Examining Microsoft’s latest patch release

Microsoft recently released almost 100 patches for its operating systems, and the vulnerabilities disclosed are highly likely to be leveraged in the near future.

Included within Microsoft’s release was CVE-2017-8543, a new critical SMB remote code execution vulnerability. SMB is responsible for file and printer sharing, is required on Windows servers and is included by default in Windows workstations. It is therefore wormable to such an extent that systems can automatically become infected without requiring user interaction.

There are strong indications that this vulnerability is being actively exploited in the wild and is associated with the recent Shadow Brokers’ disclosures, as stated directly by Microsoft:

“Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.”

MWR has observed a decrease on an ongoing basis in the time delta between release and weaponization. As this vulnerability affects all Windows operating systems, MWR fully expects to see a number of campaigns leveraging this vulnerability and strongly recommend prioritized and comprehensive deployment of the patches released with this advisory.

Detailed information on the security advisory are available here. Microsoft has released patches for supported operating systems, as well as taken the decision to patch unsupported operating systems once again.

As with the first set of vulnerabilities made public in April, MWR is rapidly analyzing the new patch releases. For the latest research, follow @countercept & @mwrlabs on Twitter.



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.