Springtime is here! Although up here in Minnesota you wouldn’t believe it as we received snowfalls that rivaled anything in the past 34 years! As spring arrives you think of all the things you need to do. Start packing up the shovels and snow blowers (except here where we may get a little bit more snow yet). Tune up the lawn mower and break out the yard gear. Given some recent cyber threats you may want to do some spring cleaning on the network as well.
Since March Patch Tuesday we have seen a Zero Day vulnerability from Microsoft. CVE-2018-1038 appears to have been introduced in the January OS updates for Windows 7, Server 2008, and Server 2008 R2 x64 editions and exposes these systems to an Elevation of Privilege attack that can allow any users total read\write access to the system’s RAM. Microsoft urged everyone to update systems urgently to plug this Zero Day threat.
In other news the SamSam ransomware attack on the City of Atlanta has caused significant ongoing pain as city officials try to recover from the attack. The threat actors behind the attack spend time doing their homework and researching their target before launching attacks. The ransomware is able to utilize a variety of exploits and compromise passwords to allow lateral movement across an environment and the attackers seem to provide oversight and attempt to adapt to remediation efforts according to a recent Wired article.
Among the vulnerabilities exploited are common protocols such as RDP and FTP along with exploits of Java-based web servers.
“SamSam has been adapted to exploit a variety of vulnerabilities in remote desktop protocols, Java-based web servers, File Transfer Protocol servers, and other public network components,” according to the Wired article.
As we enter into April patch maintenance, keep in mind this is also Oracle’s Quarterly Critical Patch Update release cycle. On April 17th Oracle will release updates for their products including Java. While Java is no longer the most targeted application on your network, it is still a prime target and low hanging fruit that, as we have seen in recent attacks, is still highly exploitable.
Forecast for April:
- Expect to see updates for Adobe Flash with possible Reader and Acrobat updates. Flash is expected, but Acrobat and Reader were last updated in February making them a possibility this month.
- Google Chrome and Mozilla Firefox are possibilities as well. They typically release every two to three weeks and are close to due for another round.
- Watch for the Oracle CPU on April 17th and consider Java instances that you cannot update to be a considerable risk. Make sure you are securing them with additional measures.