Microsoft Mitigates 4 Zero Days

Friday, October 14, 2016 @ 04:10 PM gHale

The second Tuesday of the month means patch day and this time around Microsoft patched four Zero Day vulnerabilities.

These four Zero Days affect Microsoft products such as Internet Explorer, Edge’s scripting engine, the Windows Graphics Component, and Office.

Backdoor Hits WTP
Security Forces Windows Journal Exit
Microsoft Issues Monthly Patches
Way to Bypass Windows UAC

All vulnerabilities ended up exploited, said Microsoft officials.

CVE-2016-3298 is an information disclosure bug discovered in Internet Explorer by Proofpoint.

This Zero Day was part of a massive malvertising campaign called AdGholas and was used to “fingerprint” users. Fingerprinting occurs via an automated script used to detect the details of a user’s local OS setup in order to deliver the best exploits.

“An attacker who successfully exploited this vulnerability could test for the presence of files on disk,” said Microsoft, which also said attackers had to convince users to access a malicious website which then took advantage of the way the Microsoft Internet Messaging API handles objects in memory.

Microsoft patched this vulnerability in two security bulletins, MS16-118 and MS16-126.

CVE-2016-7189 is a remote code execution (RCE) bug in Microsoft Edge’s scripting engine, which allows attackers to “obtain information to further compromise the user’s system.”

An attacker would need to convince a user to access a malicious website, and then perform an action, such as clicking on a link.

CVE-2016-3393 is a Zero Day with RCE capabilities, which affects the Windows GDI (Graphics) Component.

Microsoft said an attacker could exploit the vulnerability via a remote web-based attack or a malicious file executed on the local system.

CVE-2016-7193 is a memory corruption flaw in Microsoft Office, which also allows attackers to execute malicious code on targeted computers.

Microsoft said the flaw is exploitable via malicious RTF files.