Microsoft Security Put to the Test at Black Hat, DEF CON

itman · Aug 2, 2017

Researchers at both conferences demonstrated workarounds and flaws in applications and services including Office 365, PowerShell, Windows 10, Active Directory and Windows BITs.

Security researchers digging for vulnerabilities and workarounds in Microsoft systems and applications demonstrated their discoveries last week at Black Hat and DEF CON in Las Vegas.

Presentations centered on Windows, Active Directory, BITS, and Office 365 in the enterprise. Microsoft issued Microsoft Office security updates the week of both conferences but, as researchers explained, it didn't cover all the vulnerabilities brought to its attention.

Let's take a deeper dive into the findings and flaws that researchers believe could put users at risk:

Office365 + PowerShell = Enterprise Danger

A 20-year-old SMB Vulnerability in Windows 10

The Risk of Windows BITS

Turning Active Directory into a Botnet

Click to expand...

http://www.darkreading.com/vulnerab...the-test-at-black-hat-def-con/d/d-id/1329511?

itman · Aug 5, 2017

Microsoft Will Not Patch SMBLoris Vulnerability

Microsoft has declined to patch a vulnerability in the Server Message Block (SMB) file sharing protocol that affects all versions of the Windows operating system released in the past two decades, since Windows 2000.

The vulnerability is named SMBLoris and was discovered by two RiskSense security researchers — Sean Dillon (@zerosum0x0) and Jenna Magius (@jennamagius) — while exploring the NSA's EternalBlue SMB exploit back in June.

SMBLoris affects all three SMB protocol versions + Samba
The two discovered a flaw in the SMB protocol and affects all three versions — SMBv1, SMBv2, and SMBv3 — but also the Samba Linux server that provides SMB interoperability with Linux systems.

The vulnerability allows an attacker to open a connection to a remote computer via the SMB protocol and instruct that computer to allocate RAM to handle the connection. The attacker doesn't have to be authenticated.

The SMBLoris flaw is dangerous because it allows an attacker to open tens of thousands of connections to the same machine, exhausting its RAM and potentially crashing the target's computer.

The vulnerability does not allow remote code execution, which means an attacker can't take over vulnerable computers, but only crash them, at best.
Click to expand...

https://www.bleepingcomputer.com/news/security/microsoft-will-not-patch-smbloris-vulnerability/

Peter2150 · Aug 5, 2017

In the first article did you catch what they said about powershell. MS added the capability to control Internet Explorer with powershell. Ouch

Log in or Sign up

Microsoft Security Put to the Test at Black Hat, DEF CON

itman Registered Member

itman Registered Member

Peter2150 Global Moderator

Log in or Sign up

Microsoft Security Put to the Test at Black Hat, DEF CON

itman Registered Member

itman Registered Member

Peter2150 Global Moderator

Useful Searches