August 15, 2016 By Douglas Bonderud 2 min read

It’s been a busy year for Windows security. Back in March, Microsoft bulletin MS16-027 addressed a remote code exploit that could grant cybercriminals total control of a PC if users opened “specially crafted media content that is hosted on a website.” Just last month, a problem with secure boot keys caused a minor panic among users.

However, new Microsoft patches are still dealing with a flaw discovered in November of last year — it was first Evil Maid and now is back again as Malicious Butler. Previous attempts to slam this door shut have been unsuccessful. Has the Redmond giant finally served up software security?

Critical Microsoft Patches Tackle the Butler

According PC World, Microsoft recently rolled out its latest slew of security patches, which collectively address 27 vulnerabilities in Windows, Office, Explorer and the Edge browser. Five are considered critical: MS16-095, MS16-096, MS16-099, MS16-097 and MS16-102, all of which could allow remote code execution. The first three tackle issues with webpages or Office documents, while 097 solves problems with the Windows Graphics Component and 102 targets a flaw in the Windows PDF library.

Not mentioned as critical is MS16-101, which was first discovered in 2015 as CVE-2015-6095. Its original iteration allowed cybercriminals to bypass the requirement for Windows login authentication by using a rogue domain controller (DC) with the same domain name as the intended victim’s PC.

Next, attackers had to create a user account matching the victim’s and set the password to expire, then connect the rogue DC and change the soon-to-be-expired password so it was added to the cache of locally approved credentials. Microsoft released a patch, but security researchers found it to be incomplete. Another fix, CVE-2016-0049, was released in February 2016.

Microsoft experts Chaim Hoch and Tal Be’ery, however, discovered a way to convert the Evil Maid attack — which required physical access to the target computer — into a remote malicious butler exploit. In the new version, attackers were able to compromise one machine on a network and then use other reconnaissance tools to find PCs with open remote desktop protocol (RDP) ports.

Even with two Microsoft patches, the flaw was still functional. Hopefully, MS16-101 is the pink slip for this bad butler.

Of Boots and Butlers

Cybercriminals haven’t gone easy on Microsoft this year, but the company hasn’t done itself any favors either. Consider the recent Secure Boot problem: According to ZDNet, while Secure Boot protects users from accidentally damaging their systems with new operating systems or risky third-party apps, developers and researchers occasionally need to disable this security measure to test and tweak their OS.

The problem: Microsoft has a number of golden keys, which let any admin user unlock Secure Boot devices — keys that were recently leaked online. A patch in July didn’t fix the issue, but August’s Microsoft patches should do the trick.

Ultimately, butler and boot problems ring two warning bells. First, there’s no aspect of any large software offering that is completely secure. Attacks can come from any direction at any time.

Second, patches aren’t a foolproof cure. The more typical scenario seems to be quiet denial of any critical flaw followed by proof-of-concept, recognition and at least two rounds of patches to guarantee system safety.

Simply put: Software security is always on the way — just don’t expect speedy service.

More from

CISA’s cyber incident reporting portal: Progress and future plans

3 min read - On August 29, 2024, CISA announced the launch of a new cyber-incident Reporting Portal, part of the new CISA Services Portal.“The Incident Reporting Portal enables entities and individuals reporting cyber incidents to create unique accounts, save reports and return to submit later, and eliminate the repetitive nature of inputting routine information such as contact information,” says Lauren Boas Hayes, Senior Advisor for Technology & Innovation, at CISA.Shortly after the announcement, Security Intelligence reported on how the portal was designed and…

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces. AI in every pocket Having…

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today