August Patch Tuesday: The HBO Hackers
Winter isn’t coming. Winter is here!
The recent HBO hack may have exposed up to 1.5 terabytes of data. This is 7 times what Sony lost in the 2014 cyberattack.
The script of the upcoming episode of Game of Thrones and other episodes of popular HBO series have also been released by the hackers. What still awaits to be released by the hackers remains unclear.
“As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming.”
Richard Plepler, HBO CEO in an email published by Entertainment Weekly.
Robert Brown, Director of Services for Verismic says, “I wonder if they will be reading our Avoiding Patch Doomsday whitepaper as part of their security review? With this whitepaper, they can stop reacting to these kinds of threats and start predicting them. I’m sure this exposure has put a chill in their summer.”
Masses of common flaws crack open 55% of Corporate Networks Corporate information systems became more vulnerable in 2016, even as user awareness regarding information security significantly increased. That’s the word from Positive Technologies, which found in an overview of security audit findings that critical vulnerabilities were detected in 47% of investigated corporate systems last year.
Implementing a proactive patching process should be one of the most important tasks being performed by your IT Security teams, especially since ransomware shuts down on average one in five small business after it hits.
“The human factor is the most likely weakness and often the cause of exposures for small to medium sized businesses,” says Robert Brown, Director of Services at Verismic. “These issues can be alleviated with the right patch management tool.”
WoSign and StartCom revoked from the Trust Root Program
Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by their Trusted Root Program, observing unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) violations.
Microsoft will begin the natural deprecation of WoSign and StartCom certificates by setting a “NotBefore” date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017. Microsoft values the global Certificate Authority community and only makes these decisions after careful consideration as to what is best for the security of our users.
Microsoft addressed 48 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft SQL Server, and Microsoft Office. The vulnerabilities could allow an attacker to execute arbitrary code, gain escalated privileges, bypass security protections, view sensitive information, or cause a denial of service. Full details of the complete Security Update Guide can be found here.
We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.
|ID||Vulnerability Alert||CVSS Base Score||Recommended|
|CVE-2017-8620||Microsoft Windows Search Arbitrary Code Execution Vulnerability||9||Yes|
|CVE-2017-8591||Microsoft Windows Input Method Editor Arbitrary Code Execution Vulnerability||8.8||Yes|
|CVE-2017-8593||Microsoft Windows Win32k Kernel Driver Privilege Escalation Vulnerability||8.8||Yes|
|CVE-2017-8624||Microsoft Windows Common Log File System Privilege Escalation Vulnerability||8.8||Yes|
|CVE-2017-0250||Microsoft Windows Jet Database Engine Arbitrary Code Execution Vulnerability||8.3||Yes|
|CVE-2017-0293||Microsoft Windows PDF Handling Arbitrary Code Execution Vulnerability||8.3||Yes|
|CVE-2017-8625||Microsoft Internet Explorer Security Bypass Vulnerability||8.3||Yes|
|CVE-2017-8634||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8635||Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8636||Microsoft Internet Explorer and Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8638||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8639||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8640||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8641||Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8645||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8646||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8647||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8651||Microsoft Internet Explorer Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8653||Microsoft Internet Explorer Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8655||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8656||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8657||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8661||Microsoft Edge Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8669||Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8670||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8671||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8672||Microsoft Edge Scripting Engine Memory Corruption Vulnerability||8.3||Yes|
|CVE-2017-8674||Microsoft Edge Memory Corruption Vulnerability||8.3||Yes|