Blog

A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched.  If you have not applied the August patch bundle to your domain controllers stop reading and go do it now. ReallyRead more

The September 2020 patch Tuesday contain fixes for 23 Critical vulnerabilities in Microsoft products and 129 fixes in total – including a Microsoft Exchange vulnerability that can allow remote code execution simply by sending a specially crafted email to the server. A large patch bundle is a double edged sword – it’s reassuring that theRead more

The number of ransomware attacks using RDP as the attack vector has increased sharply during the COVID lockdown. As the number of staff working remotely exploded during the COVID lockdown, criminals were quick to respond by targeting Remote Desktop Protocol services with ransomware.  For example, Group-IB recently reported that the Dharma ransomware-as-a-service was being usedRead more

Microsoft’s August patch-Tuesday bundle fixes 120 vulnerabilities including two under active exploitation- one of them over two years old. Weighing in at 120 fixes, the August 2020 Patch Tuesday is the third largest ever released by Microsoft.  Of particular interest are 17 critical updates and two zero-day exploits which are being actively attacked. IE 11Read more

Microsoft has released a patch to resolve a critical remote code execution vulnerability that has lived in the DNS server code for 17 years. A blog post from the Microsoft Security Response Centre states: Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flawRead more

The July patch bundle from SAP includes a critical patch to resolve a vulnerability in the NetWeaver application server which could allow an unauthenticated attacker to gain unrestricted access to the SAP environment and database. According to the description for the vulnerability recorded as CVE CVE-2020-6287 : SAP NetWeaver AS JAVA (LM Configuration Wizard), versionsRead more

The developers of the OpenSSH implementation of Secure Shell have announced their intention to drop support for SHA-1 in a ‘near future release.’   OpenSSH is used by millions of system administrators to securely access networked systems.   OpenSSH supports various encryption algorithms and the decision to drop support for SHA-1 comes as recent research demonstrates itRead more

In June 2020 Microsoft’s Patch Tuesday fixes a record 129 defects and vulnerabilities in its software – with a further 19 patches in the June Microsoft Office patch bundle. This continues a recent trend of ever-increasing numbers of patches included in the monthly updates from Microsoft (the two previous highest number of patches were inRead more

April’s patch Tuesday release from Microsoft includes fixes for three zero-day vulnerabilities in Windows that are under active attack. CVE-2020-1020 is a flaw in the Windows Adobe Type Manager Library.  According to Microsoft: For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10,Read more

Server hardening is a set of disciplines and techniques which improve the security of an ‘off the shelf’ server.  Server Hardening is requirement of security frameworks such as PCI-DSS and is typically included when organisations adopt ISO27001.   What is the attack surface The aim of server hardening is to reduce the attack surface ofRead more