Software

Microsoft Security Updates October 2015

Microsoft releases six Security Bulletins today, three of them “critical” remote code execution, to fix almost thirty CVE-enumerated vulnerabilities. None of them are known to be publicly exploited, and only a couple are known to be publicly discussed. So, this round yet again demonstrates Microsoft’s continued commitment to proactive security software maintenance. A dozen of these CVE were reported by researchers working with HP’s Zero Day initiative, and a kernel memory corruption vulnerability credited to md5 “dbc282f4f2f7d2466fa0078bf8034d99”.

Patches go out this month for vulnerable Microsoft software that could be used as an attack vector:

  • Internet Explorer
  • Windows system components
    • VBScript and JScript engines through Internet Explorer
    • VBScript and JScript engines through embedded ActiveX objects opened in Microsoft Office documents
  • Microsoft Edge
  • Windows “Shell” (related to Toolbar processing) on standard Windows workstations and laptops, and tablets
  • Microsoft Excel (for Windows and Mac)
  • Microsoft SharePoint
  • Office Web Apps
  • Excel Viewer
  • Microsoft Office Compatibility Pack
  • Windows Boot Configuration Data (BCD) parser effecting Windows Vista and all more recent OS
  • Windows File System Components

While the urgency does not seem to be quite as high as past months, please update your Microsoft software asap.

As of today, HP’s Zero Day initiative maintains over 300 upcoming advisories. Of course, the usual suspects are in there like Adobe, Apple, Oracle, and Microsoft, but it’s most interesting that the bulk of them are unrelated to these names. Microsoft is not at the top of the list, regardless of the prevalence and complexity of their software. Instead, upcoming serious advisories mostly cover bugs in IoT, embedded, SCADA and ICS related software from Advantech, Tibbo, Schneider Electric, Proface, Unitronics, and Ecava.

Microsoft Security Updates October 2015

Your email address will not be published. Required fields are marked *

 

  1. Edward Dydo

    Is Microsoft update KB3000850 safe to download? See many comments online that there are problems.

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox