Light Patch Tuesday Offers Little Relief in Wake of Nasty Malware

Microsoft released just six October Patch Tuesday updates, quite possibly the smallest number of the year so far. However, it’s still wise for IT managers to plan their repair strategies carefully since there are far more important issues than just Microsoft updates to worry about. This latest release consists of three critical and three important patch bulletins and resolves a total of 33 individual vulnerabilities.

The usual suspects – Windows, Internet Explorer, Office and Edge – make up the list of offenders. 

More urgently, the Dridex P2P malware poses a significant threat to Windows, according to the United States Department of Homeland Security and the FBI. It targets the banking industry and is designed to steal bank credentials on unpatched systems, so those supporting financial institutions take note.

It’s alarming how this malware impacts the Microsoft Office suite. Dridex is capable of stealing credentials, bank details and email addresses. Infection can be caused by simply opening an email attachment. To be on the safe side, encourage IT security administrators at customer sites to remind their staff to send all unsolicited emails to the trash.

In addition to the Microsoft updates, be on the lookout for the latest updates for Google and Adobe products. They are resolving more than 90 combined vulnerabilities, almost beating Microsoft by triple this month. Pay close attention to APSB15-24, which is an update for Adobe Acrobat and Adobe Reader. Note that it has been documented as resolving a whopping 55 vulnerabilities.

The most important update in this release is MS15-106 because of the active exploits being reported. Consider the following updates this month as a priority:

MS15-106 (Vulnerability Type: Remote Code Execution, Vendor Severity: Critical)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-108 (Vulnerability Type: Remote Code Execution, Vendor Severity: Critical)

This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website.

An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user and, if the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.

MS15-109 (Vulnerability Type: Remote Code Execution, Vendor Severity: Critical)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows, or an attacker convinces a user to view specially crafted content online.

MS15-110 (Vulnerability Type: Remote Code Execution, Vendor Severity: Important)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-111 (Vulnerability Type: Elevation of Privilege, Vendor Severity: Important)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS15-107 (Vulnerability Type: Information Disclosure, Vendor Severity: Important)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using this browser. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Robert Brown is director of services at Verismic Software, Inc. During his 10+ years with the brand, his role has evolved from onsite technical consultant through to his current role. Robert’s approach to deployment of services, continuous review of process efficiency and putting the customer’s experience at the forefront has led to the establishment of one of the most capable technical teams in the UK who support Verismic’s award-winning Cloud Management Suite.