Category Archives: patch tuesday

Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers

(credit: Microsoft)

On Tuesday, Microsoft took the highly unusual step of issuing security patches for XP and other unsupported versions of Windows. The company did this in a bid to protect the OSes against a series of "destructive" exploits developed by, and later stolen from, the National Security Agency.

By Ars' count, Tuesday is only the third time in Microsoft history that the company has issued free security updates for a decommissioned product. One of those came one day after last month's outbreak of the highly virulent "WCry" ransom worm, which repurposed NSA-developed exploits. The exploits were leaked by the Shadow Brokers, a mysterious group that somehow got hold of weaponized NSA hacking tools. (WCry is also known as "WannaCry" and "WannaCrypt.")

Tuesday's updates, this updated Microsoft post shows, include fixes for three other exploits that were also released by the Shadow Brokers. A Microsoft blog post announcing the move said the patches were prompted by an "elevated risk of destructive cyberattacks" by government organizations.

Read 8 remaining paragraphs | Comments

Critical Word 0-day is only 1 of 3 Microsoft bugs under attack

Enlarge (credit: Stephen Brashear / Getty Images News)

A zero-day code-execution vulnerability in Microsoft Office is one of three critical flaws under active attack in the wild, Microsoft warned Tuesday as it rolled out a batch of updates that plug the security holes.

As Ars reported Monday night, attackers are exploiting the flaw to infect unsuspecting Word users with bank-fraud malware known as Dridex. Blog posts published Tuesday morning by security firms Netskope and FireEye reported that attackers are exploiting the same bug to install malware with the names Godzilla and Latenbot.

Ryan Hanson, a researcher at security firm Optiv and the person Microsoft credited with reporting the critical bug, said exploits can execute malicious code even when a mitigation known as Protected View isn't disabled. The attacks are able to bypass other exploit mitigations as well. Microsoft's fix for CVE-2017-0199, as the flaw is indexed, is here.

Read 3 remaining paragraphs | Comments