Tag Archives: SMB

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239098

There were 147 vulnerabilities. Urgent: 1, Critical: 0, High: 36, Medium: 108, Low: 2.

There was a lot of great stuff this Patch Tuesday. There was a critical exploited in the wild MSDT DogWalk vulnerability, 3 critical Exchange vulnerabilities that could be easily missed in prioritization, 13 potentially dangerous vulnerabilities, 2 funny vulnerabilities and 3 mysterious ones. Let’s take a closer look.

Continue reading

Microsoft Patch Tuesday April 2022 and custom CVE comments sources in Vulristics

Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2022 and new improvements in my Vulristics project. I decided to add more comment sources. Because it’s not just Tenable, Qualys, Rapid7 and ZDI make Microsoft Patch Tuesday reviews, but also other security companies and bloggers.

Alternative video link (for Russia): https://vk.com/video-149273431_456239085

You can see them in my automated security news telegram channel avleonovnews after every second Tuesday of the month. So, now you can add any links with CVE comments to Vulristics.

Continue reading

Microsoft Patch Tuesday June 2020: The Bleeding Ghost of SMB

This time, Microsoft addressed 129 vulnerabilities: 11 critical and 118 important. In fact, in the file that I exported from the Microsoft website, I saw 2 more CVEs (CVE-2020-1221, CVE-2020-1328) related to Microsoft Dynamics 365 (on-premises). But there is no information on them on the Microsoft website, in the MITRE CVE database and NVD. Does this mean that these CVE ids were mentioned unintentionally and related to some critical issues? I don’t think so, but this is strange.

This time there were no vulnerabilities with detected exploitation, so let’s start with the group “Exploitation more likely” according to Microsoft.

Continue reading

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies

SMBv3 “Wormable” RCE

Without a doubt, the hottest Microsoft vulnerability in March 2020 is the “Wormable” Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue.

Microsoft Patch Tuesday for March 2020: a new record was set, SMBv3  "Wormable" RCE and updates for February goldies

There was a strange story of how it was disclosed. It seems like Microsoft accidentally mentioned it in their blog. Than they somehow found out that the patch for this vulnerability will not be released in the March Patch Tuesday. So, they removed the reference to this vulnerability from the blogpost as quickly as they could.

But some security experts have seen it. And, of course, after EternalBlue and massive cryptolocker attacks in 2017, each RCE in SMB means “OMG, this is happening again, we need to do something really fast!” So, Microsoft just had to publish an advisory for this vulnerability with the workaround ADV200005 and to release an urgent patch KB4551762.

Continue reading

Petya the Great and why *they* don’t patch vulnerabilities

I really like this. Just imagine. Quiet, routine, everyday Vulnerability Management process in organizations: scanning-patching, scanning-patching, scanning-patching… And then. Suddenly! PEEETYYA!!!

And at very same moment everything changes. People from different companies start to communicate with each other actively, reverse this new malware, share the data, write and share tools for detection and recovery. Security professional is a friend, a brother and a source of useful information for security professional. Real movement! Real community! =)

Petya ransomware

For example, my friends from Vulners.com created pretty popular gist about Petya (petrWrap, notPetya, GoldenEye) and updated in real time for several hours.

Vulners Petya gist

My former colleagues from Positive Technologies released detailed technical review of this ransomware (in Russian) few hours since the outbreak started, at 01:00 am . They also found a local kill switch, and probably were the first one. Simultaneously with Amit Serper from Cybereason.

Continue reading