Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Microsoft Patch Tuesday - October 2017

October 10, 2017

  • Blog
  • Archive

Welcome back to this month’s Patch Tuesday. This month brings fixes to the usual suspects and one interesting product with trivial ease of exploit. Three critical Windows DNS client vulnerabilities were patched that allowed an attacker to send simple DNS queries with malicious code and gain arbitrary code execution. These vulnerabilities were privately disclosed and are not known to be exploited publicly. However, a vulnerability patched in Office was exploited in the wild.

DNS

This vulnerability is somewhat alarming, as an attacker would only need to be on the same local network or in a man-in-the-middle position to take over a Windows system acting as a DNS server. The vulnerability stems back to the introduction of DNSSEC in Windows starting with Windows 8 via the DNSAPI.dll library. The NSEC3 resource unsafely parses its records, which allows for attackers to leverage the weakness and send their own malicious code with the DNS request. Microsoft rates this vulnerability as Critical, and advises that all admins patch immediately.

Kernel

Returning as a routine face for Patch Tuesday, the Kernel comes bearing vulnerabilities that could allow for attackers to gain information on the system. These vulnerabilities revolve around how objects in Kernel memory are (mis)handled. An attacker would have to log onto a system or obtain code execution like the DNS vulnerability, and then run a specially crafted application to gain this information. The information could then be used to bypass Kernel Address Space Layout Randomization (ASLR). These vulnerabilities are rated as Important by Microsoft.

Office

As usual, the vulnerabilities from malicious use of Microsoft Office rear their ugly heads. Attackers using maliciously crafted files would be able to obtain remote code execution if they lured a victim into opening the file. Always be sure to verify the integrity the sender of a file sent via email to protect yourself from these kinds of attacks. One vulnerability (CVE-2017-11826) for Microsoft Word was exploited in the wild. Yang Kang, Ding Maoyin and Song Shenlei of Qihoo 360 Core Security reported this vulnerability to Microsoft. Microsoft rates this vulnerability as Important, but since this vulnerability has been exploited in the wild it is important that all users patch as soon as possible.

JET DB

A somewhat unfamiliar face on Patch Tuesday, Microsoft’s JET DB Engine contained two buffer overflows that could allow remote code execution on an affected system. These vulnerabilities have not been reported to be exploited in the wild. To exploit the vulnerabilities, an attacker would have to open or preview a maliciously crafted Excel file while using an affected version of Windows. Microsoft rates these vulnerabilities as Important.

Graphics

Graphics comes bearing two remote code execution vulnerabilities. These vulnerabilities stem from the use of maliciously crafted embedded fonts. Attackers exploiting these vulnerabilities could then install programs, view, change or delete data. These vulnerabilities have not been reported to be exploited in the wild. Microsoft rates these vulnerabilities at Critical, and urges admins patch as soon as possible.

SMB

Microsoft Server Message Block (SMB) has three fixes for vulnerabilities this month. One of these vulnerabilities is for SMBv1, which is the same format that WannaCry exploited. Microsoft states that these vulnerabilities have not been exploited in the wild, but that exploitation of the SMBv1 vulnerability is likely. To exploit the vulnerability, an attacker would only have to send a specially crafted packet to a targeted SMBv1 server. The other two vulnerabilities allow for Denial of Service, and Information Disclosure to authenticated users. Microsoft rates these vulnerabilities as important.

Shell

A vulnerability in Windows Shell that could be exploited via content viewed in Internet Explorer was patched. Microsoft has stated that while this vulnerability has not been exploited in the wild, exploitation of this vulnerability is more likely that usual. This is likely due to the ease of propagation of this exploit. An attacker would have to host a malicious website, or upload malicious content to a website that accepts or host user-provided content, and then lure a victim to the website. The attacker would gain rights equal to that of the current user, meaning victims that are logged in as an administrator would grant the attacker the ability to take full control over the system. Microsoft rates this vulnerability as critical.

BeyondTrust Research

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.