Om Globeteam

Security News May 2018

update

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8174).

A remote code execution vulnerability exists in the VBScript scripting engine (vbscript.dll) of Windows. This vulnerability allows an attacker to include malicious VBScript within a website or embedded within an Office file, which when executed allows an attacker to execute arbitrary code in the context of the current user. Threat actors are currently exploiting this vulnerability.

Its recommended to update all your Windows systems with Microsoft May 2018 Patch Tuesday updates.

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8174

 

Intel CPUs Reportedly Vulnerable on New Spectre-Style Critical Security Chip Flaws

A total of 8 new vulnerabilities have been discovered and are being dubbed Spectre Next Generation, or Spectre-NG for short.

Each of the eight vulnerabilities have been assigned their own Common Vulnerability Enumerator (CVE) designation, and each will need to be patched separately according to German publication. Intel, which has been notified of Spectre-NG, acknowledges that four of the new exploits are considered “high risk”, while the other four are “medium risk”. Intel is now planning a coordinated release on May 21, 2018. New microcode updates are due to be released on this date.

It’s expected that Microsoft will release mitigation patches in the May 2018 Patch Tuesday updates or later.

Its recommended to update your Intel based systems as soon Intel and the vendors release new BIOS fixes and update all your Windows systems with Microsoft May 2018 Patch Tuesday updates

https://www.neowin.net/news/more-flaws-discovered-in-intel-chips—some-serious-expect-patches-soon

 

CredSSP Remote Code Execution Vulnerability (CVE-2018-0886).

A critical vulnerability has been discovered in Credential Security Support Provider protocol (CredSSP) that affects all versions of Windows to date and could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code. CredSSP protocol has been designed to be used by RDP (Remote Desktop Protocol) and Windows Remote Management (WinRM) that takes care of securely forwarding credentials encrypted from the Windows client to the target servers for remote authentication

Its recommended to update all your Windows systems with Microsoft May 2018 Patch Tuesday updates.

NOTE – Both parts should be updated to make RDP work with this patch!

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886

Globeteam tilbyder ydelser inden for og på tværs af tre hovedområder

Business model

skab sammenhæng mellem it og forretning

Globeteam hjælper dig med at optimere værdien af dine it-løsninger ved at sikre, at de understøtter forretningens

strategi og vision

Optimer og moderniser din
IT-INFRASTRUKTUR 

Globeteam sikrer dig en velfungerende it-infrastruktur, så du opnår en mere stabil drift og øget medarbejdereffektivitet

understøt forretningen med en skræddersyet it-løsning

Globeteam tilbyder assistance til at udvikle eller tilpasse it-løsninger, som møder forretningens specifikke behov


Er du Interesseret i at høre mere?

Få vores nyhedsbrev

Få de seneste nyheder og bliv inspireret af spændende kundehistorier

Email

Fornavn

Efternavn

Virksomhed



Optimer din forretning og dine it-investeringer

Er du interesseret i at vide mere om Globeteams ydelser, og hvordan vi kan hjælpe netop din forretning?