Synopsis
March 2017 Patch Tuesday updates from Microsoft, it has fixed several security flaws. Security experts from trendmicro and proofpoint revealed the list of fixed vulnerabilities includes three flaws that had been exploited in the wild since last summer. One of the vulnerabilities, is an XML Core Services information disclosure vulnerability, tracked as CVE-2017-0022 that can be exploited by attackers by tricking victims into clicking on a specially crafted link.
Vulnerability And Impact
Security researchers from Trend Micro and ProofPoint have conducted a joint investigation were the flaw was discovered and even it was reported to vendor (Microsoft) in September 2016. Specially-crafted website to invoke MSXML through Internet Explorer which allows the attacker to exploit this vulnerability. It is tough for the attacker to lure the user to click and visit this specially-crafted website. Mostly attacker will convince the user to click the link by convincing messages in the mail or messenger.
AdGholas malvertising campaign widely used this vulnerability and also integrated it with Neutrino exploit kit. (If you want to know more about information about AdGholas hackers, please refer our article: http://www.edison-newworld.com/2017/03/adgholas-malvertising-campaign.html).
This vulnerability is listed in CVE as CVE-2017-0022: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022
Description given by cve mitre: "Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."
Affected Products
Conclusion
Patches are available for this vulnerability and need to update those patches. There is no workarounds available for this vulnerability from Microsoft.
Post created by
newWorld
March 2017 Patch Tuesday updates from Microsoft, it has fixed several security flaws. Security experts from trendmicro and proofpoint revealed the list of fixed vulnerabilities includes three flaws that had been exploited in the wild since last summer. One of the vulnerabilities, is an XML Core Services information disclosure vulnerability, tracked as CVE-2017-0022 that can be exploited by attackers by tricking victims into clicking on a specially crafted link.
Vulnerability And Impact
Security researchers from Trend Micro and ProofPoint have conducted a joint investigation were the flaw was discovered and even it was reported to vendor (Microsoft) in September 2016. Specially-crafted website to invoke MSXML through Internet Explorer which allows the attacker to exploit this vulnerability. It is tough for the attacker to lure the user to click and visit this specially-crafted website. Mostly attacker will convince the user to click the link by convincing messages in the mail or messenger.
AdGholas malvertising campaign widely used this vulnerability and also integrated it with Neutrino exploit kit. (If you want to know more about information about AdGholas hackers, please refer our article: http://www.edison-newworld.com/2017/03/adgholas-malvertising-campaign.html).
This vulnerability is listed in CVE as CVE-2017-0022: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0022
Description given by cve mitre: "Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."
Affected Products
| Product | Platform |
| Microsoft XML Core Services 3.0 | Windows 7 for x64-based Systems Service Pack 1 |
| Microsoft XML Core Services 3.0 | Windows 10 Version 1607 for x64-based Systems |
| Microsoft XML Core Services 3.0 | Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
| Microsoft XML Core Services 3.0 | Windows 8.1 for x64-based systems |
| Microsoft XML Core Services 3.0 | Windows 10 Version 1511 for x64-based Systems |
| Microsoft XML Core Services 3.0 | Windows Server 2008 for 32-bit Systems Service Pack 2 |
| Microsoft XML Core Services 3.0 | Windows 7 for 32-bit Systems Service Pack 1 |
| Microsoft XML Core Services 3.0 | Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
| Microsoft XML Core Services 3.0 | Windows 8.1 for 32-bit systems |
| Microsoft XML Core Services 3.0 | Windows 10 for 32-bit Systems |
| Microsoft XML Core Services 3.0 | Windows Vista x64 Edition Service Pack 2 |
| Microsoft XML Core Services 3.0 | Windows Server 2012 R2 (Server Core installation) |
| Microsoft XML Core Services 3.0 | Windows Server 2012 (Server Core installation) |
| Microsoft XML Core Services 3.0 | Windows Server 2008 for x64-based Systems Service Pack 2 |
| Microsoft XML Core Services 3.0 | Windows Server 2012 |
| Microsoft XML Core Services 3.0 | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
| Microsoft XML Core Services 3.0 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
| Microsoft XML Core Services 3.0 | Windows RT 8.1 |
| Microsoft XML Core Services 3.0 | Windows Vista Service Pack 2 |
| Microsoft XML Core Services 3.0 | Windows 10 for x64-based Systems |
| Microsoft XML Core Services 3.0 | Windows 10 Version 1511 for 32-bit Systems |
| Microsoft XML Core Services 3.0 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
| Microsoft XML Core Services 3.0 | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
| Microsoft XML Core Services 3.0 | Windows Server 2012 R2 |
| Microsoft XML Core Services 3.0 | Windows 10 Version 1607 for 32-bit Systems |
| Microsoft XML Core Services 3.0 | Windows Server 2016 (Server Core installation) |
| Microsoft XML Core Services 3.0 | Windows Server 2016 |
Conclusion
Patches are available for this vulnerability and need to update those patches. There is no workarounds available for this vulnerability from Microsoft.
Post created by
newWorld
No comments:
Post a Comment