Modernizing Authentication — What It Takes to Transform Secure Access
Microsoft released its latest monthly Patch Tuesday update on July 11, patching a total of 54 vulnerabilities, of which 19 were rated as critical.
Microsoft's HoloLens Virtual Reality (VR) technology received its first patch this month, for a critical remote code execution vulnerability identified as CVE-2017-8584. The vulnerability could have been triggered by an attack that sent a malicious WiFi packet to the HoloLens.
"An attacker who successfully exploited this vulnerability could take control of an affected system," Microsoft warns in its advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Microsoft's next generation Edge web browser is also being patched for multiple critical vulnerabilities. CVE-2017-8596 is a memory corruption flaw that could lead to arbitrary code execution, while CVE-2017-8617 is a critical remote code execution vulnerability.
The scripting engine in Microsoft Edge is also being patched for 13 critictal memory corruption vulnerabilities (CVE-2017-8595,CVE-2017-8598, CVE-2017-8601,CVE-2017-8603,CVE-2017-8604,CVE-2017-8605,CVE-2017-8607, CVE-2017-8608,CVE-2017-8610, CVE-2017-8619,CVE-2017- 8606, CVE-2017-8609 and CVE-2017-8618)
Also of note in the July Patch Tuesday update is Windows privilege escalation vulnerability (CVE-2017-8563) that Microsoft has rated as 'important' though the security firm that discovered the issues sees broader potential. CVE-2017-8563 is actually a vulnerability in the Lightweight Access Directory Protocol (LDAP) relay that was discovered by security firm preempt.
"The vulnerability here is that while LDAP signing protects from both Man-in-the-Middle (MitM) and credential forwarding, LDAPS protects from MitM (under certain circumstances) but does not protect from credential forwarding at all," Preempt security researcher Yaron Zinar warned. "This allows an attacker with SYSTEM privileges on a machine to use any incoming NTLM session and perform the LDAP operations on behalf of the NTLM user."
NTLM or Window NT LAN Manager is a set of protocols on Windows that provide authentication services. Zinar sees the CVE-2017-8563 issues as been severe, as that could easily enable an attacker to get full control over a vulnerable network.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.