The MacOS Fix is Out!

And, the fix is out, update now!

Apple releases macOS High Sierra security fix for critical root vulnerability
Apple releases macOS High Sierra security fix for critical root vulnerability 

9to5mac – By: Zac Hall = If you’re running macOS High Sierra, it’s time to update your Mac as soon as possible. Apple has released a security update that addresses the security vulnerability discovered yesterday afternoon. The update is available now through the Mac App Store.

Apple details the fix here:


Released November 29, 2017

Directory Utility

Available for: macOS High Sierra 10.13.1

Not impacted: macOS Sierra 10.12.6 and earlier

Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password

Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.


When you install Security Update 2017-001 on your Mac, the build number of macOS will be 17B1002. Learn how to find the macOS version and build number on your Mac.

If you require the root user account on your Mac, you can enable the root user and change the root user’s password.

While the security vulnerability was a rather serious one, Apple has promptly responded with a fix less than 24 hours after it became public. The issue did not affect older versions of macOS, although there doesn’t appear to be a fix available for macOS 10.13.2 beta yet as the fix (downloadable here) only appears to apply to macOS 10.13.1 for now.

Apple issued this statement to 9to5Mac following the software fix:

‘Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.'”

Embarrassingly Easy MacOS Vulnerability!

Wired is reporting this super easy hack on High Sierra. Ouch!

Anyone Can Hack MacOS High Sierra Just by Typing ‘Root’

Wired – By: Andy Greenberg – “There are hackable security flaws in software. And then there are those that don’t even require hacking at all—just a knock on the door, and asking to be let in. Apple’s macOS High Sierra has the second kind.

On Tuesday, security researchers disclosed a bug that allows anyone a blindingly easy method of breaking that operating system’s security protections. Anyone who hits a prompt in High Sierra asking for a username and password before logging into a machine with multiple users, they can simply type ‘root’ as a username, leave the password field blank, click ‘unlock’ twice, and immediately gain full access.

In other words, the bug allows any rogue user that gets the slightest foothold on a target computer to gain the deepest level of access to a computer, known as ‘root’ privileges. Malware designed to exploit the trick could also fully install itself deep within the computer, no password required.

‘We always see malware trying to escalate privileges and get root access,’ says Patrick Wardle, a security researcher with Synack. ‘This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.’

As word of the security vulnerability rippled across Twitter and other social media, a few security researchers found they couldn’t replicate the issue, but others captured and posted video demonstrations of the attack, like Wardle’s GIF below, and another that shows security researcher Amit Serper logging into logged-out account. WIRED also independently confirmed the bug.

The fact that the attack could be used on a logged-out account raises the possibility that someone with physical access could exploit it just as easily as malware, points out Thomas Reed, an Apple-focused security researcher with MalwareBytes. They could, for instance, use the attack to gain root access to a logged-out machine, set a root password, and then regain access to a machine at any time. ‘Oooh, boy, this is a doozy,’ says Reed. ‘So, if someone did this to a Mac sitting on a desk in an office, they could come back later and do whatever they wanted.’

Reed also notes, however—and other researchers confirm—that it’s possible to block the attack simply by setting a password for the root user.. If you’ve installed High Sierra and haven’t set a root password, you should do it now. In a statement, Apple confirmed the problem, reiterated that short-term fix, and promised a longer-term software patch: ‘We are working on a software update to address this issue,’ an Apple spokesperson wrote.1

‘This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.’

High Sierra’s ‘root’ bug was first revealed by Turkish software developer Lemi Orhan Ergin?, who says security staff at his company stumbled on the issue while trying to help a user get back into their account. ‘They informed me and tried on my machine too. And I saw the security issue with my eyes. That was scary,’ Ergin says.

The face-palm worthy bug is only the latest in a disturbing series that have plagued High Sierra. On the day the operating system launched, Wardle found that malicious code running on the operating system could steal the contents of its keychain without a password. And another shocking bug showed the user’s password as a password hint when they try to unlock an encrypted partition on their machine known as an APFS container.

Wardle argues that those flaws might have been caught earlier if Apple offered a ‘bug bounty’ for information about security vulnerabilities in its desktop software, just as most other companies do. Apple does have a bug bounty, but only for iOS, not MacOS. ‘A bug bounty program is a no-brainer. Maybe this is something that will encourage them to go down that path,’ Wardle says. ‘It’s crazy these kinds of bugs keep blowing up. I don’t know if I should laugh or cry.'”

Geek Software of the Week: BOOTICE!

This free software is written by a guy from China, and may be a bit scary to download and use, but it works great! It saved a USB drive that was left in a weird state by my shenanigans! I like it! It is available in both 32-bit and 64-bit versions.

BOOTICE – Modify, Backup, And Restore Master Boot Record & Partition Boot Record

AddictiveTips – By: Usman Javaid – “BOOTICE is a portable utility developed for power users who need to either modify or backup and restore MBR (Master Boot Record) and PBR (Partition Boot Record) of local drives or removable media including external hard drives, USB drives, etc. For those who don’t have clue of these boot records, MBR is generally referred to as first sector (size : 512 bytes) of any partitioned drive whereas volume or partition boot record holds code to initiate booting and is invoked by MBR.Hard Drive

Warning for beginners: It is not advisable to fiddle around with master boot record or with volume boot record, as it can change system booting process and can leave your PC unbootable. We will recommend that you use BOOTICE with removable media and not with auxiliary storage disks.

Coming back to features, it lets you backup MBR of selected drives (primary or external) and enables you to create disk images (IMG & IMA format), fill up disk space with random data, manage partitions while allowing you to edit Boot Configuration Data (BCD file) to tweak with system booting process.

It supports multiple boot record types ranging from Windows NT 5/6, Plop Boot Manager, SYS Linux, to Grub4Dos. On the main interface, it displays all attached external storages along with primary disk. Underneath it, you have options to process MBR & PBR, to bring up partition manager and check out disk data sector-wise. Process MBR and Process PBR buttons let users backup and restore the boot record. Before starting out, you need to choose the boot record type to begin the process. The backup is created in BIN format. It’s must be noted here that before restoring boot record, you will need to specify the correct boot type with which boot record backup was created.

As mentioned beforehand, it is capable of processing disk images in IMG or IMA format, you can select the disk image file to backup its master boot record & volume boot record and view the data distribution in sectors. Depending on the OS type, it can bring up BCD file editor with relative options to change booting process. Under BCD Edit tab, BCD file can be specified manually or you can let it find out the location of currently active OS BCD file.

Random data filling makes data on selected disk unrecoverable. With its Disk filling feature you can fill selected disk with 0x00, 0xFF or with custom data in snap to ensure data safety.

We found BOOTICE to be very useful. Since it is a portable application, you can carry it anywhere to modify and backup MBR and PBR of almost all types of disks. With other complementary options like BCD editing and data filling, booting behavior can be altered on the fly without having to search for BCD file while you can destroy disc data by filling random junk to prevent recovery operations. It supports Windows 2000, Windows XP, Windows Vista, and Windows 7.”

Download from the Chinese Site: iPauly (Use Google Translate to read the site.)

Amazon Adds Their Silk Web Browser to the FireTV

I got the new FireTV Stick for my bedroom TV.. I like it!

Amazon Adds a Web Browser to The Fire TV

Cord Cutters News – By: Luke Bouma – “Today Amazon officially released their Silk Web Browser for the Fire TV, Fire Stick, and Fire TV Edition smart TVs. Now you will be able to surf the web on your TV with the Fire TV.

FireTVThis was first spotted by and if you have ever used a Fire Tablets browser you will be right at home with the Silk Browser on the Fire TV.

Right now the Silk Browser only works on 1st and 2nd Gen Fire TVs. Sadly no 3rd gen Fire TV support at this time. (Look for that to be added shortly.) There is also no 1st gen Fire Stick support as the sticks slower CPU is not powerful enough for the Silk Browser to work correctly.

The browser does not seem to support Flash but will support HTML5 video so sites like YouTube and more will allow you to stream video on your Fire TV with the Silk Browser.

To add the Silk Browser to your Fire TV you can find it in the Amazon App Store HERE. At this time it should be concerned a beta product and will likely still have many bugs.”

The Latest Version of Linux Mint Rocks!

Linux Mint 18.3 “Sylvia” Cinnamon Edition

The latest version of my favorite desktop distro is out, and I tried it… it is slick! And it is a Lomg Term Release!Mint Logo

Linux Mint 18.3 ‘Sylvia’ Cinnamon released!

“The team is proud to announce the release of Linux Mint 18.3 ‘Sylvia’ Cinnamon Edition.

Linux Mint 18.3 is a long term support release which will be supported until 2021. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use.

New features:

This new version of Linux Mint contains many improvements.

For an overview of the new features please visit:

‘What’s new in Linux Mint 18.3 Cinnamon’.

Important info:

The release notes provide important information about known issues, as well as explanations, workarounds and solutions.

To read the release notes, please visit:

‘Release Notes for Linux Mint 18.3 Cinnamon’

System requirements:

1GB RAM (2GB recommended for a comfortable usage).
15GB of disk space (20GB recommended).
1024×768 resolution (on lower resolutions, press ALT to drag windows with the mouse if they don’t fit in the screen).


The 64-bit ISO can boot with BIOS or UEFI.
The 32-bit ISO can only boot with BIOS.
The 64-bit ISO is recommended for all modern computers (Almost all computers sold since 2007 are equipped with 64-bit processors).”

A Georgia County is Building a New Commercial Spaceport!

Set your sights high! Go for it!

How a tiny county in Georgia is trying to create the country’s newest commercial spaceport

The Verge – By: Loren Grush – “On the southeast coast of Georgia, around 20 miles north of the Florida border, a few concrete slaps and a handful of roads lie on 4,000 acres of luscious green land. They are the remnants of a now-defunct manufacturing plant. The area hasn’t seen much action in 50 years, but soon, it could be teeming with activity again — as the site of future US rocket launches.

Spaceport CamdenThe new proposed commercial spaceport, the first one ever for Georgia, is known as Spaceport Camden. Local government officials have big plans for the area over the next few years: they hope to build a launchpad to support rocket launches to orbit, as well as a landing area that would allow rockets to touch down after takeoff. Built through partnerships with private companies, the area could become the first exclusively commercial spaceport on the East Coast; the others in Florida and Virginia are operated by or associated with federal agencies.


The county thinks the project could be a smart way for Georgia to enter the booming commercial spaceflight economy, which was valued at $329 billion in 2016, according to the Space Foundation, a nonprofit advocating for spaceflight. Spaceport Camden is strategically located on the coast, which would allow rockets to launch east over mostly open ocean, posing little risk to populated areas on land. So far, many commercial space companies have shown interest in the place, according to county officials. Once the site is up and running, it could also serve as a hub for business and tourism, as well as an educational outpost for local schools.

There’s still a long way to go before that happens, though. Camden County, which the spaceport is named after, is currently working to get the site licensed for launches by the Federal Aviation Administration. It’s a lengthy process that involves analyzing the property to see how the site will affect surrounding areas. But if Spaceport Camden is cleared, officials hope that major structures of the spaceport can be built as soon as possible. ‘I think we have the opportunity to build the first exclusive non-federal range on the East Coast,’ Steve Howard, the Camden County administrator and head of the Spaceport Camden initiative, tells The Verge.

Spaceport Camden already has a unique connection to spaceflight. The old plant that once sat on the site was actually used in the 1960s to build rocket engines that ran on solid propellant for NASA. In 1965, the most powerful rocket engine at the time was fired up during a test at the plant. NASA even considered the area as an alternative launch site for its Apollo missions to the Moon, according to documents declassified in 2005. Florida was ultimately chosen, and NASA also wound up relying on liquid fuel rocket engines instead, rendering the engine plant somewhat obsolete. So for the last half century, the site has been mostly dormant.

Then, a little less than five years ago, a space company reached out to the state of Georgia, looking for a new location to launch its rockets. (Howard wouldn’t say which company that was, but SpaceX considered Georgia for a new launch site between 2012 and 2014 before settling near Brownsville, Texas.) That initial meeting prompted Camden County officials to meet with other private spaceflight companies to gauge interest in a Georgia spaceport where the booster plant once lived. ‘When they visited they all came to the same conclusion: that it’s a great site,’ Howard says. ‘Obviously there was a reason why the site was chosen back in the ’60s.’


Along with its prime location on the coast, Spaceport Camden is pretty far south in the US, putting it relatively close to the equator. That makes it easier for companies that want to launch rockets into orbit from the US. The equator is the widest section of the planet, as well as the fastest spinning part of the Earth’s surface. That means launching closer to the equator actually gives rockets an extra boost of speed that helps them achieve orbit more easily.

Plus, Howard touts the site’s location between two well-established NASA spaceports along the East Coast: Kennedy Space Center in Cape Canaveral, Florida, and Wallops Flight Facility in Virginia. ‘I think there is synergy opportunity there,’ says Howard. The spaceports could work together or share resources, he says.

For a while, the Spaceport Camden initiative was just a promising idea, but now the state of Georgia has shown it’s serious about the project. In May, Georgia governor Nathan Deal signed a bill called HB 1, or the Georgia Spaceflight Act. The bill helps to limit the liability of spaceflight companies that launch people into space from the state. HB 1 was a signal to the industry that Georgia welcomes commercial space.

Space startup Vector’s prototype rocket launching from Spaceport Camden in August. Photo: Vector
Since then, Spaceport Camden has even seen its first launch… sort of. In August, a spaceflight startup named Vector launched one of its test rockets from the site — though the vehicle didn’t reach orbit. The rocket, which Vector wants to use to launch small satellites someday, was only a prototype, originally meant to reach an altitude lower than 10,000 feet. Because of this, the launch didn’t require the same kind of licensing that the FAA demands for missions that achieve orbit. ‘Overall it was an A-plus experience,’ Jim Cantrell, CEO and co-founder of Vector, tells The Verge. ‘We hope they get approval for orbital launches soon so we can go back.’


Currently, 10 sites throughout the US hold FAA licenses to operate as commercial spaceports. These sites have undergone environmental impact reports, to see how the spaceports might affect surrounding wildlife and property. Camden County is currently funding a third-party researcher to conduct that report, and the analysis has been ongoing for a couple of years. The process involves conducting numerous public hearings and scientific studies, but Howard is hopeful that report will be complete early next year.

Once that’s finished, Spaceport Camden can start to grow. Howard says the plan is to partner with commercial companies to get the various structures of the property built. These companies would lease parts of the property, similar to how SpaceX leases launchpads and a landing site at Cape Canaveral, and even build their own launchpads (and landing zones, if necessary) for their specific vehicles. Howard says he has a number of operators already interested, and he’s confident the county will be able to make substantive construction deals.

Aerospace technology is already Georgia’s biggest export, but a spaceport could help bring even more spaceflight business and educational opportunities to the area. A report done by space consulting firm Astralytical found that Spaceport Camden could be a great home for businesses that not only launch from the site, but also design their vehicles there. ‘Launch is only one small component of the entire space industry,’ Laura Forczyk, the owner of Astralytical, tells The Verge. ‘When you’re looking at the future growth of a spaceport, you look at the whole process — from research and development, to design of spacecraft, to launching… The whole process could happen from start to finish within Spaceport Camden.’

Forcyzk’s report also shows how the site could be a great place for tourists, as well as educators and students. Of course, the report is meant to be more of an aspirational look at how the area could evolve over time. But ultimately, Howard is eager for big things to happen on what is effectively a blank slate right now. ‘We think it’s a smart project to be able to turn this stranded asset back into something amazing with a historical space connection,’ he says. ‘We just think it’s a great opportunity to do something really amazing.'”

c|net Survey Indicates People Concentrating on Smartphones

As I said in an earlier post, more smartphones than tablets were purchased on Cyber Monday.

Holiday shoppers ditch tablets, want phones, CNET survey uncovers

c|net – By: Lindsey Turrentine – “Call 2017 the year no one invited tablets to the holiday party.

It’s a holiday tradition: Every year, we ask thousands of CNET readers about what you want to receive, how you’ll be shopping and for what. This year, 1,825 Americans took the CNET Holiday Shopping Survey during the second week of September, and guess what? You’re radically changing what you’re shopping for and how.

This is the first year since 2013 that survey respondents put tablets behind smartphones on your wish lists. Tablets are still popular — 32 percent of you want them — but this year, 35 percent of you want a phone. Next on your lists were wireless headphones, also at 32 percent, and smart home tech at 31 percent. Millennials have a stronger preference for cord-free tech and don’t care much about tablets at all. Forty-three percent want smartphones, just ahead of wireless headphones at 41 percent and smartwatches at 33 percent.

39 percent of you would choose world peace over your most-wanted tech gift.

To conduct the survey, we asked a wide variety of questions between Sept. 5 and Sept. 11, 2017 on When we crunched the numbers, we looked at overall responses and then pulled out answers from US millennials, an interesting group because each year they earn more money, and as the largest American generation ages, the way they shop changes.

You’ll spoil yourselves…

This year, the majority of you (62 percent) will buy yourselves gifts, most of you citing good deals and sales. And if you’re a millennial, 68 percent of you plan to buy yourself something this year.

But you’re not selfish. Given the choice, 39 percent of our respondents would choose world peace over their most-wanted tech gift, and 28 percent would choose universal healthcare. (Still, one in five survey takers admitted you’d would rather take the tech.) And if you’re younger? You’re less likely to spend the holidays online. Twenty-seven percent of respondents are looking forward to less screen time over the holidays, but a whopping 42 percent of millennial CNET holiday shoppers want to spend less time online.

‘Tis the year to give audio and subscriptions

This year’s typical shopping list looks different from a typical wish list, and that makes sense. People plan to give tech gifts that are less expensive and typically help upgrade a loved one’s life. Headphones are most popular, possibly because so many new wireless models have entered the market this year. Twenty-two percent of you plan to give them as gifts, followed by tablets (21 percent), wearable fitness devices like Fitbits (18 percent), smart home tech (18 percent) and phones (also 18 percent).

Quite possibly the most interesting difference between millennial shoppers and the larger population is how willing millennials are to gift subscriptions. Overall, 31 percent plan to give subscriptions to a service this year (Amazon Prime subscriptions count for 49 percent of these gifts), but 37 percent of millennials intend to give them.

You’re planning on a long shopping season

This year, you’re treating the most famous shopping days as starting points but not as your last shopping stop. Nine in 10 of you (and 95 percent of millennials) plan to at least browse deals on Cyber Monday, and 74 percent plan to purchase at least one gift then, but only 28 percent plan to do most gift shopping on Cyber Monday. Many of you (77 percent) told us you planned to use the days between Black Friday and Cyber Monday to study up on prices and discounts.

Because Christmas falls on a Monday this year, many of you may be planning to string along the season once you know exactly how much deals should cost. Nearly one-third of millennials plan to take longer to buy gifts this year, but the millennial love of Black Friday surprised us. While only 69 percent of overall survey takers planned to browse then, 79 percent of millennials chose Black Friday to research deals.

When you buy, you buy online

Gone are the days of long store lines and while most of you shop online, you’re still more comfortable buying on computers than on phones. Nearly 70 percent of CNET holiday shoppers plan to purchase most of their holiday gifts online, but while 57 percent of you will research gifts on your phone (and 76 percent of millennials), 77 percent of you, regardless of age, plan to pay for those gifts using a desktop.

With the shopping season well underway, there are just a few weeks left to see which of these shopping trends bear out and whether retailers — and electronics manufacturers — benefit from the near-total shift to online shopping. If you’re not ready to shop on Cyber Monday, use the day to research the lowest prices, then keep an eye out for online deals during the month of December.”

CloudBerry Backup 5.8 is Out!

I’m a customer for this software, it does a great job. And, the new version is out! And, it comes with Ransome-ware protection bundled in!

Introducing CloudBerry Backup 5.8

“CloudBerry Backup 5.8 focuses on security, disk storage optimization, and a few other important features highlighted below.

Ransomware Protection

Ransomware has been a growing problem for businesses this past year. Ransomware attacks disrupt normal business continuity by encrypting important business documents and demanding ransom to recover the data. Businesses recover by paying the ransom or manually restoring their backups. To help protect customer backups, we implemented ransomware protection functionality in CloudBerry Backup 5.8.

Cloudberry BackupThe new feature is designed to protect a customer’s existing, good backups, from being overwritten by encrypted ones because of a ransomware attack. CloudBerry now detects encryption changes in files and prevents existing backups from being overwritten. Admins are notified and can approve the encryption changes, if legitimate and also know their backups are protected if ransomware was the cause. You can read more about this new feature in this blog post.

Support for Changed Block Tracking (CBT) in VMware ESXi

VMware’s Changed Block Tracking (CBT) automatically tracks virtual disk modifications. CloudBerry Backup support for CBT allows us to use this information to more quickly perform an incremental backup of your virtual machines. Click here to learn how to enable the feature in CloudBerry Backup 5.8.

Disk Capacity Tool

The Disk Capacity Tool allows you to visualize your local disks by displaying a breakdown of folders and folder sizes. This allows customers to easily understand the sizes of folders and how they affect total backup storage. Read our blog post that dives deeper into this new dashboard.

Increased Amazon EC2 & Microsoft Azure disk restore limits

Amazon and Microsoft recently increased maximum disk volume sizes for their virtual machines. CloudBerry Backup 5.8 includes support for these larger disks on both EC2 and Azure.

The new disk volume limits for EC2 and Azure virtual machines have both changed as follows:

2 Terabytes for MBR-partitioned disks
4 Terabytes for GPT-partitioned disks

Read more about these recent Amazon EC2 and Microsoft Azure changes in the blog post.”

Cyber Monday This Week Broke Records!

More people shopping on-line than ever before. And, they went for smartphones over tablets… go figure!

Cyber Monday ‘largest online sales day in history’

ZDNet – By: Charlie Osborne – “Cyber Monday 2017 has become the largest online sales day in history with a projected $6.59 billion spent by consumers, according to Adobe.

According to Adobe’s 2017 online shopping data, Cyber Monday this year managed to smash through last year’s projected sales as consumers parted with an estimated $6.59 billion, a 16.8 percent year-over-year increase.

The company’s forecast suggests that shoppers spent over one billion more than in 2016 during the sales event.

In comparison, Black Friday and Thanksgiving Day brought in $5.03 billion and $2.87 billion in revenue respectively, according to Adobe, which predicts this will be the first shopping season in history to break the $100 billion barrier.

Adobe has based its predictions on web traffic to retail sites, specifically, an analysis of one trillion visits to over 4,500 retail sites and 55 million stock keeping units (SKUs).

These increased by 11.9 percent on Monday, far beyond the season average of 5.7 percent. Mobile traffic also surged, representing 47.4 percent of overall visits — 39.9 percent on smartphones, and 7.6 percent conducted through tablets — and accounted for roughly 33.1 percent of retailer revenue this Cyber Monday.

Smartphone-based revenue is estimated to have reached $1.59 billion, a growth of 39.2 percent year-on-year.

Apple iOS users placed average order values of $123, while Android users spent a little less on average, coming in at $110 for each purchase.

Adobe estimates that the largest price drops on Cyber Monday were for toys with an average discount of 18.8 percent, followed by television sets at 21.1 percent and computers at 14.7 percent. Among the most popular purchases this year in technology was the Google Chromecast, iPads, Samsung tablets, the Nintendo Switch, and Microsoft Xbox One X.

‘Shopping and buying on smartphones is becoming the new norm and can be attributed to continued optimizations in the retail experience on mobile devices and platforms,’ said Mickey Mericle, vice president, Marketing, and Customer Insights at Adobe. ‘Consumers are also becoming more savvy and efficient online shoppers.’

‘People increasingly know where to find the best deals and what they want to purchase, which results in less price matching behavior typically done on desktops,’ the executive added. ‘Millennials were likely another reason for the dramatic growth in mobile, with 75 percent expecting to shop via their smartphone.’

Adobe added that the season for sales isn’t over, with the next 13 days projected to rake in an additional two billion in online sales.”

Microsoft Word Vulnerability Creates Security Issue

Another reason to use good ol’ LibreOffice!

Hackers are exploiting Microsoft Word vulnerability to take control of PCs

ZDNet – By: By Danny Palmer – “Hackers are using a recently disclosed Microsoft Office vulnerability to distribute backdoor malware capable of controlling an infected system, providing attackers with the ability to extract files, execute commands and more.

Word QuestionsCobalt malware has such potent capabilities because it uses a well known and legitimate penetration testing tool, Cobalt Strike — a form of software for Adversary Simulations and Red Team Operations, which can be used to access covert channels in a system.

What helps the campaign to be even more potent is the use of a Microsoft Word exploit that has been active for 17 years, but was only disclosed and patched earlier this month.

The CVE-2017-11882 exploit is a remote code execution vulnerability, which exists in Microsoft Office software as a result of the way the software handles certain objects in the memory.

Attackers can exploit this flaw to run arbitrary code, which if the user has admin rights, allows the hacker to issue commands or deliver malicious software that can take control of the system.

While the vulnerability was only disclosed weeks ago, researchers at Fortinet have found that attackers have been quick to take advantage of it, in the hope of distributing malware before users have installed the relevant security update.

The particular campaign targets Russian speakers with a spam email claiming to be a notification from Visa about rule changes for the payWave service.

The message contains a password-protected RTF document, which the user is provided with the credentials to unlock. This RTF file contains the malicious code, but the password protection helps to hide it from detection.

Once opened, the user is presented with an almost blank document, save for the words ‘Enable Editing’. However, as with many malware campaigns, the strange nature of this document serves as cover for its real intention, which in this case is running a PowerShell script to download Cobalt Strike and take control of the victim’s system.

Once installed, the attackers can control the victim’s system and move across the network with Cobalt Strike commands.

‘Threat actors are always on the lookout for vulnerabilities to exploit and use them for malware campaigns like this. This goes both for new and old vulnerabilities, whether they have been published or not. We frequently see malware campaigns that exploit vulnerabilities that have been patched for months or even years,’ wrote Fortinet researchers Jasper Manual and Joie Salvio

‘This may have come from an assumption that there are still a significant number of users out there that don’t take software updates seriously, which sadly, is far too often the case,’ they added.

Microsoft Office users can download the critical update which protects them from the CVE-2017-11882 vulnerability here — while those who’ve installed the update are already immune to this particular attack.

The malware effectively gives attackers control of an entire infected system.”

1 2