Posts tagged Microsoft

3 min Metasploit

Exploiting Macros via Email with Metasploit Pro Social Engineering

Currently, phishing is seen as one of the largest infiltration points for businesses around the globe, but there is more to social engineering than just phishing. Attackers may use email and USB keys to deliver malicious files to users in the hopes of gaining access to an organization's network. Users that are likely unaware that unsolicited files, such as a Microsoft Word document with a macro, may be malicious and can be a major risk to an organization. Metasploit Pro [https://www.rapid7.com/
4 min Microsoft

Attacking Microsoft Office - OpenOffice with Metasploit Macro Exploits

It is fair to say that Microsoft Office and OpenOffice are some of the most popular applications in the world. We use them for writing papers, making slides for presentations, analyzing sales or financial data, and more. This software is so important to businesses that, even in developing countries, workers that are proficient in an Office suite can make a decent living based on this skill alone. Unfortunately, high popularity for software also means more high-value targets in the eyes of an

0 min Microsoft

February 2017 Patch Tuesday: Delayed

Earlier today Microsoft announced [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/] that they will be delaying this month's security updates due to finding a last-minute issue that could "impact some customers." This may be due to a glitch in their new process [/2017/02/06/a-reminder-about-upcoming-microsoft-vulnerability-content-changes] that they were not able to iron out in time for today's planned release. We will be keeping an eye out for any up
3 min Nexpose

Patch Tuesday, November 2016

November [https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx] continues a long running trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE), closely followed by elevation of privilege (6) and security feature bypass (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and

2 min Nexpose

Patch Tuesday, October 2016

October [https://technet.microsoft.com/library/security/ms16-oct] continues a long running trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by elevation of privilege (3) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps, Sharepoint as
2 min Nexpose

Patch Tuesday, July 2016

July [https://technet.microsoft.com/en-us/library/security/ms16-jul.aspx] continues an on-going trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by information disclosure (2), security feature bypass (2) and elevation of privilege (1). All of this month's 'critical' bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Microsoft Office, Office Services

2 min Microsoft

On Badlock for Samba (CVE-2016-2118) and Windows (CVE-2016-0128)

Today is Badlock Day You may recall that the folks over at badlock.org [http://badlock.org/] stated about 20 days ago that April 12 would see patches for "Badlock," a serious vulnerability in the SMB/CIFS protocol that affects both Microsoft Windows and any server running Samba, an open source workalike for SMB/CIFS services. We talked about it back in our Getting Ahead of Badlock [/2016/03/30/getting-ahead-of-badlock] post, and hopefully, IT administrators have taken advantage of the pre-releas
2 min Nexpose

Update Tuesday, November 2015

November sees a mix of remote code execution and elevation of privilege vulnerabilities enabling an attacker to gain the same rights as the user when the victim opens specially crafted content, such as a webpage, journal file or document containing embedded fonts. These vulnerabilities affect Internet Explorer (7 and onwards), Edge, and Windows (Vista and onwards).  It is advisable for users and administrators to patch the affected platforms. Microsoft includes 12 security bulletins, a third of
4 min Metasploit

New Metasploit Tools to Collect Microsoft Patches

Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate. The same process is also used to find the range of builds affected by a vulnerability, which tends to be useful to predict the value of the exploit, improving target coverage and reliability. Going through Microsoft patches is no easy task, tho
4 min Microsoft

Microsoft Attack Surface Analyzer (ASA): It's for defenders too!

Attack Surface Analyzer [http://www.microsoft.com/en-us/download/details.aspx?id=24487], a tool made by Microsoft and recommended in their Security Development Lifecycle Design Phase [http://www.microsoft.com/en-us/sdl/default.aspx], is meant primarily for software developers to understand the additional attack surface [https://www.rapid7.com/fundamentals/attack-surface/] their products add to Windows systems. As defenders, this tool can be very useful. The tool is meant to identify changes on
2 min Microsoft

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 [https://technet.microsoft.com/en-us/library/security/ms15-011] and MS15-014 [https://technet.microsoft.com/en-us/library/security/ms15-014] – require a closer look, both because of the severity of the vulnerabilities that they address and the changes Mi
2 min Microsoft

Patch Tuesday, January 2015 - Dawn of a new era

Microsoft's January 2015 patch Tuesday marks the start of a new era.  It seems that Microsoft's trend towards openness in security has reversed and the company that was formerly doing so much right, is taking a less open stance with patch information.  It is extremely hard to see how this benefits anyone, other than, maybe who is responsible for support revenue targets for Microsoft. What this means is that the world at large is getting their first look at understandable information about this

2 min Microsoft

Patch Tuesday - December 2014

December's advanced Patch Tuesday brings us seven advisories, three of which are listed as Critical.  Depending on how you want to count it, we see a total of 24 or 25 CVEs because one of the Internet Explorer CVEs in MS14-080 overlaps with the VBScript CVE in MS14-084. Of the critical issues, MS14-080 has the broadest scope, with 14 CVEs.  None of which are publically disclosed or known to be under active exploit.  The shared CVE with MS14-084 presents a patching and detection challenge becaus
2 min Microsoft

October Patch Tuesday + Sandworm

Microsoft is back in fine form this month with eight upcoming advisories affecting Internet Explorer, the entire Microsoft range of supported operating systems, plus Office, Sharepoint Server and a very specific add on module to their development tools called “ASP .NET MVC”.  Originally nine advisories were listed in the advance notice, but one of the vulnerabilities affecting Office and the Japanese language IME was dropped for reasons unknown (the dropped advisory was bulletin #4 in the advanc
2 min Microsoft

Patch Tuesday - September 2014

It's a light round of Microsoft Patching this month.  Only four advisories, of which only one is critical.  The sole critical issue this month is the expected Internet Explorer roll up affecting all supported (and likely some unsupported) versions.  This IE roll up addresses 36 privately disclosed Remote Code Execution issues and 1 publically disclosed Information Disclosure issue which is under limited attack in the wild. This will be the top patching priority for this month. Of the three no

Popular Topics

Tags