Microsoft July Patches: A Closer Look
Microsoft July Patches: A Closer Look
As WannaCry and Petya ransomware attacks made headlines, May and June saw Microsoft and other vendors release a flurry of critical security patches. July may have cooled off a little in terms of active attacks but, as any cybersecurity team will know, someone somewhere is poking around those vendor bug lists in search of the next vulnerability to exploit.
This is no time for complacency. Unfortunately, increased ransomware threats are a sign of the times and proactive patch management is vital to ensure the integrity of your estate.
With that in mind, we take a closer look at some of the recent Microsoft vulnerabilities revealed that could impact enterprise client applications.
Microsoft July Updates – what you need to know
This month to date, Microsoft has released patches for 55 security vulnerabilities across its products, including 19 critical issues. While nothing of notable alarm, the savvy user should pay heed to those vulnerabilities disclosed to the public in advance of patch releases. With attackers potentially getting a head-start at building an exploit, who knows what could become the next headline.
We’ve highlighted a few that the enterprise security team here at Options are watching…
CVE-2017-8563 – An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NTLM Authentication Protocol as the default.
In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a domain controller. If successful, the attacker could potentially create new domain admin accounts and run processes in an elevated context, leading to full control over the attacked network. In addition to patching this vulnerability, administrators also have to make a registry change to fortify LDAP authentication over SSL/TLS.
CVE-2017-8587 – This patch protects the vulnerability in Windows Explorer which could allow a denial of service attack. This vulnerability affects how Windows Explorer attempts to open a non-existent file and could target a user by hosting a website containing the reference to the non-existing file, causing the users system to stop responding.
CVE-2017-8602 – Vulnerability in Internet Explorer 11 and Edge browsers parsing of HTTP content which could allow for a spoofing attack. The attacker could trick a user by redirecting them to a website which could spoof content or serve as a pivot to chain an attack with other web services exploits. Attacks are user targeted and could take the form of phishing or watering hole attacks.
CVE-2017-8584 – For those dabbling in the augmented reality world, this patch covers a remote code execution (RCE) that occurs when HoloLens improperly handles objects in memory due to specially crafted WiFi packets. Microsoft lists this as publicly known but not exploited. While we don’t necessarily see this as a potential client issue today (that’s not to say virtual trading workstations could become a reality), it’s still pretty fascinating that technology of the future can be compromised by merely receiving WiFi packets, apparently without any form of authentication at all.
Prepare. Prioritize. Patch.
If the last few months are any indication of what’s ahead, the industry can’t afford to take any chances with desktop or server patching, no matter how burdensome. By their nature, cyber attacks can propagate across even the seemingly least critical vulnerabilities.
At Options, we have adopted an aggressive approach to vulnerability management. Our cybersecurity team stringently monitors all threat activity and coordinates with Engineering on prioritized platform hardening measures. And as software vendors continue to rollout update after update, we assess the risk to our environment and manage through the Ivanti automated patching tool.
Whether you manage patching in-house or outsource, we have one final note of caution – be sure to account for all access paths to your network. At Options we have an extremely low tolerance for non-compliant devices. That backup laptop you occasionally use in your home office setup could be the demise of your whole infrastructure if not managed. Know what’s out there and find a way to patch it (or disable)!