[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: [patchmanagement] Zero Day Remote Code Execution Vulnerability Jscript
From: "Hanna, Dean" <Dean.Hanna () fisglobal ! com>
Date: 2018-05-31 22:16:33
Message-ID: VI1PR0801MB2047F8E04D4FF03D7B2E9A5A8A630 () VI1PR0801MB2047 ! eurprd08 ! prod ! outlook ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I am beginning to wonder if Microsoft will have a fix this coming Patch Tue=
sday
https://www.zerodayinitiative.com/advisories/ZDI-18-534/
VENDOR RESPONSE
Microsoft states:
This vulnerability is being disclosed publicly without a patch in accordanc=
e with the ZDI 120 day deadline.
01/23/18 - ZDI sent the vulnerability report to the vendor
01/23/18 - The vendor acknowledged and provided a case number
04/23/18 - The vendor replied that they were having difficulty reproducing =
the issue report without POC
04/24/18 - ZDI confirmed the POC was sent with the original and sent it aga=
in
05/01/18 - The vendor acknowledged receipt of the POC
05/08/18 - The vendor requested an extension
05/18/18 - ZDI replied "We have verified that we sent the POC with the orig=
inal. The report will 0-day on May 29."
-- Mitigation:
Given the nature of the vulnerability the only salient mitigation strategy =
is to restrict interaction with the application to trusted files.
Thanks.
D. Dean Hanna
IT Security Analyst II, Patch Management Engineer
Managed Risk Services (MRS) / Vulnerability Management Center (VMC)
T: 602.337.3368
C: 480.340.3673
E: dean.hanna@fisglobal.com<mailto:dean.hanna@fisglobal.com>
FIS | Empowering the Financial World [cid:image001.png@01D112FA.C4A77D90] <=
https://www.facebook.com/FIStoday> [cid:image002.png@01D112FA.C4A77D90] <ht=
tps://twitter.com/FISGlobal> [cid:image003.png@01D112FA.C4A77D90] <https://=
www.linkedin.com/company/fis>
[50_3]
The information contained in this message is proprietary and/or confidentia=
l. If you are not the intended recipient, please: (i) delete the message an=
d all copies; (ii) do not disclose, distribute or use the message in any ma=
nner; and (iii) notify the sender immediately. In addition, please be aware=
that any message addressed to our domain is subject to archiving and revie=
w by persons other than the intended recipient. Thank you.
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If=
you would like to use any of this content in a blog or media publication, =
please contact the owners of the list for approval.
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.=
org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[Attachment #5 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">I am beginning to wonder if Microsoft will have a fix this \
coming Patch Tuesday<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a \
href="https://www.zerodayinitiative.com/advisories/ZDI-18-534/">https://www.zerodayinitiative.com/advisories/ZDI-18-534/</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1180" \
style="width:885.0pt;background:#040F1B;border-collapse:collapse"> <tbody>
<tr>
<td width="220" valign="top" style="width:165.0pt;padding:0in 0in 15.0pt 0in">
<p class="MsoNormal"><b><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:white">VENDOR \
RESPONSE<o:p></o:p></span></b></p> </td>
<td valign="top" style="padding:0in 0in 15.0pt 0in">
<p class="MsoNormal"><b><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:white">Microsoft \
states</span></b><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:white">:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:18.75pt"><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:white"><br> \
This vulnerability is being disclosed publicly without a patch in accordance with the \
ZDI 120 day deadline.<o:p></o:p></span></p> <p class="MsoNormal" \
style="margin-bottom:18.75pt"><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:white">01/23/18 \
- ZDI sent the vulnerability report to the vendor<br> 01/23/18 - The vendor \
acknowledged and provided a case number<br> 04/23/18 - The vendor replied that they \
were having difficulty reproducing the issue report without POC<br> 04/24/18 - ZDI \
confirmed the POC was sent with the original and sent it again<br> 05/01/18 - The \
vendor acknowledged receipt of the POC<br> </span><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:black;background:yellow;mso-highlight:yellow">05/08/18 \
- The vendor requested an extension</span><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:white"><br> \
</span><span style="font-size:13.5pt;font-family:"Arial",sans-serif;color:black;background:yellow;mso-highlight:yellow">05/18/18 \
- ZDI replied "We have verified that we sent the POC with the original. The \
report will 0-day on May 29."</span><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:18.75pt"><span \
style="font-size:13.5pt;font-family:"Arial",sans-serif;color:white">-- \
Mitigation:<br> Given the nature of the vulnerability the only salient mitigation \
strategy is to restrict interaction with the application to trusted \
files.<o:p></o:p></span></p> </td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks.<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">D. Dean Hanna<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">IT Security Analyst II, Patch \
Management Engineer<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="color:#1F497D">Managed Risk Services (MRS) / </span> <span \
style="color:#1F3864">Vu</span><span style="color:#1F497D">lnerability </span> <span \
style="color:#002060">M</span><span style="color:#1F497D">anagement </span> <span \
style="color:#002060">C</span><span style="color:#1F497D">enter \
(VMC)<o:p></o:p></span></p> <p class="MsoNormal"><b><span \
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7F7F7F">T:</span></b><span \
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7F7F7F"> </span><span \
style="color:#1F497D">602.337.3368</span><span \
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D"><br> \
</span><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7F7F7F">C</span></b><span \
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7F7F7F">: \
</span><span style="color:#1F497D">480.340.3673</span><span \
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#7F7F7F"><br> \
<b>E</b>: </span><span style="color:#1F497D"><a \
href="mailto:dean.hanna@fisglobal.com"><span \
style="color:#0563C1">dean.hanna@fisglobal.com</span></a><o:p></o:p></span></p> <p \
class="MsoNormal"><b><span \
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#64A64C">FIS | \
Empowering the Financial World</span></b><b><span \
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#6FAC46"> </span></b><a \
href="https://www.facebook.com/FIStoday"><span \
style="color:#6FAC46;text-decoration:none"><img border="0" width="19" height="19" \
style="width:.1979in;height:.1979in" id="Picture_x0020_5" \
src="cid:image001.png@01D3F90B.7E49AB30" \
alt="cid:image001.png@01D112FA.C4A77D90"></span></a><a \
href="https://twitter.com/FISGlobal"><span \
style="color:#6FAC46;text-decoration:none"><img border="0" width="19" height="19" \
style="width:.1979in;height:.1979in" id="Picture_x0020_9" \
src="cid:image002.png@01D3F90B.7E49AB30" \
alt="cid:image002.png@01D112FA.C4A77D90"></span></a><a \
href="https://www.linkedin.com/company/fis"><span \
style="color:blue;text-decoration:none"><img border="0" width="19" height="19" \
style="width:.1979in;height:.1979in" id="Picture_x0020_3" \
src="cid:image003.png@01D3F90B.7E49AB30" \
alt="cid:image003.png@01D112FA.C4A77D90"></span></a><b><span \
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#6FAC46"><o:p></o:p></span></b></p>
<p class="MsoNormal"><img border="0" width="198" height="71" \
style="width:2.0625in;height:.7395in" id="Picture_x0020_12" \
src="cid:image004.png@01D3F90B.7E49AB30" alt="50_3"><o:p></o:p></p> <p \
class="MsoNormal"><o:p> </o:p></p> </div>
The information contained in this message is proprietary and/or confidential. If you \
are not the intended recipient, please: (i) delete the message and all copies; (ii) \
do not disclose, distribute or use the message in any manner; and (iii) notify the \
sender immediately. In addition, please be aware that any message addressed to our \
domain is subject to archiving and review by persons other than the intended \
recipient. Thank you. </body>
</html>
["image001.png" (image/png)]
["image002.png" (image/png)]
["image003.png" (image/png)]
["image004.png" (image/png)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic