LASER_oneXM

Level 36
Verified
Moments ago, Microsoft published the September 2017 Patch Tuesday, and this month the OS maker fixed 82 security bugs.

Among the patches, there is one zero-day vulnerability exploited in the wild and three bugs whose details became public but have yet to be exploited in attacks.

Zero-day attacks using .NET Framework flaw
The zero-day is tracked under the identifier of CVE-2017-8759 and is a remote code execution vulnerability that affects the .NET Framework.

"An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system," Microsoft said today. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Two FireEye researchers discovered this flaw and reported the issue privately to Microsoft. According to FireEye, a threat actor used the zero-day to deliver the FinFisher (FINSPY or WingBird) spyware to Russian-speaking individuals in July 2017.

Three public disclosures don't lead to attacks
In addition, details about three other flaws became public, but no attacker had used this information to attack Windows users.

These three flaws are CVE-2017-9417 (RCE that affects the HoloLens Broadcom chipset), CVE-2017-8746 (Device Guard bypass that allows attackers to inject malicious code in PowerShell sessions), and CVE-2017-8723 (CSP bypass in Microsoft Edge).

The CSP bypass in Microsoft Edge is different from the CSP bypass that came to light last week, discovered by Cisco Talos, and which Microsoft said it does not intend to fix.
 
Top