Shulou(Shulou.com)06/01 Report--

What is the risk hint of Brackets remote code execution? aiming at this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

0x00 vulnerability background

On December 11, 2019, Microsoft | Adobe routinely released the December security update. The main types of vulnerabilities addressed include cross-border reads and writes, some untrusted pointer references, and some UAF. No vulnerabilities have been published at the time of release or received reports of unsolicited attacks.

Adobe's security update mainly covers Acrobat Reader,Bracket,Cold Fusion,Photoshop.

Microsoft's security update mainly covers Windows operating system, IE/Edge browser, Hyper-V Server, Microsoft Defender, Github Library, Office service and SQL Server. In total, there are 36 CVE,28 high-risk vulnerabilities and 8 medium-risk vulnerabilities. The December update is relatively lightweight, and no vulnerabilities have been marked as publicly known.

Among them, a privilege escalation vulnerability in CVE-2019-1458 Win32k has been marked by Microsoft as exploitable and has been exploited in the wild.

Hyper-v remote code execution vulnerability

Win32k privilege escalation vulnerability

Git for Visual Studio remote code execution vulnerability

Win32k Graphics remote code execution vulnerability

Microsoft SQL Server reports system XSS vulnerabilities

Microsoft PowerPoint remote code execution vulnerability

Windows OLE remote code execution vulnerability

VBScript remote code execution vulnerability

360CERT determined that this security update is aimed at a wide range of vulnerabilities, and there is one vulnerability that can be exploited and has been exploited in the wild.

It is recommended that the majority of users timely update the system and install windows patches to do a good job of prevention to avoid attacks.

0x01 vulnerability details

Give a detailed introduction to some vulnerabilities

Brackets remote code execution vulnerability

CVE-2019-8255, Adobe number APSB19-57, fixed Brackets remote code execution vulnerability, this component can run on Windows, MacOS, Linux across platforms. The affected versions are 1.14 and earlier.

Win32k privilege escalation vulnerability

CVE-2019-1458 according to a report by Kaspersky Laboratories (Kaspersky Labs), this month the vulnerability was classified as a vulnerability with active wild attacks. There is some speculation that this vulnerability in conjunction with Chrome's UAF vulnerability can lead to a Chrome sandbox escape.

Hyper-V Server remote code execution vulnerability

CVE-2019-1471 the vulnerability allows arbitrary code execution on the Hyper-V Server host within the virtualized host. This is a loophole worth paying attention to, because it is very influential at a time when virtualization technology is in vogue.

Win32k Graphics remote code execution

CVE-2019-1468 still finds serious problems with embedded fonts. If an attacker looks at specially crafted fonts, it may cause the attacker to execute code on the affected system. If you log in as an administrator, the attacker may take over the system completely.

Git for Visual Studio remote code execution vulnerability

CVE-2019-1349 remote code execution vulnerability

CVE-2019-1350 remote code execution vulnerability

CVE-2019-1352 remote code execution vulnerability

CVE-2019-1354 remote code execution vulnerability

CVE-2019-1387 remote code execution vulnerability

Developers using Visual Studio need to pay attention to multiple remote code execution due to GIT embedded in VS.

0x02 repair recommendation

360CERT recommends an one-click update by installing the 360Security Guard (http://weishi.360.cn/)).

You should update the Microsoft Windows version in time and keep the Windows automatic update on, or you can upgrade manually by downloading the software package in the reference link.

Users can manually upgrade by downloading the software package in the reference link.

The process for windows server / windows to detect and turn on Windows automatic updates is as follows

Click the start menu and select Control Panel from the pop-up menu to proceed to the next step.

Click "system and Security" on the control panel page to enter the settings.

In the new interface that pops up, select enable or disable automatic updates in windows update.

Then go to the settings window, expand the drop-down menu item, and select the automatic installation update (recommended).

The answer to the question about Brackets remote code execution risk tips is shared here. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.