CRITICAL vulnerability in Microsoft Framework .NET

A highly critical vulnerability has just been published by Microsoft Corporation.

This vulnerability is based on the .NET Framework, which is used by Microsoft Office and many other applications. It allows the contamination of your computer simply by opening a malicious file that would be sent to you by email for example.

WHICH SYSTEMS ARE AFFECTED?

All versions of Microsoft Windows and Microsoft Windows Server.

WHAT ARE THE RISKS?

The risk of this infection is for example the installation of spyware on your computer. The purpose of using spyware is to retrieve private and confidential data for malicious purposes or inappropriate use of your computer resources. It is highly likely that a ransomware attack using and exploiting this vulnerability will be released shortly: it will encrypt your data and demand a financial ransom for its return.

HOW TO REACT TO THIS ATTACK?

• IMMEDIATELY update your computer system with the latest Microsoft security patches (September 12).
• Pay particular attention and do not open any document/link from a suspicious email or from a person you do not know.

DFi’s SOC (Security Operations Center) customers are already covered (or being covered) for both detection and remediation.

REFERENCES OF THE SECURITY FLAW:

.NET Framework Remote Code Execution Vulnerability
CVE-2017-8759

SOME LINKS FOR MORE TECHNICAL INFORMATION:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8759
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8759

Let’s stay vigilant together.

Security Operations Center – DFi Service SA