Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


CVE-2017-0016, CVE-2017-0037, CVE-2017-0038 – What Are the Mitigations?

CVE-2017-0016, CVE-2017-0037, CVE-2017-0038 are three recently uncovered Microsoft vulnerabilities that bring to light once again the employment of Intrusion prevention system protection (IPS), as pointed out by TrendMicro researchers. IPS, also known as Virtual Patching, helps protect against vulnerabilities even in cases where patched have not been released yet. The three Microsoft flaws were located in the following components: Core SMB service, Internet Explorer and Edge browsers, and the Graphics Device Interface.

What Is Virtual Patching (IPS)?

As explained by TechTarget , virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from happening as a consequence of a newly found security bug.

A virtual patch is sometimes dubbed a Web application firewall (WAF). More importantly, a virtual patch guards the mission-critical components that must remain online. This way important operations will not be intercepted as it happens when a conventional patch is applied in an emergency situation.

Related: ESET CVE-2016-9892 Flaw Exposes Macs to Remote Code Execution

TrendMicro researchers underline the importance of virtual patching as a way of mitigation against CVE-2017-0016, CVE-2017-0037, CVE-2017-0038 in the absence of patches.


CVE-2017-0016: A Closer Look

The flaw is a memory corruption one and is located in the way Windows handles SMB traffic. For an attack to happen the system should be connected to a malicious SMB server that servers packets causing the computer to crash. Proof-of-concept exploit code has already been done for this one, and it’s publicly available.

Fortunately, the flaw doesn’t allow remote code execution and can only lead to a denial of service attack. In terms of mitigation, TrendMicro researchers advise the following:

– Limit outgoing access on ports 139 and 445.
– Deploy IPS protection.


CVE-2017-0037: In Detail

This flaw is a type confusion flaw in Internet Explorer and Edge browsers. For the flaw to be exploited, the attacker would need to make the user go to a malicious web link typically sent via email or chat, or embedded in documents.
The outcome of an CVE-2017-0037 exploit is arbitrary code execution with the same privileges as the logged-in user.

Related: 15,000 Vulnerabilities Catalogued in 2016, CVE Flaws Exceeded

Researchers advise the following for mitigation purposes:

– Deploy IPS protection
– Email filtering for phishing attacks
– Web Reputation to block hosted scripts
– Reduce accounts with administrator rights to reduce risk


CVE-2017-0038: In Detail

This is a flaw in the Graphics Device Interface component of Windows OS. An attacker would need to lure the user to render a font or an image which could be embedded in a document. This could happen via email where a malicious attachment is served, or through file-sharing services.

The outcome of a successful exploit here is disclosure of memory usually ending with leak of sensitive information. Available mitigations include:

– Deploy IPS protection.
– Educate employees to not open attachments, and to open links only from trusted sources.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.