This weeks top stories is that Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability that could lead to remote code execution in Microsoft’s own Malware Protection Engine. CVE-2017-11937 uses a memory corruption bug that lets a specially crafted file run code on on the machine. This is an out of band security update coming out just days before they issue their December Patch Tuesday update, and Microsoft is advising to install this patch as soon as possible.
TeamViewer Rushes Fix for Permissions Bug that let the controlled machine to take control over the controlling machine. The bug impacts Windows, macOS and Linux versions of TeamViewer.
Bugs in over 30 mail clients found letting a phisher craft perfectly spoofed emails, defeating DMARC, Sender Policy Framework(SPF) and Domain Keys Identified Mail (DKIM) showing the mail as legit in the client.
This collection of bugs has been named “Mailsploit” by the researcher that discovered it, and a list of vulnerable devices can be found here.
Two researchers from enSilo described a new code injection technique called “Process Doppelgänging” at blackhat 2017. This new attack works on all Windows versions and researchers say it bypasses most of today’s major security products. This is a file-less attack and it is impossible to patch since it exploits core designs of Microsoft process loading mechanism. The good news is that its a very technically challenging exploit to run.
In malware news FBI, Europol, Microsoft and ESET Team teamed up to dismantle the longest running botnet to date, the Andromeda network of botnets that has been active since 2011.
Top 5 Security links
Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability
TeamViewer Rushes Fix for Permissions Bug
‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs
Patch for apples blank password bug released
“Process Doppelgänging” Attack Works on All Windows Versions