(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Today, Microsoft and Adobe released their usual monthly security updates. Microsoft patched a total of 96 different vulnerabilities. Three vulnerabilities have already been disclosed publicly, and two vulnerabilities stick out for being already exploited according to Microsoft:


This vulnerability can be exploited when a user views a malicious shortcut file. Windows shortcuts use small files that describe the shortcut. The file will tell Windows what icon to display to represent the file. By including a malicious icon reference, the attacker can execute arbitrary code. This problem is probably easiest exploited by setting up a malicious file share, and tricking the user into opening the file share via a link. Similar vulnerabilities have been exploited in Windows in the past. Exploits should surface shortly in public. Microsofts description of the vulnerability is a bit contradicting itself. In the past, if a vulnerability had already been exploited in the wild, Microsoft labeled them with an exploitability of 0. In this case, Microsoft uses 1, which indicates that exploitation is likely. But on the other hand, the vulnerability is already being exploited.


ETERNALBLUE Reloaded? This vulnerability is another one that is already exploited according to Microsoft. The vulnerability is triggered by sending a malicious Search message via SMB. The bulletin does not state if exploitation requires authentications. The attacker will have full administrative access to the system, so this vulnerability can also be exploited for privilege escalation.

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(credit: Microsoft)

On Tuesday, Microsoft took the highly unusual step of issuing security patches for XP and other unsupported versions of Windows. The company did this in a bid to protect the OSes against a series of "destructive" exploits developed by, and later stolen from, the National Security Agency.

By Ars' count, Tuesday is only the third time in Microsoft history that the company has issued free security updates for a decommissioned product. One of those came one day after last month's outbreak of the highly virulent "WCry" ransom worm, which repurposed NSA-developed exploits. The exploits were leaked by the Shadow Brokers, a mysterious group that somehow got hold of weaponized NSA hacking tools. (WCry is also known as "WannaCry" and "WannaCrypt.")

According to this updated Microsoft post, Tuesday's updates include fixes for three other exploits that were also released by the Shadow Brokers. A Microsoft blog post announcing the move said the patches were prompted by an "elevated risk of destructive cyberattacks" by government organizations.

Read 8 remaining paragraphs | Comments

Microsoft Windows Kernel CVE-2017-0297 Local Privilege Escalation Vulnerability
Mozilla Firefox CVE-2017-5470 Multiple Unspecified Memory Corruption Vulnerabilities
Mozilla Firefox CVE-2017-5472 Use After Free Denial of Service Vulnerability
EMC VNX1/VNX2 OE for File CVE-2017-4984 Remote Code Execution Vulnerability
SAP BusinessObjects Web Intelligence Unspecified Cross Site Scripting Vulnerability
EMC VNX1/VNX2 OE for File CVE-2017-4985 Local Privilege Escalation Vulnerability
EMC Secure Remote Services Virtual Edition CVE-2017-4986 Authentication Bypass Vulnerability
SAP NetWeaver AS ABAP Unspecified Denial of Service Vulnerability
SAP Business Planning and Consolidation XML External Entity Injection Vulnerability
SAP NetWeaver Application Server ABAP Certificate Validation Security Bypass Vulnerability
SAP NetWeaver Composite Application Framework and Business Cross Site Scripting Vulnerability
SAP Management Console Unspecified Information Disclosure Vulnerability

Enlarge / President Barack Obama reportedly called Russian President Vladimir Putin in October 2016 on the "cyber hotline" to warn about the ongoing hacking of US election officials' systems. (credit: Presidential Press and Information Office)

Citing sources "with direct knowledge of the US investigation" into Russia's information operations campaign during the 2016 US presidential election campaign, Bloomberg News' Michael Riley and Jordan Robertson report that Russian hackers struck at far more states' election offices than previously known. A total of 39 states had election systems targeted by the Russians, Bloomberg's sources said—including Illinois, where attackers broke into voter rolls and tried to delete or modify voter registration data in an attempt to disrupt voting on Election Day.

The scope of the attacks was so broad, Bloomberg reports, that in October of 2016, then-President Barack Obama directly called Russian Federation President Vladimir Putin on the "cyber-hotline." The cyber-hotline "red phone" was set up in 2013 by Obama and Putin as part of an effort to reduce the risk of a "cyber incident" escalating; Obama used it to present evidence of the attacks and warn Putin that the intrusions could trigger a larger conflict between the US and Russia.

As the National Security Agency analysis recently leaked by contractor Reality Winner suggested, the attackers also gained access to software used by poll workers to check voter eligibility, according to Bloomberg's sources. In another unnamed state, attackers accessed a campaign-finance database.

Read 2 remaining paragraphs | Comments

Secunia Research: libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability
SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence

Enlarge / FORT IRWIN, California – Spc. Nathaniel Ortiz, Expeditionary CEMA (Cyber Electromagnetic Activities) Team (ECT), 781st Military Intelligence Battalion, "conducts cyberspace operations" at the National Training Center at Fort Irwin, California, May 9, 2017. (credit: Bill Roche, U.S. Army Cyber Command)

The US military and intelligence communities have spent much of the last two decades fighting wars in which the US significantly over-matched its opponents technologically—on the battlefield and off. In addition to its massive pure military advantage, the US also had more sophisticated electronic warfare and cyber capabilities than its adversaries. But those advantages haven't always translated into dominance over the enemy. And the US military is facing a future in which American forces in the field will face adversaries that can go toe to toe with the US in the electromagnetic domain—with disastrous physical results.

That's in part why the Army Cyber Command recently experimented with putting "cyber soldiers" in the field as part of an exercise at the Army's National Training Center at Fort Irwin, California. In addition to fielding troops to provide defensive and offensive cyber capabilities for units coming into NTC for training, the Army has also been arming its opposition force (the trainers) with cyber capabilities to demonstrate their impact.

That impact was demonstrated clearly in May, when an armored unit staging a simulated assault at NTC was stopped dead in its tracks by jamming of communications. As the unit's commanders attempted to figure out what was wrong, a simulated artillery barrage essentially took the unit out of action.

Read 6 remaining paragraphs | Comments

Internet Storm Center Infocon Status