October 2019 Threat Intelligence (CRITICAL ALERT)
This month, Microsoft have patched 59 vulnerabilities; only 9 of which are ranked critical. Making this months Patch Tuesday the lightest we've had in a long time.
For over a year, Microsoft have been patching actively exploited zero-days and more than 80/90 vulnerabilities each month. But this month, there were no zero-days and just 9 bugs that received a critical rating.
Bulky updates in the past often lead to patching messing up Windows features and user systems so this should reduce the chances of that happening.
Full information on this months patches can be found here:
Two NTLM Authentication vulnerabilities FIXED
Two NTLM authentication vulnerabilities were discovered by the security firm, Preempt. These were fixed today bypassing protections put in place by Microsoft to prevent NTLM relay attacks.
These vulnerabilities were assigned CVE IDs CVE 2019-1166 and CVE-2019-1338 and allow attackers to bypass the MIC (Message Integrity Code) protection on NTLM authentication. CVE-2019-1338 also enables attackers to bypass other NTLM relay mitigations.
Preempt have stated that these are extremely serious vulnerabilities as they could allow attackers to compromise an entire domain through relay attacks.
Other intriguing vulnerabilities
- Two remote code execution bugs were foundin the VBScript enigne and one in the RDC (Remote Desktop Client).
- The VBScript vulnerabilities (CVE-2019-1238 and CVE-2019-1239) could be used in malicious office documents sent as an attachment to trigger the vulnerability in Internet Explorer
- The Remote Desktop client RCE is assigned ID CVE-2019-1333 and allows a malicious server to execute commands on a client when they connect via RDP.
Patching is important...
Security vulnerabilities are the 'low hanging fruit' for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or at least your data before you apply any updates.
Customers are advised to follow these security tips:
- Install vendor patches immediately when available.
- Run all software with least privileges while still maintaining functionality.
- Do not handle files from questionable sources.
- Avoid visiting sites with unknown integrity.
- Block external access at the network perimeter to all key systems unless access is necessary.
- Real life cyber crime video - Phishing affects healthcare provider
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- Cyber security risks: What comes first?
- A buyers guide to patch management software
- Types of penetration test - what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.