Delaware, USA – June 13, 2018 – Yesterday, Microsoft issued monthly security update pack (June 2018 Patch Tuesday) to fix 50 vulnerabilities, twelve vulnerabilities are marked as critical, and there is a publicly accessible proof of concept for one of them. Several vulnerabilities affect Edge and Internet Explorer browsers, including the vulnerability CVE-2018-8267, which can be exploited via IE or Microsoft Office files for remote code execution. It is very likely that this vulnerability will soon be actively exploited due to published PoC code. Experts consider the CVE-2018-8267 vulnerability in Windows DNSAPI as the most severe; it allows remotely execute code by sending specially crafted DNS query. This vulnerability can be exploited both during the Man-in-the-Middle attacks and by forcing the DNS server to send a request to the attacker’s server, which can be done even from the command line. Experts also recommend prioritizing to patch the CVE-2018-8231 vulnerability, which allows adversaries to gain control over the server by sending a modified HTTP packet.
The June update pack includes the patch to mitigate SpectreNG vulnerability (CVE-2018-3639), this function is disabled by default to avoid performance issues. It remains to wait for Intel and AMD microcode updates. You can leverage your SIEM and Specter & Meltdown Tracker use case to identify vulnerable assets and monitor the mitigation process. Also, you can use Windows Security Monitor for visualizing and profiling of the basic Microsoft Windows security events to stay ahead of cybersecurity threats.