Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Microsoft and Adobe June 2017 Patch Tuesday: Two Exploited Vulnerabilities Patched InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft and Adobe June 2017 Patch Tuesday: Two Exploited Vulnerabilities Patched

Published: 2017-06-13
Last Updated: 2017-06-13 21:07:27 UTC
by Johannes Ullrich (Version: 1)
8 comment(s)

Today, Microsoft and Adobe released their usual monthly security updates. Microsoft patched a total of 96 different vulnerabilities. Three vulnerabilities have already been disclosed publicly, and two vulnerabilities stick out for being already exploited according to Microsoft:

CVE 2017-8464

This vulnerability can be exploited when a user views a malicious shortcut file. Windows shortcuts use small files that describe the shortcut. The file will tell Windows what icon to display to represent the file. By including a malicious icon reference, the attacker can execute arbitrary code. This problem is probably easiest exploited by setting up a malicious file share, and tricking the user into opening the file share via a link. Similar vulnerabilities have been exploited in Windows in the past. Exploits should surface shortly in public. Microsoft's description of the vulnerability is a bit contradicting itself. In the past, if a vulnerability had already been exploited in the wild, Microsoft labeled them with an exploitability of "0". In this case, Microsoft uses "1", which indicates that exploitation is likely. But on the other hand, the vulnerability is already being exploited.

CVE 2017-8543

ETERNALBLUE Reloaded? This vulnerability is another one that is already exploited according to Microsoft. The vulnerability is triggered by sending a malicious "Search" message via SMB. The bulletin does not state if exploitation requires authentications. The attacker will have full administrative access to the system, so this vulnerability can also be exploited for privilege escalation.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

Keywords:
8 comment(s)
Diary Archives