Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Microsoft has rolled out its August Patch Tuesday fixes, addressing 19 critical vulnerabilities, including fixes for two zero-day vulnerabilities that are under active attack. Overall, the company patched a total of 60 flaws, spanning Microsoft Windows, Edge, Internet Explorer IE, Office, .NET...

Microsoft Guidance to mitigate L1TF variant

Executive Summary On January 3, 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown. Microsoft is aware of a new speculative execution side channel vulnerability known as ...

August 14, 2018—KB4343899 (Security-only update)

August 14, 2018—KB4343899 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability...

August 14, 2018—KB4343892 (OS Build 10240.17946)

August 14, 2018—KB4343892 OS Build 10240.17946 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability known as ...

August 14, 2018—KB4343888 (Security-only update)

August 14, 2018—KB4343888 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability...

August 14, 2018—KB4343887 (OS Build 14393.2430)

August 14, 2018—KB4343887 OS Build 14393.2430 Note This release also contains updates for Windows 10 Mobile OS Build 14393.2431 released August 14, 2018. Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive...

August 14, 2018—KB4343897 (OS Build 16299.611)

August 14, 2018—KB4343897 OS Build 16299.611 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability known as L1...

Description of the security update for the L1TF variant vulnerabilities in Windows Server 2008: August 14, 2018

Description of the security update for the L1TF variant vulnerabilities in Windows Server 2008: August 14, 2018 Summary On January 3, 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels known as Spectr...

KeyPass ransomware

In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. Others in the security community have also noticed that this ransomware began to actively spread in August: Notification from MalwareHunterTeam Distribution model According to our...

Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as SpectreNG (CVE-2018-3639)

Summary A third party CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG. These vulnerabilities have been referred to as part of "SpectreNG" in the media, given their similarity to previously disclosed...

TSMC Chip Maker Blames WannaCry Malware for Production Halt

Taiwan Semiconductor Manufacturing Company TSMC—the world's largest makers of semiconductors and processors—was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus. Now, it turns out that the computer virus outbreak at Taiwan chipmake...

[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.144/: Upgraded. This kernel update enables additional mitigations for spectrev2 IBPB and IBRSFW. It also enables reporting on the...

NetSpectre — New Remote Spectre Attack Steals Data Over the Network

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed "NetSpectre ," the new remote side-channel attack, which is related to Spectre...

Kronos Banking Trojan Surfaces After Years of Silence

The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying code and are actively targeting victims in Germany, Japan and Poland. The latest variant has incorporated a new command-and-control feature designed to work with the Tor...

Design/Logic Flaw

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet...

[SECURITY] [DLA 1423-1] linux-4.9 new package

Package : linux-4.9 Version : 4.9.110-1deb8u1 CVE ID : CVE-2017-5753 CVE-2017-18255 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-3639 CVE-2018-5814 CVE-2018-10021 CVE-2018-10087 CVE-2018-10124 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880...

Debian DLA-1422-2 : linux security update (Spectre)

The previous update to linux failed to build for the armhf ARM EABI hard-float architecture. This update corrects that. For all other architectures, there is no need to upgrade or reboot again. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have be...

[SECURITY] [DLA 1422-2] linux security update

Package : linux Version : 3.16.57-2 CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093 CVE-2018-1130 CVE-2018-3665 CVE-2018-5814 CVE-2018-9422 CVE-2018-10853 CVE-2018-10940 CVE-2018-11506 CVE-2018-12233 CVE-2018-1000204 Debian Bug : 898165 The previous update to linux failed to buil...