March Patch Tuesday and AMD Processor Vulnerability

Marina Kidron Mar 14, 2018
  • CredSSP Vulnerability Main Focus of March Patch Tuesday

For March Patch Tuesday, Microsoft announced 74 CVEs. But one deserves special attention.

A remote code execution (RCE) vulnerability in Microsoft’s Credential Security Support Provider (CredSSP) protocol allows a remote attacker to leverage a man-in-the-middle attack to execute arbitrary code on a different machine in the attacked network. This would enable a lateral movement scenario.

The vulnerability affects every version of Microsoft Windows to date.

CVE-2018-0886 is a logical flaw in CredSSP used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM) that forwards credentials to target servers in a secure manner. Most enterprises use RDP for remote login, making them vulnerable to the issue.

A demonstration of the exploit has been released; it is not known to be exploited in the wild at this time. But, with the information available, that could change quickly.

The patch has just now been made available, but the vulnerability was brought to Microsoft’s attention in August 2017 — seven months before they released the patch.

  • Spectre/Meltdown Class of Vulnerabilities in AMD Processors  

13 critical vulnerabilities have been discovered in AMD’s co-processor. The vulnerabilities affect the AMD EPYC, Ryzen, Ryzen Pro and Ryzen Mobile lines of processors.

The vulnerabilities are categorized into four classes — Ryzenfall, Fallout, Chimera and Masterkey — and require admin privileges. Though no CVEs have been assigned yet, this looks like the real thing. The Israeli research organization, CTS, that disclosed the vulnerabilities has published a report, though it contains no technical details that would be expected. Some researchers have received a full technical report and the proof-of-concept exploit code for each set of vulnerabilities, but it has yet to be made public.

For now, security teams will have to sit tight while the a PR party dances on.

It appears AMD was given just one day of advanced notice before the public report was released. So much for the 90-day gentlemen’s agreement.

  • Adobe and Mozilla

In other news, Adobe has released three security bulletins (APSB18-05, APSB18-06 and APSB18-07) affecting Adobe Flash Player, Adobe Connect and Adobe Dreamweaver CC. No zero-days appear to be included in these fixes.

Mozilla also announced 25 CVEs included in MFSA2018-06 and MFSA2018-07.

All of these vulnerabilities can be discovered by the Skybox Vulnerability Detector feature in Skybox Vulnerability Control without an active scan. Learn more about the Skybox approach to vulnerability management at

Related Posts

Meltdown, Spectre Reach Beyond Intel as Vendors Release Patches: CPU information disclosure vulnerabilities affect AMD and Arm as well as Intel microprocessors

Marina Kidron is Skybox Security's director of threat intelligence and leader of the Skybox Research Lab, a dedicated team of analysts who daily scour dozens of security feeds and sources and investigate sites in the dark web. Kidron has more than 10 years of experience in business and statistical data analysis, data modeling and algorithms development for information technology, mobile and internet companies and financial services companies. She earned a Master's degree in Political Marketing, and a Bachelor degree in Computer Science and Mathematics.

Recent Posts

Skybox 2021 Vulnerability and Threat Trends Report reveals emerging security challenges and growing need for exposure analysis
Read More
Biden Cybersecurity Executive Order
Read More
CISA Alert – Top routinely exploited vulnerabilities
Read More
3 trends shaping security posture management for 2021
Read More
Skybox Q&A: CRO Rob Rosiello identifies today’s and tomorrow’s top cybersecurity issues as the world reopens
Read More
Post-pandemic cyber threats
Read More