Leading this month's Patch Tuesday charge is CVE-2017-11927, a bug in Windows that can be exploited by an attacker to snatch a victim's NTLM hash, which could be cracked offline to reveal their password. A mark would have to be tricked into clicking on a link to a malicious website, SMB share, or UNC path, which would trigger exploitation via the little-used ITS protocol, a format used for serving compiled HTML help (CHM) files.As always, you should apply these updates as soon as possible.
"In theory, you shouldn’t be able to access remote content using ITS outside of the Local Machine Zone thanks to a 2005 update," explained Dustin Childs from Trend Micro's Zero Day Initiative.
"It appears that has been circumvented by this bug, as it allows attackers who trick users into browsing to a malicious website or to malicious SMB destinations to leak info."
Microsoft Patch Tuesday: Updates arrive for 32 vulnerabilities
Posted on Wednesday, December 13 2017 @ 11:17 CET by Thomas De Maesschalck