Posts Tagged ‘updates’

Immediately Patch Microsoft 0 day vulnerabilities being used to spread SPYWARE!

Thursday, September 14th, 2017

 

Windows 0-Day Flaw

Get ready to install a fairly large batch of security patches onto your Windows computers.

As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products.

 The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE).

Affected Microsoft products include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • .NET Framework
  • Skype for Business and Lync
  • Microsoft Exchange Server
  • Microsoft Office, Services and Web Apps
  • Adobe Flash Player

.NET 0-Day Flaw Under Active Attack

According to the company, four of the patched vulnerabilities are publicly known, one of which has already been actively exploited by the attackers in the wild.

Here’s the list of publically known flaws and their impact:

Windows .NET Framework RCE (CVE-2017-8759)—A zero-day flaw, discovered by researchers at cybersecurity firm FireEye and privately reported it to Microsoft, resides in the way Microsoft .NET Framework processes untrusted input data.

Microsoft says the flaw could allow an attacker to take control of an affected system, install programs, view, change, or delete data by tricking victims into opening a specially crafted document or application sent over an email.

The flaw could even allow an attacker to create new accounts with full user rights. Therefore users with fewer user rights on the system are less impacted than users who operate with admin rights.

According to FireEye, this zero-day flaw has actively been exploited by a well-funded cyber espionage group to deliver FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July this year.

FinSpy is a highly secret surveillance software that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies.

Once infected, FinSpy can perform a large number of secret tasks on victims computer, including secretly monitoring computers by turning ON webcams, recording everything the user types with a keylogger, intercepting Skype calls, copying files, and much more.

“The [new variant of FINSPY]…leverages heavily obfuscated code that employs a built-in virtual machine – among other anti-analysis techniques – to make reversing more difficult,” researchers at FireEye said.

“As likely another unique anti-analysis technique, it parses its own full path and searches for the string representation of its own MD5 hash. Many resources, such as analysis tools and sandboxes, rename files/samples to their MD5 hash in order to ensure unique filenames.”

Three Publicly Disclosed Vulnerabilities

The remaining three publicly known vulnerabilities affecting the Windows 10 platform include:

  • Device Guard Security Feature Bypass Vulnerability (CVE-2017-8746): This flaw could allow an attacker to inject malicious code into a Windows PowerShell session by bypassing the Device Guard Code Integrity policy.
  • Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8723): This flaw resides in Edge where the Content Security Policy (CSP) fails to properly validate certain specially crafted documents, allowing attackers to trick users into visiting a website hosting malware.
  • Broadcom BCM43xx Remote Code Execution Vulnerability (CVE-2017-9417): this flaw exists in the Broadcom chipset in HoloLens, which could be exploited by attackers to send a specially crafted WiFi packet, enabling them to install programs, view, change, or delete data, even create new accounts with full admin rights.

BlueBorne Attack: Another Reason to Install Patches Immediately

Also, the recently disclosed Bluetooth vulnerabilities known as “BlueBorne” (that affected more than 5 Million Bluetooth-enabled devices, including Windows, was silently patched by Microsoft in July, but details of this flaw have only been released now.

BlueBorne is a series of flaws in the implementation of Bluetooth that could allow attackers to take over Bluetooth-enabled devices, spread malware completely, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.

So, users have another important reason to apply September security patches as soon as possible in order to keep hackers and cyber criminals away from taking control over their computers.

Other flaws patched this month include five information disclosure and one denial of service flaws in Windows Hyper-V, two cross-site scripting (XSS) flaws in SharePoint, as well as four memory corruption and two remote code execution vulnerabilities in MS Office.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Source:
Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

Android 4.4.4 KitKat Update: 15 Things to Expect

Monday, August 11th, 2014

For several weeks now, Google’s Android 4.4.3 KitKat update and Android 4.4.4 KitKat update have both been rolling out to Android users all over the globe. With both roll outs pushing out at an increasing rate of speed, we want to take a look at what we expect from the Android 4.4.3 KitKat and Android 4.4.4 KitKat updates moving forward.

Back in June, Google pushed out three new Android updates. One, the Android L update, is currently in beta form and is only available to users with the Nexus 7 or Nexus 5. Its release will be coming sometime later this year. The other two were Android 4.4 KitKat updates in the forms of Android 4.4.3 KitKat and Android 4.4.4 KitKat, two updates aimed at solving Android 4.4.2 KitKat problems.

Android 4.4.3 KitKat pushed out on June 4th while the Android 4.4.4 KitKat rolled out just a few weeks later. For Nexus users, Android 4.4.4 KitKat delivered but one security patch for an OpenSSL vulnerability. For other users, it delivered Android 4.4.3 KitKat bug fixes on top of that security fix. Both are extremely important updates so it hasn’t been surprising to see Android users starving for information.

Fortunately, we’ve seen a ton of Android 4.4.3 KitKat and Android 4.4.4 KitKat update details emerge in the past few weeks as companies work to upgrade their devices. We’ve also seen some companies remain silent about the prospects of Android 4.4.3 KitKat and Android 4.4.4 KitKat. Unsurprisingly, we’ve been getting tons of Android 4.4 KitKat questions from friends, family and readers alike.

With all of that in mind, we want to take a look at how we expect the Android 4.4.3 KitKat and Android 4.4.4 KitKat update processes to play out. Here, we make some Android 4.4.3 KitKat and Android 4.4.4 KitKat predictions based on concrete information, based on rumors and based on a lengthy history covering Android updates across various manufacturers.

via Android 4.4.4 KitKat Update: 15 Things to Expect.

Microsoft to Patch Critical Internet Explorer Zero-Day Vulnerability Today!

Tuesday, June 10th, 2014

IE update

Internet Explorer update

Today Microsoft has released its Advance Notification for the month of June 2014 Patch Tuesday releasing seven security Bulletins, which will address several vulnerabilities in its products, out of which two are marked critical and rest are important in severity.

This Tuesday, Microsoft will issue Security Updates to address seven major vulnerabilities and all those are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Word, Microsoft Office and Internet Explorer.

CRITICAL VULNERABILITY THAT YOU MUST PATCH

Bulletin one is considered to be the most critical one, which will address a the zero-day Remote Code Execution vulnerability, affecting all versions of Internet Explorer, including IE11 in Windows 8.1.

All server versions of Windows are affected by this vulnerability, but at low level of severity because by default, Internet Explorer runs in Enhanced Security Configuration and just because Server Core versions of Windows Server do not include Internet Explorer, so are not affected.

The vulnerability allows a remote attacker to execute arbitrary code using JavaScript, but so far, the zero-day flaw is not known to have been used in any attacks, according to Microsoft. “The Update for Internet Explorer addresses CVE-2014-1770, which we have not seen used in any active attacks.”

Microsoft kept hidden this critical Internet explorer Zero-Day vulnerability from all of us since October 2013, but last month the team at ‘Zero Day Initiative’ disclosed the vulnerability publically when Microsoft failed to respond and patch this flaw within 180 days after receiving the details from security researcher.

The second Bulletin addresses one or more flaws in both Windows and Office products. It is also a Remote Code Execution vulnerability and rated ‘Critical’ on all versions of Windows including Server Core; Microsoft Live Meeting 2007 Console and all versions of Microsoft Lync, excluding the Lync Server. The flaw is also rated ‘Important’ for Office 2007 and Office 2010.

These critical security updates are really important for users to patch and both the patches will require a restart after the installation of the new versions.

OTHER IMPORTANT PATCHES TO INSTALL

Remaining five bulletins will address one or more remote code execution vulnerabilities in Office, an information disclosure bugs in Windows, information disclosure bugs in Lync Server, a Denial of Service (DoS) bug in all Windows versions since Vista, and a “tampering” vulnerability in Windows including Windows 7, 8.x and Server 2012.

NOT FOR XP THIS TIME

Microsoft will not release any security update for its older version of Windows XP, like last month it provided an ‘out-of-band security update’ for Windows XP machines affected by the zero-day vulnerability.

Microsoft stopped supporting Windows XP Operating System. So, if you are still running this older version of operating system on your PCs, we again advise you to move on to other operating system in order to receive updates and secure yourself from upcoming threats.

via Microsoft to Patch Critical Internet Explorer Zero-Day Vulnerability Next Tuesday – The Hacker News.

การติดตั้ง อัปเกรด และเปิดใช้งาน – วิธีใช้ Microsoft Windows

Monday, April 14th, 2014
การติดตั้ง อัปเกรด และเปิดใช้งาน