New vulnerabilities in the ubiquitous Windows Defender software hit the wild today, courtesy of Project Zero. As with the "wannacry" exploits, you have an opportunity to avoid, or mitigate the impact of, these vulnaerbilities. Please review the following guidance to help you navigate this series of threats. This is the new normal. We are effectively "at war".
IMMEDIATE GUIDANCE ON MICROSOFT MALWARE PROTECTION ENGINE CVE-2017-8558 REMOTE CODE EXECUTION VULNERABILITY
The Windows Defender anti-virus engine is the default security application loaded onto millions of Windows devices worldwide. On June 23rd, Google’s Project Zero security team disclosed a critical vulnerability in Windows Defender that allowed attackers to remotely execute arbitrary code on the system as a LocalSystem account. With this initial point of access, attackers could take control of the system, create new privileged user accounts, install additional malware, and view, change, or delete data at will.
To exploit the vulnerability, an attacker needs to send a user a malicious link or attachment or make the user visit a hostile website. Users do not need to click on links, save files, or navigate through the malicious webpage for the attack to execute—merely receiving an email or visiting a malicious webpage is enough for execution.
The following vulnerable systems should be patched immediately:
Microsoft Windows Intune Endpoint Protection 0
Microsoft Windows Defender 0
Microsoft Windows 10 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 version 1511 for 32-bit Systems 0
Microsoft Windows 10 version 1511 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 version 1703 for 32-bit Systems 0
Microsoft Windows 10 version 1703 for x64-based Systems 0
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows RT 8.1
Microsoft Windows Server 2016
Microsoft Security Essentials 0
Microsoft Forefront Endpoint Protection 2010 0
Microsoft Forefront Endpoint Protection 0
Microsoft Endpoint Protection 0
CVE-2017-8558 is a reminder that even mature security programs can fall prey to undisclosed attacks. Your organization needs to be nimble enough to react quickly to new threats when they go public.
Cybis can help you instill the organizational agility and security posture to respond to the latest threats and make your enterprise more resilient to these attacks. As always, don't hesitate to contact us if you have questions.