Patch Tuesday

Today Microsoft released 2 bulletins addressing 8 vulnerabilities affecting Windows and Microsoft Office products. Both of the bulletins are rated important meaning some users interaction is needed to exploit the vulnerability and allow remote code execution. One thing that this month’s updates have in common is that they both are addressing issues that require some social engineering and there are no network based attack vectors. However neither one is addressing Advisory 981169 the vulnerability in VBScript pertaining to IE. This is where a user visiting a specially crafted webpage will be presented with a popup asking to press the F1 key to become infected.

MS10-016 affects Windows XP SP2, SP3, Vista SP1, SP2 and Windows 7 32 and 64bit versions. It addresses a vulnerability in movie maker versions 2.1 and 6.0 that ships with both in XP and Windows Vista. Version 2.6 is also vulnerable and can be freely downloaded and installed from the web. For users who have version 2.6 installed on a supported versions of Windows including 7, you will be offered the update. However Movie Maker 2.6 is optional on Windows 7 so if you don’t have this installed you are not affected and don’t need the bulletin. For those users who do have it installed, to become infected users would need to open a specially crafted Movie Maker project file.

MS10-016 also affects Microsoft Producer 2003. This is a free download but has what Microsoft calls a “limited distribution” so they are not currently offering an update to resolve the issue.

This seems a little odd to me. I mean no matter how “limited” why would you not want to fix the issue. Not only is it a bug in your software but it leaves users vulnerable and isn’t that what we are trying to prevent? With that said a current workaround is to disassociate the project file type from the application. This isn’t a complete fix but Microsoft says it adds an extra layer of security.

MS10-017 is addressing issues in multiple versions of Microsoft Office for both Windows and Mac. On the Windows platform the versions affected are Office XP, 2003 and 2007 along with supported versions of Excel viewer and SharePoint 2007. The Mac versions affected are 2004, 2008 and open XML file format converter for the Mac. To take advantage of this exploit there will need to be some user interaction by opening a specially crafted file.

As always I suggest downloading and installing the bulletins at your earliest convenience.

Patch Tuesday

Your email address will not be published.



APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox