This Patch Tuesday has seen Microsoft issue several updates for critical vulnerabilities, some of which are being actively exploited in the wild. Microsoft is urging companies to apply the patches immediately to keep their systems secure. Some of the vulnerabilities are easy to exploit, requiring little skill.
In total, 62 vulnerabilities have been patched, including 33 that can result in remote code execution. Out of the 62 vulnerabilities, 23 are rated as critical and 34 as important.
CVE-2017-11771 is a critical vulnerability in the Windows Search service, which can be exploited via SMB and used to take control of a server or workstation. While this vulnerability is not related to the SMBv1 vulnerabilities that were exploited in the WannaCry ransomware attacks, it is just as serious and should be addressed as a priority.
Three of critical vulnerabilities affect the Windows DNS client and are heap buffer-overflow vulnerabilities, all of which have been addressed with the CVE-2017-11779 security update. These flaws could be exploited with no user interaction required.
The flaws exist in a data record feature – NSEC3 – of the secure Domain Name System protocol, DNSSEC. DNSSEC digitally signs the DNS to prevent spoofing and was introduced to help prevent man-in-the-middle attacks. Nick Freeman, a senior researcher at Bishop Fox discovered flaws.
Exploitation of the vulnerabilities would require an individual on the same network, which would limit the attack method to malicious insiders. However, if an attacker was able to pull off a man-in-the-middle attack and intercept DNS requests from the target’s machine, it would be possible to control DNS flow and gain full control of the victim’s machine. This attack would be relatively easy to pull off if an individual used their work laptop to log on via an unsecured WiFi hotspot.
CVE-2017-011826 is a remote code execution vulnerability in Microsoft Office that is already being used in attacks against organizations. The flaw is being exploited by sending specially crafted office files via email. If opened, the attacker gains the same rights as the user. If opened by a user with an administrator account, the attacker could take full control of the user’s system. Even though the flaw is being exploited in the wild, it has only been marked as important by Microsoft.
Microsoft has also confirmed it is ending support for Windows 10 November Update Version 1511 and Office 2007 today.
As was highlighted by the WannaCry and NotPetya attacks, and the Equifax data breach, the failure to patch promptly can lead to a very costly data breach. The latest round of patches from Microsoft should therefore be applied as soon as possible.