INFRA
INFRA
INFRA
Microsoft targets state-sponsored hackers in latest ‘Patch Tuesday’ release
Microsoft Corp. has focused on addressing vulnerabilities being used by suspected state-sponsored hackers as part of its monthly “Patch Tuesday” release, issuing patches for two actively targeted new attacks used to steal data.
In one case, an advanced persistent threat group, which is nearly always used as a term to describe state-sponsored hacking groups, has been targeting a Windows VBScript Engine Remote Code Execution Vulnerability first discovered in April.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website,” Microsoft said in a security advisory.
The second vulnerability, a privilege-escalation flaw in the Win32k component of Windows that is also being actively exploited, allows an attacker to run arbitrary code in kernel mod. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explained.
Exactly which APTs are targeting the vulnerabilities is not clear, although at least one of the attacks was first detected by Chinese antivirus maker Qihoo 360 Core, suggesting that the attacks may be coming from China as opposed to Russia. The link to China comes a day after ProtectWise Inc. released a report claiming that many previous hacks thought to have come from APT groups, dubbed the “Winnti Umbrella,” were coordinated by “Chinese state intelligence apparatus.”
In total, Microsoft release 67 patches this month addressing vulnerabilities in Microsoft Windows, Internet Explorer, Edge, Office, .Net Framework, Exchange Server and Host Compute Service Shim.
Aside from the two “zero-day” vulnerabilities mentioned above, Chris Goettl, director of product management, security at Ivanti Inc., told SiliconANGLE that both OS and Office should require priority attention this month to plug the worst of the vulnerabilities resolved.
“Exchange server has several vulnerabilities being resolved this month,” he said. “Most are Important or Low, but there is a critical threat that warrants some attention. CVE-2018-8154 is a vulnerability in Microsoft Exchange that could allow an attacker to execute arbitrary code in the context of the system user.”
Photo: Colin/Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
