Skip to content

Monthly Archives: June 2017

Nasty Hole in Skype

Nothing to see here, says Microsoft, just more crappy code

Infosec researchers have discovered a nasty and exploitable security vulnerability in older versions of Skype on Windows.The stack buffer overflow flaw allows miscreants to inject malicious code into Windows boxes running older versions of Skype, bug hunters at Vulnerability Laboratory warn: The issue can be exploited remotely via session or by local interaction. The problem is located in the print clipboard format & cache transmit via remote session on Windows XP, Windows 7, Windows 8 and Windows 10. In Skype v7.37 the vulnerability is patched.The CVE-2017-9948 bug involves mishandling of remote RDP clipboard content within the message box.Microsoft said the bug isn’t a problem for those running the latest version of its software.”Users on the latest Skype client are automatically protected, and we recommend upgrading to this version for the best protection,” a Microsoft spokesperson told El Reg.Vulnerability Laboratory’s Benjamin Kunz Mejri responded that although Microsoft had fixed this issue with version 7.37, widely used versions 7.2, 7.35 and 7.36 are still vulnerable to what he described as a “critical” security issue.
Source

If you are using XP you are screwed maybe as 7.36 is the last version… but

CVE-2017-9948 allows local or remote attackers to execute own codes on the affected and connected systems via Skype.
CVE-2017-9948 Fixed in v7.2, v7.3.5 & v7.3.6 Skype Versions

“In a software update of the v7.2, v7.3.5 & v7.3.6 version of Skype, a limitation has been implemented for the clipboard function”, researchers explain. Users of older versions of Skype are advised to update to the latest version as soon as possible to avoid becoming victims of malicious attacks.

Also, it’s important to note that the security risk associated with this flaw is high, as the exploitation of the buffer overflow software vulnerability requires no user interaction and only a low privilege Skype user account.

Source
https://sensorstechforum.com/cve-2017-9948-severe-skype-flaw/

Petya Ransonware

I have been busy so no chance to write the blog. But I had few minutes this AM to collect some links of articles on the Petya Ransomware.

Good Summaries
https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html
https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe

Up to Minute Updates from ESET (L4 Networks is an ESET Partner)
https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine/

How to protect yourself (From ESET)

  • Use reliable antimalware software: This is a basic but critical component. Just because it’s a server, and it has a firewall, does not mean it does not need antimalware. It does! Always install a reputable antimalware program and keep it updated. [L4 Note: And just because you have a hardware firewall, it does NOT mean you do not need an application level firewall. You DO! ]
  • Make sure that you have all current Windows updates and patches installed
    Run ESET’s EternalBlue Vulnerability Checker to see whether your Windows machines are patched against EternalBlue exploit, and patch if necessary.
    For ESET Home Users: Perform a Product Update.
    For ESET Business Users: Send an Update Task to all Client Workstations or update Endpoint Security or Endpoint Antivirus on your client workstations.