to
correct
Vulnerability-related.PatchVulnerability
a
security
update
it
issued
Vulnerability-related.PatchVulnerability
in
January
and
February
.
In
January
and
February
,
Redmond
emitted
Vulnerability-related.PatchVulnerability
fixes
for
Windows
7
and
Server
2008
R2
machines
to
counter
Vulnerability-related.PatchVulnerability
the
Meltdown
chip-level
vulnerability
in
modern
Intel
x64
processors
.
Unfortunately
,
those
patches
blew
Vulnerability-related.PatchVulnerability
a
gaping
hole
in
the
operating
systems
:
normal
applications
and
logged-in
users
could
now
access
and
modify
any
part
of
physical
RAM
,
and
gain
complete
control
over
a
box
,
with
the
updates
installed
.
Rather
than
stop
programs
and
non-administrators
from
exploiting
Meltdown
to
extract
Attack.Databreach
passwords
and
other
secrets
from
protected
kernel
memory
,
the
fixes
on
Windows
7
and
Server
2008
R2
instead
granted
full
read-write
privileges
to
system
RAM
.
Roll
on
March
,
and
Microsoft
pushed out
Vulnerability-related.PatchVulnerability
fixes
on
Patch
Tuesday
to
correct
Vulnerability-related.PatchVulnerability
those
January
and
February
updates
to
close
Vulnerability-related.PatchVulnerability
the
security
vulnerability
it
accidentally
opened
.
Except
that
March
update
did
n't
fully
seal
Vulnerability-related.PatchVulnerability
the
deal
:
the
bug
remained in
Vulnerability-related.DiscoverVulnerability
the
kernel
,
and
was
exploitable
by
malicious
software
and
users
.
Total
Meltdown
Now
,
if
you
're
using
Windows
7
or
Server
2008
R2
and
have applied
Vulnerability-related.PatchVulnerability
Microsoft
's
Meltdown
patches
,
you
'll
want
to
grab and install
Vulnerability-related.PatchVulnerability
today
's
out-of-band
update
for
CVE-2018-1038
.
Swedish
researcher
Ulf
Frisk
discovered
Vulnerability-related.DiscoverVulnerability
the
January
and
February
Meltdown
mitigations
for
Win7
and
Server
2008
R2
were
broken
,
and
went public
Vulnerability-related.DiscoverVulnerability
with
his
findings
once
the
March
Patch
Tuesday
had
kicked
off
.
As
it
turns
out
,
this
month
's
updates
did
not
fully
fix
Vulnerability-related.PatchVulnerability
things
,
and
Microsoft
has
had
to
scramble
to
remedy
Vulnerability-related.PatchVulnerability
what
was
now
a
zero-day
vulnerability
in
Windows
7
and
Server
2008
.
In
other
words
,
Microsoft
has
just
had
to
put out
Vulnerability-related.PatchVulnerability
a
patch
for
a
patch
for
a
patch
.
Hardly
inspiring
stuff
,
but
we
suppose
the
old
Microsoft
adage
remains
true
–
never
trust
a
Redmond
product
until
version
three
at
the
earliest
.
On
the
other
hand
,
writing
kernel-level
memory
management
code
is
an
absolute
bastard
at
times
,
so
you
have
to
afford
the
devs
some
sympathy
.
Cisco
has released
Vulnerability-related.PatchVulnerability
a
new
patch
designed
to
fix
Vulnerability-related.PatchVulnerability
a
failed
update
which
has
not
prevented
the
exploit
of
a
severe
Webex
vulnerability
.
The
original
security
flaw
,
CVE-2018-15442
,
is present in
Vulnerability-related.DiscoverVulnerability
the
Cisco
Webex
Meetings
Desktop
App
for
Windows
and
is described
Vulnerability-related.DiscoverVulnerability
as
a
bug
which
``
could
allow
an
authenticated
,
local
attacker
to
execute
arbitrary
commands
as
a
privileged
user
.
''
Cisco
's
original
security
update
was published
Vulnerability-related.PatchVulnerability
in
October
in
order
to
remedy
Vulnerability-related.PatchVulnerability
the
flaw
,
in
which
a
lack
of
validation
for
user-supplied
parameters
in
the
app
could
be
harnessed
to
exploit
the
bug
.
If
an
attacker
is
successful
in
utilizing
the
vulnerability
,
they
can
force
the
app
to
run
arbitrary
commands
with
user
privileges
.
``
While
the
CVSS
Attack
Vector
metric
denotes
the
requirement
for
an
attacker
to
have
local
access
,
administrators
should
be
aware
that
in
Active
Directory
deployments
,
the
vulnerability
could
be exploited
Vulnerability-related.DiscoverVulnerability
remotely
by
leveraging
the
operating
system
remote
management
tools
,
''
the
company
added
.
Software
releases
prior
to
33.6.4
--
alongside
Cisco
Webex
Productivity
Tools
Releases
32.6.0
and
later
prior
to
33.0.6
--
are
impacted
on
Windows
systems
.
It
was
not
long
after
the release
Vulnerability-related.PatchVulnerability
of
the
first
patch
that
researchers
from
SecureAuth
deemed
the
original
fix
incomplete
.
The
original
patch
only
forced
the
service
to
run
files
signed
by
Webex
,
but
failed
to
account
for
DLL-based
attacks
,
according
to
the
team
.
``
The
vulnerability
can
be exploited
Vulnerability-related.DiscoverVulnerability
by
copying
to
a
local
attacker
controller
folder
,
the
ptUpdate.exe
binary
,
''
the
researchers
said
Vulnerability-related.DiscoverVulnerability
in
an
advisory
.
``
Also
,
a
malicious
dll
must
be
placed
in
the
same
folder
,
named
wbxtrace.dll
.
To
gain
privileges
,
the
attacker
must
start
the
service
with
the
command
line
:
sc
start
webexservice
install
software-update
1
``
attacker-controlled-path
''
(
if
the
parameter
1
does
n't
work
,
then
2
should
be
used
)
.
''
These
findings
were
sent
to
Cisco
,
which
acknowledged
the
DLL
attack
method
.
A
new
patch
was
then
issued
Vulnerability-related.PatchVulnerability
roughly
a
week
after
being informed
Vulnerability-related.DiscoverVulnerability
of
the
issue
.
``
After
an
additional
attack
method
was
reported
to
Cisco
,
the
previous
fix
for
this
vulnerability
was
determined
to
be
insufficient
,
''
Cisco
says
.
``
A
new
fix
was developed
Vulnerability-related.PatchVulnerability
,
and
the
advisory
was updated
Vulnerability-related.PatchVulnerability
on
November
27
,
2018
,
to
reflect
which
software
releases
Vulnerability-related.PatchVulnerability
include
the
complete
fix
.
''
A
privilege
escalation
flaw
in
McAfee
's
True
Key
software
remains
open
to
exploitation
despite
multiple
attempts
to
patch
Vulnerability-related.PatchVulnerability
it
.
This
according
to
researchers
with
security
shop
Exodus
Intel
,
who
claim
Vulnerability-related.DiscoverVulnerability
that
CVE-2018-6661
was
not
fully
addressed
Vulnerability-related.PatchVulnerability
with
either
of
the
two
patches
McAfee
released
Vulnerability-related.PatchVulnerability
for
it
.
The
flaw
is
an
elevation
of
privilege
issue
in
McAfee
's
TrueKey
password
manager
.
An
exploit
can
be
carried
out
on
a
guest
account
by
side-loading
a
specially-crafted
DLL
into
True
Key
that
would
then
allow
for
commands
and
code
to
be
executed
with
system-level
privileges
.
McAfee
's
summary
of
the
flaw
,
published
Vulnerability-related.DiscoverVulnerability
on
March
30
,
lists
it
as
a
'high
'
severity
issue
that
was patched
Vulnerability-related.PatchVulnerability
in
version
4.20.110
-
which
was released
Vulnerability-related.PatchVulnerability
in
April
.
Exodus
says
that
the
April
release
did
n't
fully
fix
Vulnerability-related.PatchVulnerability
the
bug
,
however
.
The
researchers
explain
that
McAfee
's
patch
only
addresses
Vulnerability-related.PatchVulnerability
one
of
the
libraries
(
SDKLibAdapter
)
that
would
allow
the
attack
to
take
place
,
with
another
DLL
(
NLog
logging
library
)
being left vulnerable
Vulnerability-related.DiscoverVulnerability
to
the
same
side-loading
tactic
.
``
The
patch
is
incomplete
because
it
overlooks
this
and
hence
the
nlog.dll
can
be
utilized
to
allow
arbitrary
code
execution
just
as
the
McAfee.TrueKey.SDKLibAdapter.dll
could
be
used
in
versions
prior
to
the
patch
,
''
Exodus
researchers
Omar
El-Domeiri
and
Gaurav
Baruah
said
.
``
Furthermore
,
any
other
McAfee
signed
binary
can
be
used
to
exploit
the
vulnerability
as
long
as
the
binary
depends
on
a
DLL
outside
the
list
of
known
DLLs
.
''
Exodus
said
Vulnerability-related.DiscoverVulnerability
that
it
notified
Vulnerability-related.DiscoverVulnerability
McAfee
of
the
issue
back
in
August
,
prompting
Vulnerability-related.PatchVulnerability
a
second
patch
that
,
unfortunately
,
also
failed
to
fully
remedy
Vulnerability-related.PatchVulnerability
the
issue
.
``
However
,
we
tested
the
latest
version
available
(
5.1.173.1
as
of
September
7th
,
2018
)
and
found
Vulnerability-related.DiscoverVulnerability
that
it
remains vulnerable
Vulnerability-related.DiscoverVulnerability
requiring
no
changes
to
our
exploit
.
''
To
its
credit
,
McAfee
acknowledged
Vulnerability-related.DiscoverVulnerability
the
issue
and
said
it
is
still
working
to
fully
resolve
Vulnerability-related.PatchVulnerability
the
flaw
.
``
McAfee
has
been
working
with
the
researchers
to
confirm
Vulnerability-related.DiscoverVulnerability
their
findings
,
and
has
provided
customers
mitigation
guidance
to
allow
them
to
protect
themselves
until
the
company
can
address
Vulnerability-related.PatchVulnerability
the
reported
issues
via
automatic
product
updates
,
''
McAfee
told
The
Register
.
In
the
meantime
,
McAfee
says
customers
can
use
the
True
Key
browser
extension
(
which
is
not
subject
to
the
DLL
vulnerability
)
rather
than
the
Windows
application
.