Collaborate Disseminate
Approaching August Patch Tuesday, we are supposed to be in the ‘dog days’ of summer where everything slows down. Unfortunately, July was full of CVEs and stability fixes with no time to just lie around. Microsoft itself caused a lot of the activity. Ju… Continue reading August Patch Tuesday forecast: Looking ahead after a frustrating July
As part of the January 2018 Patch Tuesday, Microsoft has released fixes for 56 CVE-listed vulnerabilities, including the Meltdown and Spectre flaws, and an Office bug actively exploited by attackers. Office flaw exploited in the wild Security updates a… Continue reading Microsoft plugs 56 vulns, including Office flaw exploited in attacks
Microsoft has published a security advisorty containing DDE attack mitigation instructions for both users and admins. What’s a DDE attack? For a while now, attackers have been ditching malicious macros and OLE objects in favor of the Dynamic Data Exchange (DDE) attack technique to deliver malware via booby-trapped Office documents. Opening such a document will not trigger any security warnings. Users will be simply asked to update the document links, and then to execute the … More → Continue reading Microsoft offers mitigation advice for DDE attacks scenarios
For its October Patch Tuesday, Microsoft has patched 61 vulnerabilities (27 of them critical) and one Office zero-day labeled as “important.” The zero-day The memory corruption zero-day vulnerability in Microsoft Office (CVE-2017-11826) is reported to be actively exploited in the wild. “An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control … More → Continue reading October Patch Tuesday: 61 bugs and one zero-day fixed
The malware delivery trick involving updating links in Word documents is apparently gaining some traction: the latest campaign to use it likely takes the form of fake emails from the Internal Revenue Service (IRS). The fake email includes an attachment, supposedly a CP2000 notice, which is sent by the IRS when the income and/or payment information they have on file doesn’t match the information the person reported on his or her tax return. This mismatch … More → Continue reading Spoofed IRS notice delivers RAT through link updating trick
As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September patch dump also includes details of a spoofing vulnerability in the Windows Bluetooth driver (CVE-2017-8628), which has been disclosed as part of the BlueBorne batch of vulnerabilities. The flaw was apparently patched silently in July, but Microsoft chose to delay releasing details about it until other vendors could develop … More → Continue reading Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately leading to a RAT infection. What is curious about this particular attack is that it uses an approach that Mertens has never encountered before: the file exploits a Microsoft Word feature that can make files automatically update links included in them as soon as they are opened. “The infection … More → Continue reading Attackers turn to auto-updating links instead of macros to deliver malware
The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be exploited to achieve remote code execution, but the good news is that none of them are currently under active attack – even though some exploits are already public. “Many of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft … More → Continue reading Microsoft fixes 25 critical issues in August Patch Tuesday
The still unpatched MS Office zero-day vulnerability publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking malware. Exploit delivered through spam email ProofPoint researchers observed the exploit being leveraged through a spam email campaign directed at millions of recipients across numerous organizations, primarily located in Australia. “Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from ‘ Continue reading MS Office zero-day is used to infect users with Dridex
A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe – not even those who use a fully patched Windows 10 machine. Even worse: targets do not have to anything except run a malicious file in order to get compromised, as the exploit doesn’t require them to enable macros or do anything else. The vulnerability The existence of the flaw was revealed … More → Continue reading MS Office zero-day exploited in attacks – no enabling of macros required!