Major Tech Companies Address Security Flaws
A prominent tech company resolved a whopping 111 issues during its most recent system updates. Of these, 12 were identified as critical, and a notable moderate-severity flaw was uncovered as publicly known.
While the company assures that none of the discovered security gaps are currently being exploited, it's worth recalling that a similar assurance was given during the last round of updates. So, let's remain cautious.
Understanding the Known Bug
The bug that's already out in the open is an elevation of privilege flaw in a widely used network authentication protocol. It has been given a risk rating of 7.2 out of 10, with the chances of its exploitation being regarded as slim. This is primarily because a potential attacker would require authenticated access with specific permissions to the Managed Service Account:
- An attribute that allows the user to utilize the Managed Service Account
- The attacker needs write access to a certain attribute, enabling them to specify a user that the account can act on behalf of
Assuming all conditions fall into place, a successful exploitation could potentially lead to domain administrator privileges. This bug was first brought to light by researcher Yuval Gordon.
Identifying the Critical Flaws
Two major flaws, both of which could lead to remote code execution (RCE), scored a high 9.8/10 risk rating. One is due to a buffer overflow in a graphics device interface which could allow an unauthorized attacker to execute code over a network. Even though the chances of exploitation are deemed low, an attacker doesn't need any privileges on the systems hosting the flawed web services. An example of a worst-case scenario would be an attacker uploading malicious content through an ad network that is served up to users.
Another critical flaw is an RCE flaw in the graphics component that can be exploited without any user intervention – simply by viewing a specially crafted image that's embedded in files. The discovery of this flaw indicates that its exploitation is not unthinkable.
Remember the Previous Exploit?
Speaking of past exploits, there's an RCE bug that's critical with an 8.8 severity score, and allows any authenticated user to trigger the vulnerability. It’s also remotely exploitable. While it's not listed as under active attack, it is the same type of bug used in the second stage of existing exploits. The first stage is an authentication bypass, as this vulnerability does require authentication. However, several authentication bypasses are publicly known.
It's advised to ensure all your system patches are up to date, and consider whether you need the app to be accessible from the public internet. Chances are, you don't!
Other Significant Fixes
This month saw other critical flaws rectified:
- A messaging RCE
- A pair of office RCEs
- Windows RCEs
- A Hyper-V information disclosure vulnerability
- A Hyper-V spoofing flaw
- A Hyper-V RCE
- A New Technology LAN Manager (NTLM) elevation of privilege vulnerability
- An Azure Stack Hub information disclosure bug
Addressing Other Vulnerabilities
Another big tech company has addressed 68 vulnerabilities this month. These fixes included critical and important bug fixes in various software products. An important-rated flaw also received a fix in this month's update.
Further, a renowned ERP company released 15 new security notes and four updates to previously released notes. Three of these were critical, 9.9-rated flaws. Also, a leading chip manufacturer joined the patch party addressing 66 vulnerabilities across its firmware, hardware, and software products.
In summary, it's essential to keep your systems updated and remain vigilant about potential security threats. Ensure all your patches are up to date, and consider the necessity of apps being accessible from the public internet.