Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies

Microsoft fixed critical vulnerabilities in Windows, Office, Edge, Internet Explorer, and its malware protection engine

Microsoft released security patches Tuesday for 55 vulnerabilities across the company's products, including for three flaws that are already exploited in targeted attacks by cyberespionage groups.

Fifteen of the vulnerabilities fixed in Microsoft's patch bundle for May are rated as critical and they affect Windows, Microsoft Office, Microsoft Edge, Internet Explorer, and the malware protection engine used in most of the company's anti-malware products.

System administrators should prioritize the Microsoft Office patches because they address two vulnerabilities that attackers have exploited in targeted attacks over the past two months. Both of these flaws, CVE-2017-0261 and CVE-2017-0262, stem from how Microsoft Office handles Encapsulated PostScript (EPS) image files and can lead to remote code execution on the underlying system.

According to researchers from FireEye, the CVE-2017-0261 vulnerability has been exploited since late March by an unidentified gang of financially motivated attackers and by a Russian cyberespionage group called Turla.

Also known as Snake or Uroburos, the Turla group has been active since at least 2007 and has been responsible for some of the most complex cyberespionage attacks to date. Its targets are usually government entities, intelligence agencies, embassies, military organizations, research and academic institutions, and large corporations.

The CVE-2017-0261 exploits came in the form of Word documents with embedded malicious EPS content that were distributed via email. The attacks also attempted to exploit a Windows privilege escalation vulnerability tracked as CVE-2017-0001 that Microsoft patched on March 14.

Later, in April, researchers from FireEye and ESET discovered a different cyberespionage campaign exploiting the second EPS-related Microsoft Office vulnerability that was patched Tuesday: CVE-2017-0262. Those attacks were traced back to a Russian cyberespionage group known in the security industry as APT28, Fancy Bear, or Pawn Storm.

APT28 is the group blamed for hacking into the U.S. Democratic National Committee last year during the presidential election. The group's selection of targets over the years has reflected Russia's geopolitical interests leading many researchers to believe that APT28 is tied to the Russian Military Intelligence Service (GRU).

APT28's past attacks have demonstrated that the group has access to an arsenal of zero-day exploits -- exploits for previously undisclosed vulnerabilities. Its exploit for CVE-2017-0262 was distributed in a decoy document about President Donald Trump's decision to launch an attack in Syria last month and was chained with another zero-day exploit for a Windows privilege escalation vulnerability (CVE-2017-0263) that was also patched Tuesday.

Even though the CVE-2017-0262 EPS vulnerability was technically patched Tuesday, users who installed the Microsoft Office updates released in April were protected against it. That's because those updates disabled the EPS filter in Office as a defense-in-depth measure, Microsoft researchers said Tuesday in a blog post.

System admins should also prioritize this month's security updates for Internet Explorer and Edge, because they fix critical vulnerabilities that could be exploited by visiting malicious websites or by viewing specially crafted advertisements inside the browsers. One of the patched IE flaws is already exploited by attackers, while one patched in Edge has been publicly disclosed.

The updates for Windows should come next on the priority list because they address several remote code execution vulnerabilities in the SMB network file-sharing protocol. These vulnerabilities put Windows desktop and server installations at risk of hacking if they use SMBv1.

Finally, users of Microsoft's anti-malware products, including Windows Defender and Microsoft Security Essentials should make sure that their engine is updated to version 1.1.13704.0. Older versions contain a highly critical vulnerability that can be easily exploited by attackers to take complete control of computers.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?