Critical Print Spooler Bug allows Attackers to Hack any version of Microsoft Windows via print server
Microsoft's July Patch Tuesday offers 11 security bulletins with six rated critical resolving almost 50 security holes in its software.
The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism.
The "critical" flaw (CVE-2016-3238) actually resides in the way Windows handles printer driver installations as well as the way end users connect to printers.
The flaw could allow an attacker to install malware remotely on victim machine that can be used to view, modify or delete data, or create new accounts with full user rights
Users who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users.
Microsoft said the critical flaw could be exploited to allow remote code execution if an attacker can conduct a man-in-the-middle (MiTM) attack on a system or print server or set up a rogue print server on a target network.
The critical flaw was discovered and reported by the researchers at security firm Vectra Networks, who disclosed some details on the vulnerability, but didn't publish their proof-of-concept (POC) code.
You can watch the video that shows the hack in action:
If the printer is behind a firewall, attackers can even hack other device or computer on that particular network, and then use it to host their malicious files.
This flaw (CVE-2016-3238) is by far the most dangerous vulnerability of the year, which is easy to execute, provides different ways of launch attacks, and affects a huge number of users.
A second related vulnerability, CVE-2016-3239, in MS16-087 bulletin is a privilege escalation flaw that could allow attackers to write to the file system.
A security bulletin for Microsoft Office, MS16-088, includes patches for seven remote code execution (RCE) vulnerabilities, 6 of them are memory corruption flaws, which affects Microsoft Office, SharePoint Server as well as Office Web Apps.
The flaws can be exploited by specially crafted Office files, allowing attackers to run arbitrary code with same privileges as the logged in user.
Bulletin MS16-084 addresses flaws in Internet Explorer and MS16-085 in Microsoft Edge. The IE flaws include RCE, privilege escalation, information disclosure and security bypass bugs.
Edge flaws include a handful of RCE and memory corruption flaws in the Chakra JavaScript engine, as well as an ASLR bypass, information disclosure, browser memory corruption, and spoofing bugs.
Bulletin MS16-086 addresses a vulnerability in the JScript and VBScript engines in Windows, which could allow an attacker to execute remote code execution flaw, affecting VBScript 5.7 and JScript 5.8.
Rest five bulletins rated as important address flaws in Windows Secure Kernel Mode, Windows Kernel-Mode Drivers, the .NET framework, the Windows Kernel, and Secure Boot process.
Users are advised to patch their system and software as soon as possible.
The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism.
The "critical" flaw (CVE-2016-3238) actually resides in the way Windows handles printer driver installations as well as the way end users connect to printers.
The flaw could allow an attacker to install malware remotely on victim machine that can be used to view, modify or delete data, or create new accounts with full user rights
MS16-087-Security Update for Windows Print Spooler Components (3170005)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.
Users who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users.
Microsoft said the critical flaw could be exploited to allow remote code execution if an attacker can conduct a man-in-the-middle (MiTM) attack on a system or print server or set up a rogue print server on a target network.
The critical flaw was discovered and reported by the researchers at security firm Vectra Networks, who disclosed some details on the vulnerability, but didn't publish their proof-of-concept (POC) code.
You can watch the video that shows the hack in action:
If the printer is behind a firewall, attackers can even hack other device or computer on that particular network, and then use it to host their malicious files.
This flaw (CVE-2016-3238) is by far the most dangerous vulnerability of the year, which is easy to execute, provides different ways of launch attacks, and affects a huge number of users.
A second related vulnerability, CVE-2016-3239, in MS16-087 bulletin is a privilege escalation flaw that could allow attackers to write to the file system.
A security bulletin for Microsoft Office, MS16-088, includes patches for seven remote code execution (RCE) vulnerabilities, 6 of them are memory corruption flaws, which affects Microsoft Office, SharePoint Server as well as Office Web Apps.
The flaws can be exploited by specially crafted Office files, allowing attackers to run arbitrary code with same privileges as the logged in user.
Bulletin MS16-084 addresses flaws in Internet Explorer and MS16-085 in Microsoft Edge. The IE flaws include RCE, privilege escalation, information disclosure and security bypass bugs.
Edge flaws include a handful of RCE and memory corruption flaws in the Chakra JavaScript engine, as well as an ASLR bypass, information disclosure, browser memory corruption, and spoofing bugs.
Bulletin MS16-086 addresses a vulnerability in the JScript and VBScript engines in Windows, which could allow an attacker to execute remote code execution flaw, affecting VBScript 5.7 and JScript 5.8.
Rest five bulletins rated as important address flaws in Windows Secure Kernel Mode, Windows Kernel-Mode Drivers, the .NET framework, the Windows Kernel, and Secure Boot process.
Users are advised to patch their system and software as soon as possible.
No comments
Post a Comment