It Was A Light Patch Tuesday, But One Addresses A 9.8

The Wi-Fi RCE Is Also Somewhat Terrifying

Another Patch Tuesday has come and gone, or at least it has if you rebooted to install the updates.  You should probably get on that if you haven’t already, as there is a somewhat mysterious 8.8 vulnerability addressed that anyone with a WiFi card will want ASAP.  The bug hasn’t been leveraged yet, as far as we know, which is why the details are scarce but what we know is bad enough.  An unauthenticated user on a network can send malicious networking packets to other machines on that network and trigger remote code execution over WiFi, without the victim being any the wiser.

The 9.8 is another RCE bug, this time leveraging the Microsoft Message Queuing service found on servers, again a malicious packet can trigger arbitrary code execution to allow an attacker to take over your server.   Last, but not least is a patch addressing a DNSSEC validation issue that we’ve known about for a bit.  It enables an attacker to send excessive resources to a DNS resolver, causing a CPU usage spike which can take down said DNS resolver.

Patch early, patch often … except when the patches break more than they fix!

Leave a Reply