Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patches Hacking Team Zero-Days, Other Vulnerabilities

Microsoft has released a total of 14 bulletins as part of the company’s July 2015 security updates. The updates address vulnerabilities in Windows, Office, SQL Server and Internet Explorer, including two zero-day bugs identified by researchers while analyzing the recent Hacking Team leak.

Microsoft has released a total of 14 bulletins as part of the company’s July 2015 security updates. The updates address vulnerabilities in Windows, Office, SQL Server and Internet Explorer, including two zero-day bugs identified by researchers while analyzing the recent Hacking Team leak.

Vulnerabilities found during analysis of Hacking Team leak

One of the zero-day vulnerabilities is a Jscript9 memory corruption vulnerability (CVE-2015-2419) identified by researchers at Vectra Networks. The flaw affects Internet Explorer 11 and it can be exploited to gain complete control of a vulnerable system.

Vectra Networks representatives told SecurityWeek that the flaw does not require chaining with other vulnerabilities, but it’s not easy to exploit.

“It is fairly difficult to exploit in a meaningful way without crashing IE,” said Wade Williamson, Director of Product Marketing at Vectra Networks. “It is definitely doable, but requires some skill.”

Microsoft says it’s aware of limited, targeted attacks that attempt to exploit this vulnerability.

The exploit code for this vulnerability was not developed by Hacking Team. Instead, Vectra researchers discovered the bug after finding an email in which an external researcher offered to sell the exploit to Hacking Team. The Italy-based spyware maker, whose systems were recently breached, had not acquired the exploit, but the leaked emails contained enough information to allow Vectra to find and analyze the bug.

“After approaching Hacking Team, the researcher may have gone elsewhere to sell the bug, and if successful it may have been exploited in the wild,” Vectra noted.

Advertisement. Scroll to continue reading.

Another vulnerability related to the Hacking Team breach is a memory corruption flaw (CVE-2015-2387) in the Adobe Type Manager Font Driver (ATMFD.DLL). The bug, whose existence was brought to light by Trend Micro shortly after the Hacking Team breach was revealed, can be exploited to take complete control of vulnerable systems.

Microsoft says this vulnerability has also been exploited in limited, targeted attacks.

These are not the only vulnerabilities found by experts who analyzed the Hacking Team leak. So far, researchers have uncovered three zero-day bugs in Flash Player, all of which have been patched by Adobe.

Security holes in Internet Explorer, Windows, Office and SQL Server

One of the most serious vulnerabilities patched by Microsoft with the July 2015 bulletins is a remote code execution bug (CVE-2015-2373) affecting the Remote Desktop Protocol (RDP).

“CVE-2015-2373 is the first code execution bug in RDP I can remember since 2012. This is very high impact because many businesses rely on remote desktop protocol and many advanced home users configure remote access for RDP into their home,” Tripwire researcher Craig Young told SecurityWeek. “This should definitely be on the top of everyone’s install list. Although Microsoft describes that code execution is tricky, there are a lot of smart people out there and I’m sure it won’t be long before proof-of-concept code starts floating around.”

Another important security update addresses two vulnerabilities in the Windows Hyper-V hypervisor that can be exploited for remote code execution. The bugs are a buffer overflow (CVE-2015-2361) and an uninitialized memory issue (CVE-2015-2362).

“The Hyper-V vulnerability could be especially painful in shared hosting environments given that privileged users on guest operating systems can run code on the host operating system, potentially compromising the security of all shared hosting,” Tyler Reguly, manager of security research at Tripwire, told SecurityWeek.

Microsoft also released a patch for a remote code execution bug in SQL Server. The patch should have been released last month.

“This issue will be particularly critical for database hosting providers allowing users access to create and manipulate database schema in a shared environment. Successful exploitation of this flaw would allow the attacker complete access to the SQL Server by leveraging a very specific edge case,” Young explained.

Microsoft has also resolved various Internet Explorer vulnerabilities, remote code execution bugs in Office, and privilege escalation issues in Netlogon, the Windows graphics component, the Windows kernel-mode driver, and the Windows installer.

Microsoft Security Essentials no longer available for Windows XP

Starting today, Microsoft Security Essentials is no longer available for Windows XP, an operating system for which support ended on April 2014. Despite reaching end of life, Windows XP still has a market share of roughly 12 percent.

“By making these antimalware tools obsolete for lack of support and updates, Windows XP users will become more susceptible to persistent malware attacks,” Heimdal Security explained in a blog post. “Starting today, Windows XP systems won’t be provided with updates antimalware signatures that are used to find and remove known malware families.”

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.