Microsoft’s Patch Tuesday has come once again, and as is often the case, vital fixes for various vulnerabilities were released. In total there were 53 vulnerabilities, and of these exploits, 20 of them were rated “critical” on the Common Vulnerability Scoring System (CVSS) scale. In general, the primary issue found among the patched vulnerabilities was that of remote code execution — and it’s not the first time Microsoft has patched this kind of vulnerability. There were other issues as well, however, and some of the most critical will be extrapolated on. Here’s a closer look at what’s in the Microsoft November update.
A chunk of noteworthy exploits (CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700) were identified as being particularly dangerous by various security researchers. While the vulnerabilities in question have not been shown to be utilized in the wild, at least currently, there is still a great risk.
CVE-2017-11848 is exploitable due to an “information disclosure vulnerability” that exists within Internet Explorer. The vulnerability is able to be seized upon by hackers to closely monitor the web activity of their potential victims. As a result of this, a threat actor can “host a specially crafted website” and also force “compromised” websites to “contain specially crafted content that could exploit the vulnerability.” This would allow for logging sensitive data of various users.
CVE-2017-11827 is a remote code execution vulnerability that exploits how Microsoft browsers access objects in memory. The situation created by this vulnerability allows for hackers to utilize code to hijack user privileges. If the user is in administrative mode, the hacker can seize full control (just another reason for users to avoid logging in as admins on a regular basis).
CVE-2017-11883 is a denial-of-service vulnerability that can be executed remotely without any authentication. The DoS attack would specifically target web requests that are improperly dealt with by ASP.NET Core. All the hacker would have to do is craft packets and send them to the .NET Core application.
CVE-2017-8700 also involves ASP.NET Core, specifically, “an information disclosure vulnerability… that allows bypassing Cross-origin Resource Sharing (CORS) configurations.” The vulnerability allows an attacker to access content that is usually protected via restrictions in web applications.
These are only four of the 20 most critical vulnerabilities addressed in the Microsoft November update, but the hope is that common themes (especially remote access and sensitive data stealing) are recognized as reasons to patch. The sheer number of remote code execution vulnerabilities is alarming and a call to action for implementing these patches as soon as possible. For a full rundown of many of the critical vulnerabilities, Kaspersky Lab’s Threatpost has a thorough article on the subject.
Get to patching!
Photo credit: Flickr / KestelMultimedia