Microsoft and Adobe have issued security patches for systems (to include legacy/unsupported platforms, such as Windows XP, Server 2003, Vista) to address multiple vulnerabilities on systems that are believed to be at imminent risk. These security advisories were released concurrently with alerts regarding a North Korea DDOS Botnet Infrastructure – HIDDEN COBRA
US-CERT Alert: TA17-164A
Microsoft Security Advisory 4025685
Adobe Bulletins: APSB17-17 and APSB17-18
Given the severity of the vulnerabilities and the quantity of exploits, rmsource recommends that Microsoft and Adobe security patches be installed at the earliest available window, and recommends that any company utilizing unsupported systems, such as Windows XP and Server 2003 continue to migrate to supported platforms.
While US-Cert has provided indicators of compromise (IOC) to include watch-list source IP addresses, the list is too extensive for practical Access Control List implementation. rmsource recommends implementing Intrusion Prevention-Geo-Protection, to block attacks by source location (IOC source addresses found on US-CERT Alert: TA17-164A, link above).
Please note: Geo-Protection is an Advanced Threat Mitigation feature and my not be available on all firewall platforms. If Geo-Protection is enabled, care and planning must be given to ensure legitimate traffic is not blocked.
rmsource recommends updating all Intrusion Prevention platforms to detect or prevent on signatures addressing the following CVEs.
Please note: depending on IPS platform, it is possible that not all CVEs have been addressed. rmsource recommends continued monitoring of signature releases for any CVE not currently addressed by an IPS signature.