Microsoft spotlights exploit connected to SMB on July Patch Tuesday

Windows Server administrators can’t catch a break when it comes to vulnerabilities and the Server Message Block…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

protocol.

Microsoft addressed 54 vulnerabilities on July Patch Tuesday, including yet another potential exploit connected to Server Message Block (SMB), which has been the vulnerability du jour of recent ransomware attacks.

One remote code execution vulnerability in all supported versions of Windows Server, labeled CVE-2017-8589, could allow an attacker to take control of a system through an SMB connection. This vulnerability resides in the Window Search service and how it handles files, but the attacker can use an SMB connection as an attack vector to compromise the host.

While it uses SMB, this vulnerability is not related to the exploits used in the WannaCry attacks earlier this year, which were originally compiled by the National Security Agency and then leaked by hackers. But administrators should be vigilant anytime a vulnerability related to SMB is discovered, because the network file-sharing protocol has a large attack surface, said Jimmy Graham, director of product management for Qualys Inc., based in Redwood City, Calif.

“That’s the easiest way to get to a system — almost every Windows system is going to be running SMB of some kind,” he said. “If I were going to try to exploit a system, I would focus on that.”

Exploits in Windows Explorer, web browsers addressed

A 30-day patching cycle might not be [quick] enough to have all of your systems covered by the time malware comes out.
Jimmy Grahamdirector of product management, Qualys Inc.

Another vulnerability that affects all supported versions of Windows Server, CVE-2017-8563, could allow attackers to elevate privileges and obtain system-level access to domain controllers. Microsoft only rates this as important instead of critical, but Graham advised Windows Server admins to address it quickly.

Graham also highlighted CVE-2017-8463, a vulnerability in Windows Explorer that could become a target for exploit kits even though it requires heavy user interaction, Graham said. The exploit also resides in the Internet Explorer and Edge web browsers.

“[The vulnerability] would require someone to get a system on the network, create a malicious share, drop some malware in it and then send that in an instant messaging link or an email,” he said.

Urgent care needed

Microsoft seemed to catch its breath with July Patch Tuesday. In June, the company issued updates for a whopping 94 vulnerabilities, including some for unsupported systems, such as Windows Server 2003.

Although July Patch Tuesday addressed just 54 vulnerabilities — with only 19 listed as critical — admins should treat them seriously and patch them quickly. As the WannaCry attacks showed, attackers don’t need long to take advantage of an unpatched system.

“Looking at the patch-to-exploit time frame, those time frames have been so compressed [recently],” Graham said. “Obviously, testing is still required, and you need to test patches before you deploy them in your environment. But what we’ve seen is less than 30 days from the exploit release and the malware release in WannaCry.

“So, with that the case, a 30-day patching cycle might not be [quick] enough to have all of your systems covered by the time malware comes out.”

For more information about the remaining security vulnerabilities released on July Patch Tuesday, visit Microsoft’s Security Update Guide.

Dan Cagen is the associate site editor for SearchWindowsServer.com. Write to him at dcagen@techtarget.com.

Next Steps

Adapt to Microsoft’s patching changes

Admins lose some control with new patching process

Security Update Guide brings growing pains


Essential Guide

Catch up on the Windows Server patches of 2017

Powered by WPeMatico

How to run Kali Linux on Client Hyper-V

 Personally, I find Microsoft’s recent moves to improve support for Linux and its overall relationship with open source to be very exciting. I’ve taken full advantage of these new opportunities to rekindle my love for the C and C++ languages and to explore Linux anew. Since my general line of work keeps me focused on the datacenter, I’ve similarly kept tight focus on server Linux builds and within the confines of Microsoft’s support matrix. Sure, I’ve had a good time learning other distributions and comparing them to what I knew. But, I also realize that I’ve been restricting myself to the safe walled garden of enterprise-style deployments. It’s time for something new. For my first step outside the walls, I’m going to take a crack at Kali Linux. What is Kali Linux? The Kali Linux project focuses on security. In most of the introductory literature, you’ll find many references to… Read More»

Read the post here: How to run Kali Linux on Client Hyper-V