Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

An exciting and scarey month with attacks that never happened, a bungled bank heist that only netted 81 million dollars and information about the FBI's attack on the iPhone becoming sinister.
We are preparing for Infosecurity Europe, the annual Information Show show at Olympia, London. I would be super happy to see you all there. Costs are, well, free. Use this link here to avoid the ?35 fee. Each day we will be running a couple of security primers and demos so do come along. We have coffee too.

Infosec Europe - See us @ N60.

Join the brightest and bests in the industry to ensure you keep abreast of the staying safe and secure.
Come and visit us on stand N60 at Infosec Europe, held at Olympia, London on the 7th to 9th of June.
Not got a ticket yet, have one on us here.

In The News

Get Rich QuickThe Armada Collective have managed to releave firms of in excess of $100k in bitcoin by threatening to carry out a DDoS attack against them. The kicker here, there is no DDoS attack. They are simply threats and there have been no incidents of a DDoS by them. You can read all about the scam here.
Apple vs FBI brings us new concernsIt would appear that ultimately the FBI paid a number of "grey hat" hackers to gain access to a zero day exploit for the iPhone. Originally beleived to have got the exploit from a security research firm, it transpires that the FBI approached one or more "grey hat" hackers in order to bypass the iphones security. This leaves a question at large, will the FBI share this data with Apple? Time will tell.Read more here.
SWIFT HackAttackers got away with $81 million but could have got more if they had not left a typo in their transfers. How did this attack occur?? They exploited a $10 network switch.? You can reach about the attach here.
Ransomeware? Have a free passwordWe all know about cryptolocker and the many many variants. In a fabulous turn, a group of security researchers have created a tool that can decrypt the petya ransomeware in under 10 seconds. Posted on twitter by Leo-Stone, the code was turned into an executable for easy use by Fabian Wosar. Still, beware of downloads and do NOT open unexepected attachments. There is even a howto guide here.

Microsoft Patch Roundup

SummaryWhat started out as a lovely summer style month has, in typical British fashion, turned into rain followed by rain. Following that same pattern, this month we have 16 patches released, and a whopping 50% of them are rated as Critical and Remote Code Execution issues.Server PlatformsFor the server platforms, look to apply MS16-055 as soon as possible and apply MS16-051 as a matter of routine.Workstation Platforms (Windows 7 and 8)This months patch cycle has more workstation patches that servers. Look to apply MS16-051, MS16-055 and MS16-056 as soon as possible and MS16-59 as a matter of routine.Workstation Platforms (Windows 10)Windows 10 is massively affected with MS16-051, MS16-052, MS16-055, MS16-056 and MS16-057 all being critical and requiring immediate patching.

Patch Details


Here are this cycles Critical rated patches:
MS16-051 Critical - Remote Code Execution - Patch NowCumulative Security Update for Internet Explorer (3155533)This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-052 Critical - Remote Code Execution - Patch NowCumulative Security Update for Microsoft Edge (3155538)This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
MS16-053 Critical - Remote Code Execution - Patch NowCumulative Security Update for JScript and VBScript (3156764)This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-054 Critical - Remote Code Execution - Patch NowSecurity Update for Microsoft Office (3155544)This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-055 Critical - Remote Code Execution - Patch NowSecurity Update for Microsoft Graphics Component (3156754)This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS16-056 Critical - Remote Code Execution - Patch NowSecurity Update for Windows Journal (3156761)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS16-057 Critical - Remote Code Execution - Patch NowSecurity Update for Windows Shell (3156987)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-064 Critical - Remote Code Execution - Patch NowSecurity Update for Adobe Flash Player (3157993)This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Here are this months Important rated patches:
MS16-058 Important - Remote Code ExecutionSecurity Update for Windows IIS (3141083)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-059 Important - Remote Code ExecutionSecurity Update for Windows Media Center (3150220)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-060 Important - Remote Code ExecutionSecurity Update for Windows Kernel (3154846)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-061 Important - Elevation of PrivilegeSecurity Update for Microsoft RPC (3155520)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.
MS16-062 Important - Elevation of PrivilegeSecurity Update for Windows Kernel-Mode Drivers (3158222)This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-065 Important - Information DisclosureSecurity Update for .NET Framework (3156757)This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.
MS16-066 Important - Security BypassSecurity Update for Virtual Secure Mode (3155451)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.
MS16-067 Important - Information DisclosureSecurity Update for Volume Manager Driver (3155784)This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.