Casa > cibernético Notícias > December 2017 patch Tuesday: CVE-2017-11937, CVE-2017-11940
CYBER NEWS

dezembro 2017 patch Tuesday: CVE-2017-11937, CVE-2017-11940

o final Microsoft’s Patch Tuesday for 2017 há pouco rolou. Mesmo que este não é o pior lote de atualizações lançadas ao longo do ano, ainda existem várias vulnerabilidades notáveis ​​que foram abordados e que precisam de nossa atenção. Such flaws are CVE-2017-11937 e CVE-2017-11940 – remote code execution vulnerabilities found in the MMPE, MS Malware Protection Engine.

The flaws can lead to memory corruption as the engine would fail to scan certain files correctly. These flaws can be exploited by malicious actors if crafted files are deployed to leverage the bugs, which could inevitably lead to the system being compromised. A clarification has to be made. The patches for these flaws were available as separate updates and were included in the Patch Tuesday batch afterwards.

Story relacionado: do Google mais recente atualização corrige Segurança Android 47 vulnerabilidades

CVE-2017-11937 Official Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, janelas 8.1, Windows RT 8.1, janelas 10 Ouro, 1511, 1607, e 1703, 1709 e Windows Server 2016, Windows Server, versão 1709, Microsoft Exchange Server 2013 e 2016, does not properly scan a specially crafted file leading to remote code execution. aka “Microsoft Malware Protection Engine Remote Code Execution Vulnerability”.

CVE-2017-11940 Official Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, janelas 8.1, Windows RT 8.1, janelas 10 Ouro, 1511, 1607, e 1703, 1709 e Windows Server 2016, Windows Server, versão 1709, Microsoft Exchange Server 2013 e 2016, does not properly scan a specially crafted file leading to remote code execution. aka “Microsoft Malware Protection Engine Remote Code Execution Vulnerability”. This is different than CVE-2017-11937.

dezembro 2017 patch Tuesday

The last batch of updates for this year addressed a total of 12 critical vulnerabilities, e 10 importante. Here is a short resume of some of the more notable of these flaws, in addition to the MMPE bugs. The definitions are taken from MITRE’s database:

CVE-2017-11899

Device Guard in Windows 10 1511, 1607, 1703 e 1709, Windows Server 2016 e Windows Server, versão 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka “Microsoft Windows Security Feature Bypass Vulnerability”.

CVE-2017-11927

janelas 7 SP1, janelas 8.1 and RT 8.1, Windows Server 2008 SP2 e R2 SP1, Windows Server 2012 e R2, janelas 10 Ouro, 1511, 1607, 1703 e 1709, Windows Server 2016 e Windows Server, versão 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka “Microsoft Windows Information Disclosure Vulnerability”.

Story relacionado: CVE-2017-15908: Bug systemd Coloca Linux em risco de ataques de negação de serviço

CVE-2017-11885

janelas 7 SP1, janelas 8.1 and RT 8.1, Windows Server 2008 SP2 e R2 SP1, Windows Server 2012 e R2, janelas 10 Ouro, 1511, 1607, 1703 e 1709, Windows Server 2016 e Windows Server, versão 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka “Windows RRAS Service Remote Code Execution Vulnerability”.

A Flaw in Microsoft Office 365 Also Just Found

One more vulnerability was also just disclosed by Preempt researchers who came across a flaw in Microsoft Office 365 when integrated with on-premises Active Directory Domain Services via the Azure AD Connect software. The flaw would needlessly grant users elevated admin privileges turning them into admins in stealth mode.

Most Active Directory audit systems easily alert on excessive privileges, but will often miss users who have elevated domain privileges indirectly through domain discretionary access control list (DACL) configuração,” Preemt researchers explained.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...