WebProNews

Tag: Zero Day Initiative

  • PSA: Update Windows Immediately

    PSA: Update Windows Immediately

    Microsoft has released updates to fix a zero-day vulnerability impacting all versions of Windows, from Windows 7 to Windows 11.

    According to Microsoft, the bug allows a bad actor to escalate privileges related to the Windows Common Log File System Driver. This could give the hacker full system privileges — the highest level available — giving them full access and control of the computer.

    Fortunately, the vulnerability is not a fully remote attack and still requires social engineering or some other method to gain initial access, which can then be used to elevate privileges.

    “This bug in the Common Log File System (CLFS) allows an authenticated attacker to execute code with elevated privileges. Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link,” writes Zero Day Initiative’s Dustin Childs. “Once they do, additional code executes with elevated privileges to take over a system. Usually, we get little information on how widespread an exploit may be used. However, Microsoft credits four different agencies reporting this bug, so it’s likely beyond just targeted attacks.”

    Given this attack is already being used in the wild, all users should update their Windows installation immediately.

  • Microsoft Exchange Vulnerability Being Actively Exploited

    Microsoft Exchange Vulnerability Being Actively Exploited

    Cybersecurity firm Volexity is warning that a serious security vulnerability in Microsoft Exchange is being actively exploited by bad actors.

    The vulnerability in question was addressed as part of Patch Tuesday on February 11, 2020. The cumulative update and service pack “addressed a remote code execution vulnerability found in Microsoft Exchange 2010, 2013, 2016, and 2019. The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative. Two weeks after the security updates were released, the Zero Day Initiative published a blog post providing more details on the vulnerability.”

    Since the Zero Day Initiative published its post, Volexity has witnessed advanced persistent threat (APT) actors exploiting this vulnerability in the wild. In an interview with Forbes’ Zack Doffman, Volexity said that “all the cases we’ve seen so far have been based out of China—multiple different Chinese-based APTs.”

    Volexity concluded by saying that “the latest Microsoft Exchange ECP vulnerability has provided attackers with another opportunity to break into organizations where they may previously have been unsuccessful. Staying current with patches is the best defense for an organization. Fortunately, this vulnerability does require a compromised credential to exploit and, as a result, will stave off widespread automated exploitation such as those that often deploy cryptocurrency miners or ransomware. However, more motivated attackers now have a way to compromise a critical piece of the IT infrastructure if it is not updated. If you have not already, apply these security updates immediately and look for signs of compromise.”

    As Volexity highlights, the best defense is to make sure Exchange is patched with the latest security updates and keep installations current.