Microsoft has been in the news a lot lately related to flaws and in-the-wild exploited bugs in their operating system and related products. Last week more than ten hacker groups were identified attacking Exchange servers. Microsoft just patched 89 flaws in Internet Explorer (IE). Did they catch them all?
What is Going On?
As part of Microsoft’s Patch Tuesday last week, the tech giant patched 89 flaws found in Internet Explorer that could potentially allow a hacker to execute malicious code on affected computers. Some of the fixes apply to Microsoft’s latest browser, Edge.
According to Krebs on Security, “The IE flaw is tied to a vulnerability that was publicly disclosed in early February by researchers at ENKI who claim it was one of those used in a recent campaign by nation-state actors to target security researchers. In the ENKI blog post, the researchers said they will publish proof-of-concept (POC) details after the bug has been patched.”
Out of the total 89, 14 are considered critical security patches, and the other 75 not as important, but they do address specific known exploits being used right now in the wild.
The Hacker News reported, “Among those five security issues are a clutch of vulnerabilities known as ProxyLogon (CVE-2021-26855, 2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.”
Microsoft has plans to completely retire Internet Explorer, which has been a point of contention with security enthusiasts for years. Therefore, this latest slew of patches to fix the limping browser will probably be its last before it is put out to pasture.
The Problem with Finding Flaws
One of the biggest issues faced by threat detection teams is as soon as they release news of a newly discovered flaw, hacker groups get busy searching for vulnerable hardware and software to exploit them before a patch is issued.
Directly after issuing a patch on March 2, hackers ramped up their efforts targeting older, outdated software like IE, thus the need for additional security patch releases.
More Bad News
The Hacker News said, “Also included in the mix is a patch for zero-day in Internet Explorer (CVE-2021-26411) that was discovered as exploited by North Korean hackers to compromise security researchers working on vulnerability research and development earlier this year.”
“South Korean cybersecurity firm ENKI, which publicly disclosed the flaw early last month, claimed that North Korean nation-state hackers made an unsuccessful attempt at targeting its security researchers with malicious MHTML files that, when opened, downloaded two payloads from a remote server, one of which contained a zero-day against Internet Explorer.”
Along with fixing some major issues with IE, the patches also address problems with “Windows DNS Server (CVE-2021-26877 and CVE-2021-26897, CVSS scores 9.8), Hyper-V server (CVE-2021-26867, CVSS score 9.9), SharePoint Server (CVE-2021-27076, CVSS score 8.8), and Azure Sphere (CVE-2021-27080, CVSS score 9.3).”
Unfortunately, some of these patches are a second attempt after a previous round of patches failed to fix the problem.
How Users Can Stay Safe
The best way Microsoft users can stay safe is to keep all their hardware and software updated with the latest security patches. It’s a good idea to keep on top of emerging threats and read cybersecurity news to make sure you know about the dangers. Some other tips are:
- Always keep good antivirus running on computers, mobile devices, and servers.
- Store good backups on and off-site in case something goes wrong.
- Never download software from untrusted sources.
- Do not click links or download attachments in emails from unknown senders.