Microsoft Patches Office Bug Actively Being Exploited

Security experts are urging network administrators to patch a Microsoft Office vulnerability that has been exploited in the wild.
The vulnerability (CVE-2017-11826) could allow remote code execution if a user opens a specially crafted Office file. It was one of 62 vulnerabilities patched by Microsoft as part of its monthly Patch Tuesday updates released today. Of those, 23 of  the vulnerabilities are rated critical, 34 rated as important and 33 can result in remote code execution.
信息安全意识公开课提升国民网络素养
Related Posts
通过白色恐怖来恫吓员工,员工的工作激情会受到打击,协同合作的氛围、员工及部门之间的信任关系也会受到重创,提升员工的信息安全意识才是正道。
As for the Microsoft Office vulnerability Microsoft said: “If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The vulnerability is rated important, but tops the list of vulnerabilities to address this month because the bug has been exploited in the wild. Researchers at Qihoo 360 Core Security are credited for first detecting an in-the-wild attack that leveraged CVE-2017-11826 on Sept. 28.
“The attack only targeted limited customers,” wrote  Qihoo. “The attacker embedded malicious .docx in the RTF files. Through reversing analysis of the sample C&C, we found that the attack was initiated in August and the launch date of the attack can be dated back to September.”
“Priority should also be given to CVE-2017-11771, which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service,” wrote Jimmy Graham, director of product management at Qualys in a blog post analysis of Tuesday’s patches. “As with the others, this vulnerability can be exploited remotely via SMB to take complete control of a system, and can impact both servers and workstations.”
He noted, while an exploit against CVE-2017-11771 can leverage SMB as an attack vector, it isn’t related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry and NotPetya.
Among other patches issued by Microsoft, the company addressed critical Windows DNS client vulnerabilities (CVE-2017-11779) with a patch that closed off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations.
The flaws were discovered and privately disclosed to Microsoft by Nick Freeman, a security researcher with Bishop Fox. “An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account,” Microsoft said. Impacted is Windows 8.1 through 10 including Windows Server 2012 through 2016.
Another noteworthy bug is a Windows Subsystem for Linux, denial of service vulnerability (CVE-2017-8703). This previously publicly disclosed bug could allow an attacker to execute a specially crafted application to affect an object in memory allowing an attacker to cause the system to become unresponsive, Microsoft. The only affected product is Windows 10 (Version 1703).
Chris Goettl, manager of product management, security at Avanti, also noted a critical Microsoft Office SharePoint XSS vulnerability (CVE-2017-11777) that can be abused by an attacker who send a specially crafted request to an affected SharePoint server. If successful, “the attacker would have the same security context as the current user allowing them to read data they should not have access to, use the victim’s identity to take actions on the SharePoint site on behalf of the user, and inject malicious content in the browser of the user,” Goettl said.
Lastly, it’s worth noting Microsoft’s support for Windows 10 November Update Version 1511 (released in 2015) ends with today’s updates. On the flip side, Microsoft has said the fourth major update to Windows 10 Fall Creators Update, will be release next week, on Oct. 17.

Today also marks the sunsetting of support for Microsoft Office 2007.
银行木马程序袭击安卓系统,手机银行客户端盛行,安全状况令人担忧,亚马逊云服务被指托管银行木马内容,手机银行让移动支付显得很方便,手机银行用户成为犯罪份子新的目标。

猜您喜欢

九章信安——信息安全管理体系实施课程
信息安全意识考试
Security-Frontline-安全前线
“宅男女神”郭雪芙与男星同坐电梯 身材抢镜
TECHXACT FUNATHOMEWITHKIDS
信息安全意识检验