Microsoft Fixes 6-Month-Old Windows Flaw Exploited by AdGholas and Neutrino Kits

Place you can talk about other things not related to autopatcher.
Post Reply
User avatar
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia

Microsoft Fixes 6-Month-Old Windows Flaw Exploited by AdGholas and Neutrino Kits

Post by Whatacrock »

Microsoft Fixes 6-Month-Old Windows Flaw Exploited by AdGholas and Neutrino Kits

Microsoft used this month’s Patch Tuesday cycle to patch a six-month-old vulnerability affecting all Windows systems and exposing users to attacks when visiting malicious websites.

Security company Trend Micro reveals that the zero-day information disclosure vulnerability documented with CVE-2017-0022 was first reported to the software giant in September last year and was already included in at least two exploit kits.

Specifically, this security flaw existing in all Windows versions currently supported by Microsoft (there’s a good chance Windows XP is also impacted, but no security patches are released for this OS version anymore) allows attackers to see the installed applications on a victim’s computers.

This way, cybercriminals can look for security software that can block their malware, but also for other vulnerable applications that could allow them to break into the system and deploy other malicious files.

In order to exploit the flaw, unpatched Windows systems need to visit a compromised website, so most attackers rely on phishing campaigns to lure victims to these pages.
"Look for MS17-022 to stay secure"

It looks like the vulnerability was already included in at least two exploit kits, and Trend Micro says that both AdGholas and Neutrino were spotted using it in mid-2016.

“If CVE-2017-0022 is integrated into an exploit kit such as Neutrino, it analyzes the system for signs of security software and checks if the browser is using any sandbox solutions. In addition, it inspects the system for the presence of any packet capture software,” Trend Micro explains.

Microsoft fixed the vulnerability with MS17-022, a security bulletin labeled as important and bringing updates for Microsoft XML Core Services.

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message,” Microsoft says.

Needless to say, Windows users are recommended to deploy these patches as soon as possible, while on systems where installing the update is not yet possible, it’s recommended to avoid opening URLs coming from untrusted sources. ... 4257.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
Post Reply