This month’s Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.

This month’s Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.

Microsoft released updates for products including, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, Microsoft Office Services, Web Apps, Internet Explorer, Microsoft Edge, Microsoft Windows, and Microsoft Exchange Server.

One of the most significant patches was a vulnerability in Microsoft’s Credential Security Support Provider protocol (CredSSP) which could allow a hacker to gain control of a domain server and other systems in the network. 

The vulnerability affects all Windows versions to date (starting with Windows Vista) and Preempt researchers found that an attacker could exploit the flaw in a man-in-the-middle attack that would allow them to abuse the protocol and remotely run code on the compromised server on behalf of a user.

“This vulnerability is a big deal, and while no attacks have been detected in the wild, there are a few real-world situations where attacks can occur,” said Roman Blachman, CTO and co-founder at Preempt in a 13 March press release. “Ensuring that your workstations are patched is the logical, first step to preventing this threat.”  

Nathan Wenzler, chief security strategist at AsTech called the vulnerability an example of how dangerous it can be to rely on security or administration tools without locking them down with hardened configurations.

“RDP is a widely used tool, but, as this exploit shows, a Man-in-the-Middle attack makes the use of this tool especially dangerous if the user is logging in with an administrator credential of any sort,” Wenzler said. “Of course, Microsoft has an obligation to ensure the vulnerability is fixed, which they’re doing, but it’s imperative that admins and security practitioners are doing more to reduce the amount of privileged access their administrators possess, that tools such as RDP are disabled if they’re not being used, and doing whatever else they can to limit the amount of administrator-level exposure that an attacker might be able to compromise anywhere along the chain and then use to wreak havoc on the rest of the network.”

Wenzler added that its organisations need to make system hardening and secure configuration a requirement for their systems and network administration staff, instead of merely relying on patches and hotfixes to keep their environment secure.

Microsoft also patched a remote code execution flaw in Windows Shell that requires the user to download and open a malicious file in order to exploit it along with Meltdown and Spectre patches covering 32-bit versions of Windows 7 and 8.1, as well as Server 2008 and 2012.

This article originally appeared at scmagazineuk.com



Source link

NO COMMENTS

LEAVE A REPLY