Jump to content

Microsoft Management Console (MMC) Vulnerabilities


Sampei.Nihira

Recommended Posts

Quote

 

Recently, Check Point Research discovered several vulnerabilities in the console that would allow an attacker to deliver a malicious payload.

Microsoft has granted CVE-2019-0948 to this vulnerability and patched it in their June 11th Patch Tuesday release.

 

 

https://research.checkpoint.com/microsoft-management-console-mmc-vulnerabilities/

Probably, I have not verified, the Windows Vista can find the relative patch.
Not available for Windows XP.

It would be interesting to open a debate on the countermeasures to be taken.:)

Personally at the moment I have taken the following precautions:

 

1) Block direct execution of Vbscript code and block execution of .vbs scripts.

2) Block any process executed from mmc.exe.

3) Block execution .msc script executed outside Sytem Folder.

Edited by Sampei.Nihira
Link to comment
Share on other sites


On 6/18/2019 at 7:37 PM, Sampei.Nihira said:

Probably, I have not verified, the Windows Vista can find the relative patch.

Vista SP2 users can manually install provided patch(es) for WS2008SP2:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0948

Z6yP6ry.jpg

https://support.microsoft.com/en-us/help/4503273/windows-server-2008-update-kb4503273

https://support.microsoft.com/en-us/help/4503287/windows-server-2008-update-kb4503287

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...