Thursday, July 14, 2016

Bug allows to Hack any version of Microsoft Windows


Critical Print Spooler Bug allows Attackers to Hack any version of Microsoft Windows

Microsoft's July Patch Tuesday offers 11 security bulletins with six rated critical resolving almost 50 security holes in its software.


The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism.

The "critical" flaw (CVE-2016-3238) actually resides in the way Windows handles printer driver installations as well as the way end users connect to printers.

The flaw could allow an attacker to install malware remotely on victim machine that can be used to view, modify or delete data, or create new accounts with full user rights; Microsoft said in MS16-087 bulletin posted Tuesday.

Users who are logged in with fewer user rights on the system are less impacted than users who operate with administrative user rights, such as some home accounts and server users.

Microsoft said the critical flaw could be exploited to allow remote code execution if an attacker can conduct a man-in-the-middle (MiTM) attack on a system or print server or set up a rogue print server on a target network.

The critical flaw was discovered and reported by the researchers at security firm Vectra Networks, who disclosed some details on the vulnerability, but didn't publish their proof-of-concept (POC) code.

You can watch the video that shows the hack in action:

In corporate networks, by default network administrators allow printers to deliver the necessary drivers to workstations or systems connected to the network. These drivers are silently installed without user interaction and run with full privileges under the SYSTEM user.

According to researchers, attackers can replace these drivers on the printer with malicious files that could allow them to execute code of their choice.

More worrisome: If the printer is behind a firewall, attackers can even hack other device or computer on that particular network, and then use it to host their malicious files.

Watering Hole Attacks via Printers
Like servers, multiple computers are also connected to printers in an effort to print documents as well as download drivers. So, this flaw allows a hacker to execute watering hole attacks technically using printers.

Watering hole attacks, or drive-by downloads, are used to target businesses and organizations by infecting them with malware to gain access to the network.

    "Rather than infecting users individually, an attacker can effectively turn one printer into a watering hole that will infect every Windows device that touches it," said Vectra chief security officer Gunter Ollmann.

    "Anyone connecting to the printer share will download the malicious driver. This moves the attack vector from physical devices to any device on the network capable of hosting a virtual printer image."

This flaw (CVE-2016-3238) is by far the most dangerous vulnerability of the year, which is easy to execute, provides different ways of launch attacks, and affects a huge number of users.

A second related vulnerability, CVE-2016-3239, in MS16-087 bulletin is a privilege escalation flaw that could allow attackers to write to the file system.

A security bulletin for Microsoft Office, MS16-088, includes patches for seven remote code execution (RCE) vulnerabilities, 6 of them are memory corruption flaws, which affects Microsoft Office, SharePoint Server as well as Office Web Apps.

The flaws can be exploited by specially crafted Office files, allowing attackers to run arbitrary code with same privileges as the logged in user.

Bulletin MS16-084 addresses flaws in Internet Explorer and MS16-085 in Microsoft Edge. The IE flaws include RCE, privilege escalation, information disclosure and security bypass bugs.

Edge flaws include a handful of RCE and memory corruption flaws in the Chakra JavaScript engine, as well as an ASLR bypass, information disclosure, browser memory corruption, and spoofing bugs.

Bulletin MS16-086 addresses a vulnerability in the JScript and VBScript engines in Windows, which could allow an attacker to execute remote code execution flaw, affecting VBScript 5.7 and JScript 5.8.

Rest five bulletins rated as important address flaws in Windows Secure Kernel Mode, Windows Kernel-Mode Drivers, the .NET framework, the Windows Kernel, and Secure Boot process.

Users are advised to patch their system and software as soon as possible.


 

Source : thehackernews.com

7 comments:

Unknown said...

SEMPRE SBORRATA IN CULO: ELISA COGNO (FRUIMEX SAS DI ALBA), DA CRIMINALISSIMA PUTTANONA BERLUSCONAZISTA E PADANAZISTA QUALE DA SEMPRE E', LAVA TANTISSIMO CASH DI COSA NOSTRA, CAMORRA E NDRANGHETA, COME PURE RUBATO O FRUTTO DI MEGA MAZZETTE DI LL, LEGA LADRONA ED EX PDL, POPOLO DI LADRONI ( ORA FORZA ITALIA MAFIOSA), INSIEME A SUA MADRE, NOTA BAGASCIA BASTARDA SEMPRE PIENA DI SIFILIDE, CRIMINALISSIMA PIERA CLERICO (ANCHE LEI MEGA RICICLANTE SOLDI ASSASSINI, PRESSO ESTREMAMENTE MALAVITOSA FRUIMEX FRU.IM.EX SAS LOCALITA' SAN CASSIANO 15 - 12051 - ALBA - CN). IL TUTTO IN INFIMA HITLERIANA CONGIUNZIONE CON PROPRIO BASTARDO FILO MAFIOSO FRATELLO PAOLO COGNO: NOTO PEDERASTA NAZIFASCISTA, SUPER LAVA EURO KILLER, VICINISSIMO A FAMOSO " NDRANGHETISTA PADANO" DOMENICO BELFIORE DI TORINO E GIOIOSA JONICA. DEL GRUPPO "SATANAZISTAMENTE" OMICIDA FANNO OVVIAMENTE PARTE, IL GIA' PLURI CONDANNATO AL CARCERE, ACCLARATO PEDOFILO E MANDANTE DI OMICIDI, PAOLO BARRAI (MERCATO LIBERO ALIAS "MERDATO" LIBERO), ALTRETTANTO PEDOFILO ASSASSINO, SEMPRE A BANGKOK A STUPRARE ED UCCIDERE BAMBINI , COME A LAVARE CASH SUPER MAFIOSO DI ROBERTO PALAZZOLO, VERME BASTARDAMENTE SANGUINARIO MAURIZIO BARBERO. PURE DI ALBA, COME DI TECHNO SKY MONTE SETTEPANI E MERCATO LIBERO NEWS ALIAS "MERDATO" LIBERO NEWS. E COLLETTO LERCIO, MEGA RICICLA SOLDI CRIMINALISSIMI A ROMA (GIRI SCHIFOSISSIMI DI MAFIA CAPITALE), NONCHE' SEMPRE CANNANTE IN BORSA, MEGA AZZERA RISPARMI ALTRUI, FEDERICO IZZI, NOTO COME ZIO ROMOLO.

Bhavana said...

Standard visits recorded here are the simplest strategy to value your vitality, which is the reason why I am heading off to the site regular, looking for new, fascinating information. Many, bless your heart!

PMP

360DigiTMGMY said...

I think this is an extraordinary article. You make this information interesting and secures. You give perusers a lot to consider and I esteem such a forming.
hrdf claimable training

360DigiTMG said...

This is a great motivational article. In fact, I am happy with your good work. They publish very supportive data, really. Continue. Continue blogging. Hope you explore your next post
hrdf contribution

360DigiTMGNoida said...

I see the best substance on your blog and I unbelievably love getting them.
https://360digitmg.com/india/data-science-using-python-and-r-programming-noida

felisha green said...



Are you willing to know who your spouse really is, if your spouse is cheating just contact cybergoldenhacker he is good at hacking into cell phones,changing school grades and many more this great hacker has also worked for me and i got results of spouse whats-app messages,call logs, text messages, viber,kik, Facebook, emails. deleted text messages and many more this hacker is very fast cheap and affordable he has never disappointed me for once contact him if you have any form of hacking problem am sure he will help you THANK YOU.
contact: cybergoldenhacker at gmail dot com

TechnoBridge said...

It's great to return to your blog; I haven't visited in a very long time. Thankfully, this piece has been on my mind for a very long time. I will need this post to supplement my schoolwork, which also contains a similar topic and your review. Thank you for the excellent offer.
https://www.technobridge.in/software-testing-training-course.php