Security researchers have disclosed details of a critical vulnerability in Microsoft Outlook for which Microsoft released an incomplete patch this month; almost 18-months after receiving the disclosure report.
The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to seize sensitive information, including users' Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without needing any further user interaction.
A hacker can exploit this vulnerability by sending a Rich Text Format (RTF) email to a victim, containing a remotely-hosted Object Linking & Embedded (OLE) image, loading from the attacker-controlled server.
Microsoft Outlook automatically renders OLE content, it will initiate an automatic authentication with the attacker's controlled remote server over SMB protocol, handing over the victim's username and NTLMv2 hashed version of the password, possibly allowing the intruder to gain access to the victim's computer.
Dormann reported the vulnerability to Microsoft in November 2016, and in an attempt to patch the issue, the company released an incomplete fix in its April 2018 patch Tuesday update.
The security patch only prevents Outlook from automatically initiating SMB connections when it previews RTF emails, but the researcher noted that the fix does not prevent all SMB attacks.
"It is important to realize that even with this patch, a user is still a single click away from falling victim to the types of attacks described above," Dormann said. "For example, if an email message has a UNC-style link that begins with "\\”, clicking the link initiates an SMB connection to the specified server.”
Cloud computing has been around for quite a while but it took some years before it became part of everyday language. Starting out it might have seemed too esoteric for many companies, but it's hard to imagine our current technological world without the cloud.
On average, it takes 100 days for ransomware or malware to be detected with traditional network security systems due to their inadequate visibility and limited ability to analyze advanced threats. A lot of damage can occur over 100 days. Due to the advanced programming of EDR, the 100-day average of detecting ransomware or malware drastically drops to just a matter of hours or even minutes.
iTecs is your IT solution for your business’s remote and onsite managed IT service needs. iTecs has the expertise to guide and consult with businesses regarding which technology and services are necessary to run quickly and efficiently. After consulting with you on the technology needs of your business, iTecs will procure and employ the programs, then monitor and provide maintenance, such as patch management and updates, and be on top of any issue within the system if it were to occur. It should not be the responsibility of your business to be an expert in IT. Instead of worrying about becoming the best in IT to protect your business, gain peace of mind by outsourcing your IT needs to the best MSP by partnering with iTecs. We do what we do best, so you can focus on being the best in your industry and taking your business to the next level.