Patch Tuesday Moves to Fend Off Attacks

Thursday, May 11, 2017 @ 04:05 PM gHale


Microsoft released its May Patch Tuesday updates to address 57 vulnerabilities, one of which had links to a Russian hacking group.

The Redmond, WA-based software giant said it worked with two security firms, ESET and FireEye, to patch the vulnerabilities.

RELATED STORIES
Microsoft Malware System Hole Fixed
Hackers Jump on Patched Zero Day
Exploit Attacks Growing, More Effective
Workers Workaround Security Rules: Report

One of the top vulnerabilities fixed was an Office remote code execution (RCE) issue documented in CVE-2017-0261, which the company said has been used by hacking group Turla (also known as Venomous Bear, KRYPTON, and Waterbug). The exploit involved a compromised JavaScript script delivered to unpatched systems and used to deploy additional malware.

Microsoft said the first attacks ended up spotted in late March, but users running the previous updates were protected, emphasizing how important it is to run a fully up-to-date system.

“Today, to fully address the EPS vulnerability and further protect the small number of customers who may choose to continue using the EPS filter, we released an update to address the Encapsulated PostScript vulnerability,” Microsoft said in a blog post.

There was also a second round of attacks spotted in mid-April, but once again customers ended up protected by previous updates, the company said.

This time, the attacks aimed at exploiting an Office RCE vulnerability detailed in CVE-2017-0262 and a Windows privilege escalation documented in CVE-2017-0263. Russian hackers were once again linked with these attacks, and security companies said Fancy Bear is very likely to be involved as well. Fancy Bear, also known as Strontium, has previously been connected to the Russian government.

Attacks aimed at exploiting these two vulnerabilities attempted to deploy malware flagged as Seduploader and GAMEFISH by the two security vendors.

Windows users are recommended to patch their systems as soon as possible, though they should already be protected if the previous March and April updates were installed. Reboots will be required to complete the install of this month’s Patch Tuesday rollout.



Leave a Reply

You must be logged in to post a comment.