Microsoft’s Patch Tuesday update has been released and with it comes fixes for six actively exploited Zero Days, and a total of 68 flaws.
Six actively exploited zero days in one cycle is an unusually high number – 12 critical in all.
Whilst each are important patches in their own right, it is interesting to step back and view them as a whole. Windows Mark of the Web (MoTW) vulnerabilities could lead to degradation or bypass of inbuilt Office ‘Protected View’, which could smooth the way for malicious code to be triggered. There is a remote code execution vulnerability in Windows scripting languages, and then we have privileged escalation vulnerabilities. Indications are that some of these could be chained together.
Initial compromise, remote code execution and privilege execution are all unlikely to be on a CISOs Christmas list.
From a prevention perspective – identify, prioritise, and patch. You should also ensure that your Detection and Response capabilities are geared towards these specific CVEs and general tactics.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics