Saturday, 18 November 2017

Posts from Pete's PC Repairs on Facebook




View this in your browser

Pete's PC Repairs on Facebook

Facebook feed

Excerpts:

Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans




Patch Tuesday toll: more than 1,100 separate patches, but nothing critical for Windows. We're seeing many bugs. None have elicited more vituperation than the forced upgrade to Fall Creators Update, ignoring the "CBB" setting in 1703. Perhaps it's not a bug but a feature? 



7 Reliable Sites To Do A Quick Free Anti-Virus Scan






2018 Is Likely To Be A Worse Year For Ransomware Than 2017

2018 Is Likely To Be A Worse Year For Ransomware Than 2017 


2018 Is Likely To Be A Worse Year For Ransomware Than 2017 


Pete's PC Repairs, your local, affordable solution for all you home or business IT...

Pete's PC Repairs, your local, affordable solution for all you home or business IT needs http://petercraine.wixsite.com/petespcrepairs Don't Despair we Repair 





we are now closed for the day, see you soon, for out of hours support please contact us through our...

we are now closed for the day, see you soon, for out of hours support please contact us through our face book page.https://facebook.com/petespcrepairsblackburn/?business_id=1931743440399760 





Copyright © 2017 Pete's PC Repairs, All rights reserved.

pesky windows updates

Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 1 of 8
WOODY ON WINDOWS
By Woody Leonhard, Columnist, Computerworld
NOV 15, 2017 10:52 AM PT
NEWS ANALYSIS
Microsoft forces Win10 1703 customers onto 1709, and other Patch
Tuesday shenanigans
Patch Tuesday toll: more than 1,100 separate patches, but nothing critical for Windows.
We’re seeing many bugs. None have elicited more vituperation than the forced upgrade to
Fall Creators Update, ignoring the “CBB” setting in 1703. Perhaps it’s not a bug but a
feature?
Another massive outpouring of Microsoft patches yesterday — more than 1,100
separate patches — brought a few surprises and shouts of indignation from a
forced but unannounced upgrade. Some bugs are already evident, and there’s
a storm brewing over one Office patch. But by and large, if you don’t use
Internet Explorer or Edge, it’s a non-event.
Every version of Windows got patched yesterday (Win10 1709, Win10 1703,
Win10 1607, Win10 1511 Enterprise, Win10 1507 LTSC, Win 8.1, Win RT 8.1, Win
7, plus Server 2016, 2012 R2, 2012, 2008 R2, 2008). Almost every version of
Office (2016, 2013, 2010, 2007, plus 2013 and 2010 Click-to-Run). Plenty of
miscellaneous, too: IE 11, 10, 9 and Edge, Flash for all, SharePoint Server, the
ChakraCore package, and various .Nets including ASP.NET. The good news?
Unless you use IE or Edge, there’s nothing pressing — you can sit back and
watch the bugs crawling out of the woodwork.
Martin Brinkman at ghacks has a spreadsheet you can download if you’re
curious. He shows more than 1,100 separately identified patches.
! Sign In | Register"
Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 2 of 8
All of that’s in addition to the 43 non-security Office patches released last
week, the Win7 and 8.1 Security-only patches, and the Monthly Patch
previews.
Behind the curtain
For most of you, the key patches are these:
Win10 1709 KB 4048955 Build 16299.64
Win10 1703 KB 4048954 Build 15063.726 (and 15063.728?)
Win10 1607 KB 4048953 Build 14393.1884 - there's also an entry for
KB4051033 , Build 14393.1913, but there's no KB article, and no indication
what it's for.
Win10 1511 Enterprise and Education only KB 4048952 Build
10586.1232. Note that this cumulative update does not install on Home or
Pro versions (thx, @teroalhonen)
Win10 1507 LTSC only KB 4048956 Build 10240.17673
Win 8.1 KB 4048958 2017-11 Monthly Rollup
Win 7 KB 4048957 2017-11 Monthly Rollup
There’s a handful of fully disclosed bugs in the patches. You can see them in
the KB articles associated with the individual patches. For the Win10 patches:
Internet Explorer 11 users who use SQL Server Reporting Services (SSRS)
may not be able to scroll through a dropdown menu using the scroll bar.
(Fix: Change the document mode.)
Universal Windows Platform (UWP) applications that use JavaScript and
asm.js may stop working. (Fix: Uninstall, then reinstall the application.)
May change Czech and Arabic languages to English for Microsoft Edge
and other applications. (Fix: We’re working on it.)
Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 3 of 8
But of course the disclosed bugs are never as interesting — or as problematic
— as the unexpected ones.
[ To comment on this story, visit Computerworld's Facebook page. ]
According to Microsoft, four of the fixed holes have been publicly disclosed,
but none of them are being exploited in the wild at this point (which is to say,
they’re not zero-days):
CVE-2017-8700 — ASP.NET Core Information Disclosure Vulnerability
CVE-2017-11827 — Microsoft Browser Memory Corruption Vulnerability
CVE-2017-11848 — Internet Explorer Information Disclosure Vulnerability
CVE-2017-11883 — ASP.NET Core Denial of Service Vulnerability
Once again, you can see security holes in IE 11 inherited by Edge.
Adobe released 9 security bulletins and advisories, which fixed 86 individually
recognized security holes in Flash, Acrobat, Reader and other Adobe products.
As usual, Microsoft incorporated the Flash fixes into its Win 8.1, 8.1 RT, Win 10
and Server 2012, 2012 R2 and 2016 patches.
My long-standing advice still rings true: If at all possible, get rid of Flash and
Reader and use any browser other than IE or Edge.
Forced upgrade to 1709
The most vexing issue to crop up so far: Win10 Pro users who have their Group
Policy set to block upgrades from 1703 (Creators Update) to 1709 (Fall Creators
Update) are getting pushed onto 1709. Win10 1703 Pro users set to hold off for
"Current Branch for Business" got bushwhacked, too. Poster NetDef on
AskWoody says:
Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 4 of 8
All (and I mean ALL) 1703 systems today, even with correct Group Policy
settings enforced, that were NOT under a WSUS system have picked up and
installed (or attempted to install) the 1709 feature update.
Test systems that had CBB set, but also had the defer updates set for 60 or
more days, did NOT update today.
Test systems where we used WUShowHide to hide/defer the 1709 update
have ALSO attempted to upgrade to 1709 today.
MS has apparently greatly shorted the wait time for (formerly known as
CBB) from 4 months to 1 month. I do not yet know if this was an accident,
or intentional.
Given all of the recent complaints about bugs in the Fall Creators Update,
being forced onto 1709 even with the “Current Branch for Business” set in the
Security & Updates Advanced Options (screenshot) is unconscionable.
Microsoft has retroactively redefined “Current Branch for Business” — which is
to say, it has eliminated it — without warning, and without allowing customers
to change their settings to something that says, in effect, back off.
Woody Leonhard/IDG
Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 5 of 8
Poster @MrBrian echoes the damnation of many:
My educated guess is that this was not an accident. The “Microsoft
recommends” tag on the official Win10 release information site now points
to 1709. Microsoft is now purposely blurring the distinction between what
was formerly Current Branch and Current Branch for Business. I’m not
surprised that Microsoft did this, but I would have thought that Microsoft
would have given prominent notice beforehand (or did they?)
The only solution at this point is to make sure you have the feature update
deferral setting ratcheted all the way up to 365 days. See my recommendation
from October. If you got upgraded and don’t want to join Microsoft’s unpaid
beta-testing club for 1709, you can roll back using Start > Settings > Update &
security > Recovery and under “Go back to the previous version of Windows
10” click Get Started. Provided you roll back within 10 days, you should end up
with your old system.
Problems on the Office front
Catalin Cimpanu at BleepingComputer calls out a worrying Excel patch, CVE-
2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability —
previously undisclosed, that may allow jimmied Excel worksheets to bypass the
usual auto-execution restrictions. No known exploits, as yet, but it’s unnerving.
There’s a new security advisory, ADV170020 - Microsoft Office Defense in
Depth Update, that has exactly no description. Dustin Childs at Zero Day
Initiative offers this possible explanation:
If one were to guess, it’s likely this advisory is related to the recent spate of
malware abusing the Dynamic Data Exchange (DDE) protocol. DDE
provides data exchanges between Office and other Windows applications,
however attackers leverage DDE fields to create documents that load
Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 6 of 8
malicious resources from an external server. Microsoft claims attackers may
be abusing the feature, but it’s not a vulnerability per se. Hopefully, the
update provided by this advisory restricts the abuse of this “feature” in some
manner.
I talked about the suddenly popular {DDEAUTO} field on AskWoody last week
in response to Microsoft’s Security Advisory 4053440. It looks like the
mysterious ADV170020 somehow automates a subset of the manual tweaks
provided in SA 4053440 but, of course, Microsoft has provided zero
documentation. Security by obscurity, eh?
It also appears as if the new fixes for the “Unexpected error from external
database driver” bugs are working. You may recall that those buggy patches for
the buggy patches — KB 4052233, 4052234, and 4052235 — were pulled and
completely obliterated from the record late last month. This month, we’re
seeing fixes for all versions of Windows, including 1709 with this reassuring
note:
Addressed issue where applications based on the Microsoft JET Database
Engine (Microsoft Access 2007 and older or non-Microsoft applications) fail
when creating or opening Microsoft Excel .xls files. The error message is:
“Unexpected error from external database driver (1). (Microsoft JET
Database Engine)".
More of a mixed bag
There’s some good news. @abbodi86 confirms that Microsoft fixed the
retrograde bug I reported last month in the 2017-11 Win7 Monthly Rollup
Preview, the SFC scanning bug that originated long ago in KB 3125574.
And there are some odd glitches:
Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 7 of 8
Win7 Pro may get a Malicious Software Removal Tool update that’s
marked “important” but not checked for installation (thx, @alpha128).
Win10 1709 may get an MSRT update that’s incorrectly marked “for
Windows Insider Preview” (thx Joh582n).
The service “Microsoft .Net Framework NGEN v4.0.30319_X86” may no
longer start automatically.
Outlook 2016 Click-to-Run version 1710 build 8625.2121 clobbers the
View Settings button (acknowledged bug with a half-fast workaround).
Excel 2013 and 2016 may get a cursor flicker after updating to 1709
(acknowledged bug).
Equation Editor phunnies
Finally, the most contentious patch of all. The Embedi malware folks found a
severe security bug in the old — 17 years old — Office Equation Editor. You may
remember the Word Equation Editor, which about 10 people once used to
make equations look nice inside their Word docs. Almost everybody has the
Equation Editor installed and enabled. Almost everybody with Office is
vulnerable. But there’s no hue and cry as yet because working exploit code
isn’t available. Yet.
Microsoft has a writeup for the security hole CVE-2017-11882 - Microsoft
Office Memory Corruption Vulnerability. Microsoft lists it as “Important -
Exploitation less likely” with no known exploit code.
Embedi insists that the problem can be triggered with no user prompt.
Microsoft, by virtue of its “Important” designation, claims that some user
intervention is required. Embedi says it has exploit code, which it delivered to
Microsoft on March 8. Microsoft says it has no functioning exploit code.
Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans | Computerworld 18/11/2017, 08)50
https://www.computerworld.com/article/3237172/microsoft-windows/…03-customers-onto-1709-and-other-patch-tuesday-shenanigans.html Page 8 of 8
Copyright © 2017 IDG Communications, Inc.
YOU MIGHT LIKE
SHOP TECH PRODUCTS AT AMAZON
Who’s right? Who knows? You can manually circumvent the problem by
making two registry changes listed in the Embedi article.
It’s a messy month. With no “critical” Windows updates, as long as you don’t
use IE or Edge, there’s no huge pressure to apply the updates just yet.
Thanks to @GossiTheDog, @teralhonen, @barbbowman, @abbodi86,
@PKCano, @MrBrian, and the many intrepid testers on AskWoody.
Hit a bug? We’re all ears on the AskWoody Lounge.
Windows Hello for Business: Next-gen authentication for Windows shops
Follow # ✉ ! " #
Woody Leonhard is a columnist at Computerworld and author of dozens of Windows books, including

"Windows 10 All-in-One for Dummies."

Saturday, 11 November 2017

New Service goes live on Sunday



As revealed last month - tomorrow (Sunday) is the launch day for the new service, availability is limited, so you are going to want to get in quick, make sure you check back regularly, bookmark us and don't forget to like and follow the page !!!

Peace of mind Guaranteed



How would you like to take all the worry out of owning a computer, all your concerns about viruses, malware, ransomeware and the general health of your computer. Look no further for only £7 per month, yes thats right only £7 per month (but only for the first 30 people) you can have a fully monitored, updated and protected computer.





Heres what you get
  • Fully Managed and Monitored Antivirus and Malware protection (daily updates, monitored alerts, permission led outcomes)
  • Fully Managed and Monitored Anti-ransomeware, keeping you safe from fast emerging threats
  • Remote Support (no need to plan and arrange an
    appointment get near instant support (subject to availability and fair use policy))
  • Fully Monitored computer, alerting you to any potential problems leading to access to :-
  • Your own personal supportdesk to report any problems you may have
  • Annual Computer MOT (drop off and pickup service available)


Optional Extras (ask for price)
  • Data Backup
  • Computer Backup
  • Out of Hours support
  • Priority Customer Support
  • Health Check



Goto Facebook to book you computer in for this offer
Only available to the first 30 people to book - after that full price will be payable





Sunday, 22 October 2017

New Service coming Mid-November





That's right I'm in the middle of a collaboration between a few companies to bring you a product/service that you will wonder, (1) why someone hasn't done it before and (2) how can I not have this, it will also give you peace of mind, security, be affordable and save you money. 

The best way to make sure you're in with a chance of being eligible for the fist release (limited to 50 people) is to ensure you are following all my outlets and are a active and regular sharer of content * :-


So get clicking and follow on you preferred channel/outlet - don't forget its limited to 50 for the first release @ this price and terms, whilst your following the above links, have a nosey around what else I have to offer, you might just find exactly what you need or be able to bookmark something for a later date.
Why not have a look through my online magazine or sign up for the newsletter.
The possibilities are endless, the hints, tips and tricks are all useful and give you the edge and insight you need without the pain of trawling the internet for them.











* I get monthly reports from all my outlets detailing all shares/likes/retweets etc and can who my active followers are, these inevitably are the people that get the best prices and are first on the list for news and new releases - to get on those lists all you have to do is share/like/retweet/add friends regularly - it takes less than 5 minutes a week - less than a minute a day - its really up to you, want to save money then do it.



Friday, 20 October 2017

Does Your Computer Need Repairing ?



In this day and age, technology is so ingrained in our daily lives that there are people who find it difficult to function properly without using some form of technology. From household chores to work duties, many use technology to get it done quickly and more efficiently.
The computer is probably one of the most used technology nowadays. It is helpful to all kinds of people, mothers, doctors, office workers, and students. That’s why it is important to take good care of your computer and repair as required. You might not realize that your computer needs repair because you can still use it.
But there are signs that your computer may be functioning less efficiently than it should. Look through the list below of the signs that your computer needs to be repaired.
IT IS VERY SLOW 
There are many reasons why a computer might be running slower than usual. It can be due to an operating system that might be outdated. It could also mean that there are too many programs and applications installed on your computer. The important thing to do is that you should not ignore when you notice your computer is getting slower. It might be a sign that something is failing in your computer, and ignoring it might make the condition worse.
IT OVERHEATS 
While you may feel that a computer may get hot while it is on if it becomes too hot that can become a problem. While the reason may be simple, as some laptops or computers might just be dirty and the cooling system just needs to be cleaned. But sometimes it might also be a serious matter. Some laptops get so hot that their motherboard becomes too damaged to be of use. Make sure to bring your computer to a professional so that they can readily assess what might be wrong with it.
YOU KEEP GETTING ERROR MESSAGES 
If you find yourself reading many error messages within the day, then you need to check as you might be the victim of a corrupted program or even a virus. Some issues may be easy to diagnose and fix, you just need to research on the error message displayed and look for solutions. But other issues might be harder so you can go to a computer repair service for that.
YOU KEEP GETTING WEB POP-UPS 
It’s not uncommon to get the usual web pop-ups when you browse all over the internet. But if you’ve observed that you’ve been getting more than the usual number of pop-ups, then it might be because of a virus or malware. Make sure to approach the right people to help you as sometimes the solutions you will see online do not really help at all. It’s better to trust the expertise of professionals so you can be assured that your computer is in good hands.

Spiceworks





Spiceworks - Community Digest
10 Computer systems still using Windows XP in 2017, three years after EOS
Is there a chance you'll come across XP running in the wild in 2017? Sadly, the answer is yes. And the organizations who haven't moved on from Windows XP might surprise you. 
Read full post »


Microsoft Patch Tuesday - October 2017




Talos Blog - Microsoft Patch Tuesday - October 2017
Posted: 10 Oct 2017 01:25 PM PDT
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. 


Vulnerabilities Rated Critical


The following vulnerabilities are rated "Critical" by Microsoft: 

CVE-2017-11813, CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability


Two vulnerabilities have been identified in Internet Explorer that could result in remote code execution in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory when attempting to render a webpage. Both vulnerabilities could be exploited if, for example, a user visits a specially crafted webpage that exploits one of these flaws.

CVE-2017-11762, CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerability


Two vulnerabilities have been identified in the font library of the Microsoft Graphics Component that could allow an attacker to execute arbitrary code. These vulnerabilities manifest due to the library incorrectly handling specialty embedded fonts within a web page or document. Exploitation of these two vulnerabilities could be achieved if a user navigates to a malicious web page or if the user opens a specially crafted document that exploits these vulnerabilities.

Multiple CVEs - Scripting Engine Memory Corruption Vulnerability


Multiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. These vulnerabilities all manifest due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked "safe for initialization."

The following is a list of CVEs related to these vulnerabilities:

  • CVE-2017-11767
  • CVE-2017-11792
  • CVE-2017-11793
  • CVE-2017-11796
  • CVE-2017-11797
  • CVE-2017-11798
  • CVE-2017-11799
  • CVE-2017-11800
  • CVE-2017-11801
  • CVE-2017-11802
  • CVE-2017-11804
  • CVE-2017-11805
  • CVE-2017-11806
  • CVE-2017-11807
  • CVE-2017-11808
  • CVE-2017-11809
  • CVE-2017-11810
  • CVE-2017-11811
  • CVE-2017-11812
  • CVE-2017-11821

CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability


A remote code execution vulnerability has been identified in Windows DNS that could allow an attacker to execute arbitrary code in the context of the Local System account. This vulnerability manifests in DNSAPI.dll as a result of improperly handling DNS responses. A scenario where this vulnerability could be exploited would be one where an attacker stand ups a malicious DNS server to transmit specially crafted DNS responses to the target.

CVE-2017-11771 - Windows Search Remote Code Execution Vulnerability


An arbitrary code execution vulnerability has been identified in Window Search that could allow an attacker to elevate their privileges and subsequently execute code in the elevated context. This vulnerability manifests due to improper handling of objects in memory. For this vulnerability to be exploited, an attacker would need to either have access to the targeted host to exploit this vulnerability, or remotely trigger it through an SMB connection.

CVE-2017-8727 - Windows Shell Memory Corruption Vulnerability


A remote code execution vulnerability has been identified in Internet Explorer which could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability manifests as a result of Internet Explorer improperly accessing objects in memory via the Microsoft Windows Text Services Framework. An attacker could create a specially crafted web page that exploits this vulnerability and subsequently socially engineer a user to visit the page to compromise users. Additionally, attackers could leverage vulnerable or compromised websites or sites that display user-provided content or advertisements to exploit and compromise users.

CVE-2017-11819 - Windows Shell Remote Code Execution Vulnerability


A remote code execution vulnerability has been identified in Microsoft web browsers which manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. An attacker could leverage this vulnerability to exploit users by crafting a specially formed web page and socially engineering users to visit such a page. Other scenarios include an attacker leveraging vulnerable or compromised websites or sites that display user-provided content or advertisements to exploit this vulnerability and compromise users.

Vulnerabilities Rated Important


The following vulnerabilities are rated "important" by Microsoft:

CVE-2017-11790 - Internet Explorer Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Internet Explorer that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Internet Explorer improperly handling objects in memory. A user who navigates to an attacker-controlled web page could be exploited. Additionally, users who navigate to site that hosts user-generated content could also be exploited.

CVE-2017-11794 - Microsoft Edge Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Edge that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Edge improperly handling objects in memory. A user who navigates to an attacker-controlled web page could be exploited. Additionally, users who navigate to site that hosts user-generated content could also be exploited.

CVE-2017-8726 - Microsoft Edge Memory Corruption Vulnerability


A remote code execution vulnerability has been identified in Edge that could allow an attacker to execute arbitrary code in the context of the user. This vulnerability manifests due to Edge improperly handling objects in memory. Possible scenarios where an attacker could compromise a user could include a web-based attacks where a user navigates to a specially crafted web page under the attacker's control. Other possibilities include a user opening a Microsoft Office document containing an embedded ActiveX control marked "safe for initialization".

CVE-2017-8693 - Microsoft Graphics Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in the Microsoft Windows Graphics Component that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the Graphics component improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. 

CVE-2017-8717, CVE-2017-8718 - Microsoft JET Database Engine Remote Code Execution Vulnerability


Two arbitrary code execution vulnerabilities have been identified in the Microsoft JET Database Engine that could allow an attacker to execute arbitrary code in the context of the current user. These vulnerabilities manifest as buffer overflow conditions when triggered. For an attacker to successfully exploit these vulnerabilities, a user would need to open or preview a specially crafted Microsoft Excel document on an affected version of Windows. An email-based attack where an attacker sends a victim a specially crafted Excel document is the most likely scenario where a user could be compromised.

CVE-2017-11826 - Microsoft Office Memory Corruption Vulnerability


A vulnerability have been identified in Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document. Note that in certain conditions, the Preview Pane is an attack vector as well.

CVE-2017-11825 - Microsoft Office Remote Code Execution Vulnerability


A vulnerability has been identified in Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document.

Multiple CVEs - Microsoft Office SharePoint XSS Vulnerability


Multiple vulnerabilities in Microsoft Office Sharepoint have been identified that could could allow an attacker to execute a cross-site scripting (XSS) attack. These vulnerabilities manifest due to Sharepoint Server improperly sanitizing specific web requests from a user. Successful exploitation of these flaws could allow an attacker to execute scripts in the context of the current user, read content that the attacker would not otherwise have permission to view, or execute actions on behalf of the affected user.

The following CVEs reflect these vulnerabilities:

  • CVE-2017-11775
  • CVE-2017-11777
  • CVE-2017-11820

CVE-2017-11776 - Microsoft Outlook Information Disclosure Vulnerability


An information disclosure vulnerability in Microsoft Outlook has been identified that could leak sensitive information to third-parties. This vulnerability manifests when Outlook fails to establish a secure connection. An attacker who exploits this vulnerability could obtain the email content of a user.

CVE-2017-11774 - Microsoft Outlook Security Feature Bypass Vulnerability


A security feature bypass vulnerability has been identified in Microsoft Outlook that could be used to execute arbitrary commands. This vulnerability manifests due to Office improperly handling objects in memory. A user who opens a specially crafted document file could be exploited. A scenario where this could occur would be in a file-sharing attack where an attacker gives the user a file and socially engineers them to open it.

CVE-2017-11772 - Microsoft Search Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Windows Search that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to Window Search improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user sends specially crafted messages to the Window Search service. Alternatively, this vulnerability could be exploited remotely in an enterprise setting over an SMB connection from an unauthenticated attacker. 

CVE-2017-11823 - Microsoft Windows Security Feature Bypass


A vulnerability had been identified in Device Guard that could allow an attacker bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious code into a script that is trusted by the Code Integrity policy. As a result, the injected code could be run with the same trust level as the script, bypassing the Code Integrity policy control.

CVE-2017-11786 - Skype for Business Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in Skype for Business that could allow an authenticated attacker to potentially impersonate a user. This vulnerability manifests due to Skype for Business improperly handling specific authentication requests. An attacker who initiates an instant message session while a specially crafted profile image is set could exploit this vulnerability and steal an authentication hash that could be reused in different contexts. Successful exploitation would allow an attacker to perform actions that a user is permitted to do, resulting in various outcomes such as privilege escalation.

CVE-2017-11769 - TRIE Remote Code Execution Vulnerability


An arbitrary code execution vulnerability has been identified in Windows that could allow an attacker to execute code in the context of the current user. This vulnerability manifests due to the way certain Windows components improperly handle loading DLL files. Successful exploitation could allow an attacker to perform actions or execute commands within the context of the current user.

CVE-2017-8689, CVE-2017-8694 - Win32k Elevation of Privilege Vulnerability


Two vulnerabilities in Windows Kernel-Mode Drivers have been identified that could allow a privilege escalation attack to occur. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities would result in an attacker obtaining administrator privileges on the targeted system. Users who run a specifically crafted executable that exploits this vulnerability could leverage this vulnerability to perform actions as an administrator on the affected system.

CVE-2017-11783 - Windows Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in Windows that could allow an authenticated attacker to elevate their privileges to that of an administrator. This vulnerability manifests due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC). A user who creates a specially crafted application and executes it on an affected system could exploit this vulnerability.

CVE-2017-11816 - Windows GDI Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in the Microsoft Windows Graphics Device Interface (GDI) that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the GDI improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. 

CVE-2017-11824 - Windows Graphics Component Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in the Microsoft Windows Graphics Component that could allow an attacker to elevate their privileges to that of an administrator. This vulnerability manifests due to the Graphics component improperly handling objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability.

CVE-2017-11817 - Windows Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to obtain information that could be used to further compromise an affected system. This vulnerability manifests due to the kernel improperly initializing objects in memory. Exploitation of this vulnerability could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit this vulnerability. 

CVE-2017-11784, CVE-2017-11785 - Windows Kernel Information Disclosure Vulnerability


Two information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker to obtain memory addresses and bypass Kernel Address Space Layout Randomization (KASLR). Exploitation of these vulnerabilities could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit them. 

CVE-2017-11765, CVE-2017-11814 - Windows Information Disclosure Vulnerability


Two information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker to obtain information that could be used to further compromise an affected system. These vulnerabilities manifest due to the kernel improperly initializing objects in memory. Exploitation of these vulnerabilities could be achieved if an authenticated user were to launch a specially crafted executable designed to exploit them. 

CVE-2017-8715 - Windows Security Feature Bypass Vulnerability


A vulnerability had been identified in Device Guard that could allow an attacker to bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious code into a script that is trusted by the Code Integrity policy. As a result, the injected code could be run with the same trust level as the script, bypassing the Code Integrity policy control.

CVE-2017-11781 - Windows SMB Denial of Service Vulnerability


A denial of service vulnerability has been identified in Microsoft SMB that could allow an attacker to crash an affected host. This vulnerability manifests due to SMB improperly handling certain requests. An attacker who sends a vulnerable server specially crafted requests could exploit this vulnerability and create a denial of service condition for users.

CVE-2017-11782 - Windows SMB Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in the default Windows SMB Server configuration that could allow anonymous users to access certain named pipes. These named pipes could be used to send specially crafted requests to services that accept requests via named pipes. An attacker who is able to send SMB messages to an affected SMB server could exploit this vulnerability.

CVE-2017-11815 - Windows SMB Information Disclosure Vulnerability


An information disclosure vulnerability has been identified in Windows SMB that could allow an attacker to access files they otherwise should not have access to. This vulnerability manifests due to SMB server improperly handling certain requests. An attacker who is able to authenticate to the SMB server and send it SMB messages could exploit this vulnerability.

CVE-2017-11780 - Windows SMB Remote Code Execution Vulnerability


A remote code execution vulnerability has been identified in Microsoft Server Message Block 1.0 (SMBv1) which could allow an attacker to compromise SMBv1 servers. This vulnerability manifests due to the way SMBv1 servers handle certain requests. Exploitation of this vulnerability could be achieved by an unauthenticated attacker by sending specially crafted requests to the affected server.

CVE-2017-11818 - Windows Storage Security Feature Bypass Vulnerability


A security feature bypass has been identified in Microsoft Windows storage which could allow an application with a certain integrity level to execute code at a different level. This vulnerability manifests due to Windows improperly validating an integrity-level check.

CVE-2017-8703 - Windows Subsystem for Linux Denial of Service Vulnerability


A denial of service vulnerability has been identified in the Windows Subsystem for Linux (WSL). This vulnerability manifests as due to the WSL improperly handling objects in memory. An attacker who creates a specially crafted application and executes it on an affected system could exploit this vulnerability.

CVE-2017-11829 - Windows Update Delivery Optimization Elevation of Privilege Vulnerability


A privilege escalation vulnerability has been identified in Windows Update Delivery Optimization that could allow an attacker to overwrite files of a higher privilege than what the attacker possesses. This vulnerability manifests due to Windows Update Delivery Optimization improperly enforcing file share permissions. An attacker who is able to log into the system and create a Delivery Optimization job could exploit this vulnerability.

Subscribe to: Posts (Atom)