Windows flaw allows PowerShell attacks

Windows security is a moving target, and you have to be constantly monitoring the latest vulnerabilities to see if your laptop or servers are secure. Kaspersky Lab’s recent announcement that Microsoft just patched a critical vulnerability in the Windows GDI in the latest round of updates was exploited by a group of malicious hackers to successfully execute malicious code is troubling.

The remote code execution flaw starts in how the Windows GDI handled objects in memory (CVE-2016-3393), and the issue has been addressed in critical bulletin (MS16-120). The vulnerability affected all supported versions of Windows operating system, Microsoft Office 2007 and Office 2010, Skype for Business 2016, Silverlight, .Net Framework, Microsoft Lync 2013, and Microsoft Lync 2010.

Now your responsibility is to make sure all your systems are successfully updated, because this isn’t a vulnerability found in a lab. This vulnerability was find in the wild, so it is a known attack vector. If a hacker can trick a user into visiting a malicious website and clicking on a link to malicious content, the PowerShell script could attack an un-patched system. The same attack could also be started with a traditional malicious email attachment or a simple file download.

While your organization may have different patching requirements than mine, all IT departments should prioritize patching critical updates and this is a critical update.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s