Tag Archives: RDP

Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint

I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July I spent my free time mostly on coding. And I would like to talk more about this.

Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint

Vulristics

I decided to release my Microsoft Patch Tuesday reporting tool as part of a larger open source project (github). I named it Vulristics (from “Vulnerability” and “Heuristics”). I want this to be an extensible framework for analyzing publicly available information about vulnerabilities.

Let’s say we have a vulnerability ID (CVE ID) and we need to decide whether it is really critical or not. We will probably go to some vulnerability databases (NVD, CVE page on the Microsoft website, Vulners.com, etc.) and somehow analyze the descriptions and parameters. Right? Such analysis can be quite complex and not so obvious. My idea is to formalize it and make it shareable. It may not be the most efficient way to process data, but it should reflect real human experience, the things that real vulnerability analysts do. This is the main goal.

Continue reading

Microsoft Patch Tuesday February 2020

IMHO, these are the two most interesting vulnerabilities in a recent Microsoft Patch Tuesday February 2020:

  • Mysterious Windows RCE CVE-2020-0662. “To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.” Without needing to directly log in to the affected device!
  • Microsoft Exchange server seizure CVE-2020-0688. By sending a malicious email message the attacker can run commands on a vulnerable Exchange server as the system user (and monitor email communications). “the attacker could completely take control of an Exchange server through a single e-mail”.

There were also RCEs in Remote Desktop (Client and Service), a third attempt to fix RCEs in Internet Explorer, Elevation of Privilege, etc. But all this stuff we see in almost every Patch Tuesday and without fully functional exploits it’s not really interesting. 🙂

Read the full reviews in Tenable and Zero Day Initiative blogs.