INFRA
INFRA
INFRA
Microsoft targets state-sponsored hackers in latest ‘Patch Tuesday’ release
Microsoft Corp. has focused on addressing vulnerabilities being used by suspected state-sponsored hackers as part of its monthly “Patch Tuesday” release, issuing patches for two actively targeted new attacks used to steal data.
In one case, an advanced persistent threat group, which is nearly always used as a term to describe state-sponsored hacking groups, has been targeting a Windows VBScript Engine Remote Code Execution Vulnerability first discovered in April.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website,” Microsoft said in a security advisory.
The second vulnerability, a privilege-escalation flaw in the Win32k component of Windows that is also being actively exploited, allows an attacker to run arbitrary code in kernel mod. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explained.
Exactly which APTs are targeting the vulnerabilities is not clear, although at least one of the attacks was first detected by Chinese antivirus maker Qihoo 360 Core, suggesting that the attacks may be coming from China as opposed to Russia. The link to China comes a day after ProtectWise Inc. released a report claiming that many previous hacks thought to have come from APT groups, dubbed the “Winnti Umbrella,” were coordinated by “Chinese state intelligence apparatus.”
In total, Microsoft release 67 patches this month addressing vulnerabilities in Microsoft Windows, Internet Explorer, Edge, Office, .Net Framework, Exchange Server and Host Compute Service Shim.
Aside from the two “zero-day” vulnerabilities mentioned above, Chris Goettl, director of product management, security at Ivanti Inc., told SiliconANGLE that both OS and Office should require priority attention this month to plug the worst of the vulnerabilities resolved.
“Exchange server has several vulnerabilities being resolved this month,” he said. “Most are Important or Low, but there is a critical threat that warrants some attention. CVE-2018-8154 is a vulnerability in Microsoft Exchange that could allow an attacker to execute arbitrary code in the context of the system user.”
Photo: Colin/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
