Microsoft issued its monthly Patch Tuesday update, with nearly half of its 14 security bulletins addressing vulnerabilities in its newest operating system, Windows 10. Two of the four “critical” vulnerabilities impact Windows, while one primarily affects the company’s Office offerings.Security experts at Tripwire think of the severity of this month’s Patch Tuesday update.
Craig Young, Security Researcher at Tripwire :
“August’s Patch Tuesday releases are full of scary sounding bulletins like ‘Vulnerability in Mount Manager Could Allow Elevation of Privilege’ and ‘Vulnerabilities in RDP Could Allow Remote Code Execution,’ but when reviewing the details it becomes clear that they are nowhere near as serious as they might sound.
The Mount Manager vulnerability allows someone at the terminal of a computer to use a maliciously designed symbolic link to write files into otherwise protected directories. This can be used by a physically local attacker to perform DLL or binary hijacking attacks in order to get code executing with system permissions, but it does not appear to offer an attack vector for a system to be automatically compromised when mounting the USB stick. Also, it does not appear that an attacker could use this vulnerability to gain permissions on a locked system since there is no automatic code execution.
The ‘remote’ execution flaws described in MS15-082 are only possible if the attacker already has access to get a DLL file loaded into the victim’s current working directory and then loads a .RDP file. While this could certainly be exploited in the wild, it will require some level of user interaction for a successful attack. That being said, this vulnerability could easily be exploited when combined with a little social engineering. An example attack scenario might include a phishing/spam email including an attached ZIP of a malicious DLL and RDP file. If the victim were to extract the files to a directory and then load the RDP file it could trigger the attacker’s code.”
Tyler Reguly, Manager of Security Research at Tripwire :
“This Patch Tuesday is a month of firsts, more than people may initially realize. This is the first Patch Tuesday: without Windows Server 2003, with a Windows 10 patch as previous patches were included in re-releases, with a Windows System Center 2012 Operations Manager bulletin and with Edge updates.
A number of the month’s bulletins make mention of man-in-the-middle. This serves as an important reminder that you’re only as secure as your end-to-end traffic. Securing your traffic on the wire with adequate encryption is an important step in good security hygiene.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.