by CIRT Team
CVE-2017-8585 .NET Denial of Service Vulnerability
Description: Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. Impact: Denial of Service Vulnerability Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8585 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8585
by CIRT Team
Microsoft Windows Explorer CVE-2017-8463 Remote Code Execution Vulnerability
Description: Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka “Windows Explorer Remote Code Execution Vulnerability”. Impact: Attackers can...
Read More
by CIRT Team
Microsoft Windows CVE-2017-8563 Remote Privilege Escalation Vulnerability
Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka “Windows Elevation of Privilege Vulnerability”. Impact: An attackers...
Read More
by CIRT Team
Microsoft’s July Patch Tuesday Fixes 55 Security Issues [bleepingcomputer]
Microsoft has released updates on 12 July 2017, for the Windows 10 operating system, as well as for other of the company’s products, updates that fix 55 security issues ranging from remote code execution to simple spoofing attacks.
by CIRT Team
NTLM Relay Attacks Still Causing Problems in 2017 [bleepingcomputer]
Microsoft’s July 2017 Patch Tuesday includes a fix for an issue with the NT LAN Manager (NTLM) Authentication Protocol that can be exploited to allow attackers to create admin accounts on a local network’s domain controller (DC).
by CIRT Team
Attack on Critical Infrastructure Leverages Template Injection [talosintelligence]
Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In...
Read More
by CIRT Team
Calling Artificial Intelligence to Counter Ransomware Attacks [securityaffairs]
The progression in Artificial Intelligence have incited intense debate worldwide, some experts are calling AI to counter malware attacks In a short span of six weeks, the world was hit twice by major ransomware attacks — malicious software that seizes the data stored on your computer systems and would only release it to you upon receiving ransom money.
by CIRT Team
Dirty COW (CVE-2016-5195) Vulnerability in Huawei Products
Description: Some Huawei products as listed below : FusionCompute V100R003C10SPC600 V100R005C00 V100R005C10 V100R005C10U1_B1075917 LogCenter V100R001C10 RH2288 V2 V100R002C00 eLog V200R003C10 V200R003C20 eSight V300R003C20 V300R005C00SPC200 (for full list, be advised to visit specific vendor listed URLs given below) The above listed versions are vulnerable for Dirty COW (CVE-2016-5195) exploit. Impact: An attacker can exploit this vulnerability to escalate the privilege levels to obtain administrator privilege. Mitigation:...
Read More
by CIRT Team
Huawei AR3200 Routers CVE-2016-6206 Remote Code Execution Vulnerability
Description: Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Mitigation: Updates are available. Please check specific vendor advisory for more information....
Read More
by CIRT Team
Multiple Huawei CloudEngine Products CVE-2016-8790 Buffer Overflow Vulnerability
Description: Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. Impact: An attacker can exploit this issue to...
Read More
