SB17-051: Vulnerability Summary for the Week of February 13, 2017

Topic

New Reply

U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:

https://www.us-cert.gov/ncas/bulletins/SB17-051

SB17-051: Vulnerability Summary for the Week of February 13, 2017
02/20/2017 08:28 AM EST

Original release date: February 20, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

………

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

1 user thanked author for this post.

ch100

Reply | Quote

Replies

The US govt/CERT report seems to say that M$’s Windows, IE, Edge, Office and other M$ software are not vulnerable to malware/virus, ie only mostly non-M$ software are vulnerable. Is the US govt being pro-M$ for certain reasons?
The latest security news reports say that M$’s Windows and software are quite vulnerable to being infected by malware/virus,

https://arstechnica.com/security/2017/02/a-rash-of-invisible-fileless-malware-is-infecting-banks-around-the-globe/

https://www.scmagazine.com/shamoon-entry-point-detected-ibm-report/article/638735/

https://www.scmagazine.com/banks-worldwide-under-attack-from-new-malware-report/article/637656/

Excerpt from the arstechnica article,

Password harvesting
The researchers first discovered the malware late last year, when a bank’s security team found a copy of Meterpreter—an in-memory component of Metasploit—residing inside the physical memory of a Microsoft domain controller. After conducting a forensic analysis, the researchers found that the Meterpreter code was downloaded and injected into memory using PowerShell commands. The infected machine also used Microsoft’s NETSH networking tool to transport data to attacker-controlled servers. To obtain the administrative privileges necessary to do these things, the attackers also relied on Mimikatz. To reduce the evidence left in logs or hard drives, the attackers stashed the PowerShell commands into the Windows registry.

Fortunately, the evidence on the domain controller was intact, presumably because it hadn’t been restarted before Kaspersky Lab researchers began their investigation. An analysis of the dumped memory contents and the Windows registries allowed the researchers to restore the Meterpreter and Mimikatz code. The attackers, the researchers later determined, had used the tools to collect passwords of system administrators and for the remote administration of infected host machines.

Reply | Quote

Guess this is your first time looking at this????

A year ago it was mostly Adobe, Microsoft with a little Google. No linix…… 😛

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

Reply | Quote

A year ago it was mostly Adobe, Microsoft with a little Google. No linux…… ?

@ PhotM

https://www.us-cert.gov/ncas/bulletins/SB16-025 (Jan 2016, no M$ software vulnerability)
https://www.us-cert.gov/ncas/bulletins/SB15-271 (Sep 2015, no M$ software vulnerability)
https://www.us-cert.gov/ncas/bulletins/SB15-236 (Aug 2015, a few M$ software vulnerability)

It may just mean that the US govt was not very pro-M$ about a year and a half ago, but was very pro-M$ thereafter.
Likely this has something to do with the 29 July 2015 release of Win 10, … an NSA spyware? IOW, it seems even the US govt is trying to push her people onto Win 10 by putting out fake news/reports that M$’s Windows and software are not vulnerable to malware/virus infections, while most non-M$ software are.

Reply | Quote