Last Updated: 2017-06-13 21:07:27 UTC
by Johannes Ullrich (Version: 1)
Today, Microsoft and Adobe released their usual monthly security updates. Microsoft patched a total of 96 different vulnerabilities. Three vulnerabilities have already been disclosed publicly, and two vulnerabilities stick out for being already exploited according to Microsoft:
This vulnerability can be exploited when a user views a malicious shortcut file. Windows shortcuts use small files that describe the shortcut. The file will tell Windows what icon to display to represent the file. By including a malicious icon reference, the attacker can execute arbitrary code. This problem is probably easiest exploited by setting up a malicious file share, and tricking the user into opening the file share via a link. Similar vulnerabilities have been exploited in Windows in the past. Exploits should surface shortly in public. Microsoft's description of the vulnerability is a bit contradicting itself. In the past, if a vulnerability had already been exploited in the wild, Microsoft labeled them with an exploitability of "0". In this case, Microsoft uses "1", which indicates that exploitation is likely. But on the other hand, the vulnerability is already being exploited.
ETERNALBLUE Reloaded? This vulnerability is another one that is already exploited according to Microsoft. The vulnerability is triggered by sending a malicious "Search" message via SMB. The bulletin does not state if exploitation requires authentications. The attacker will have full administrative access to the system, so this vulnerability can also be exploited for privilege escalation.