At the end of 2017, the FortiGuard Labs team discovered a heap overflow vulnerability in Microsoft Windows JET Database Engine and reported it to Microsoft following Fortinet’s responsible disclosure process. On April 10, 2018, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1003.
Over the last few months, the Microsoft Security Response Centre (MSRC) has released a number of Windows updates to fix multiple Use-After-Free (UAF) vulnerabilities discovered by FortiGuard Labs. As stated in our previous blog post, we will provide a technical write-up for one of the UAF issues that was rated as critical by MSRC. The issue is assigned to CVE-2018-0797. In this blog post we will share our methodologies in identifying the root cause of the issue, as well as an analysis of the mitigation deployed by Microsoft to address the UAF vulnerability.
During the last few months, FortiGuard Labs discovered and reported multiple use-after-free (UAF) vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January and March security updates, respectively. These patches are rated as critical/important, and as always, we urge users update Microsoft Office as soon as possible.
One of the key features of Microsoft‘s patches is the “Kernel Virtual Address Shadow” (a term coined by Microsoft), or KVAS for short. This feature effectively blocks the Meltdown attack, as it leaves very little kernel memory accessible to user mode code. In this blog post we provide a deep dive analysis of this feature.
Only a few days after FortiGuard Labs published an article about a spam campaign exploiting an RTF document, we found another spam campaign using an even more recent document vulnerability, CVE-2017-11882.
Recently, FortiGuard Labs found an interesting malware campaign using the recently documented vulnerability CVE-2017-11826 that was patched by Microsoft in October of this year. A detailed analysis of this exploit is also included in this article.
Richard Hannah is Vice President of Information Services and he oversees the entire IT environment at Gibson Energy. The company has doubled in size in recent years, and a major focus of Hannah’s has been to modernize and streamline the company’s IT infrastructure.
Fortinet is proud to be a Gold Sponsor of this year’s Microsoft Ignite conference, being held September 25-29, 2017 at the Orange County Convention Center in Orlando, Florida. This year’s event is completely sold out, with over 23,000 attendees from around the world expected to participate. This year’s Fortinet booth (#1907) is situated directly adjacent to the main Central Square showcase that will be featuring many of Microsoft’s latest technologies. At this year’s Ignite event we are featuring several demo...
FortiGuard Labs recently captured some malware which was developed with the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro. Figure 1 below shows how it looks when it’s opened. Figure 1. When the malicious Word document is opened What the VBA code does Once you click the “Enable Content”...
The emerging trend towards security automation is becoming essential for cloud deployment. Traditionally, businesses configure a Web Application Firewall with static policies to address unchanging, known-bad threats. Unfortunately, it can be tricky to get them all right in Public Cloud environment. With a growing number of attack variants, more rules you add the more potential there is to run into false positives. FortiWeb’s integration with the Azure Security Center now allows customers to take a reactive policy approach to web security...