Weekly Threat Overview: Exchange Server, AMD Processors, Azure Cosmos DB

Patch management is much easier said than done, and security teams can often be forced to prioritize patches for multiple critical systems, all released at the same time. It has become common, for example, to expect dozens of fixes to be released during Microsoft’s Patch Tuesday, with other vendors also stepping in on a regular basis.

Below, IT pro has gathered the most urgent disclosures from the past seven days, including details such as a summary of the exploitation mechanism and whether the vulnerability is being exploited in the wild. This is to give teams an idea of ​​the bugs and flaws that could pose the most dangerous immediate security risks.

Microsoft Exchange Server vulnerable to information disclosure bug

A now corrected flaw in Microsoft Exchange Server could be exploited by unauthenticated users to perform configuration actions on targeted mailboxes and disclose personal data.

The vulnerability, identified as CVE-2021-33766 and nicknamed ProxyToken, lies in the platform’s delegated authentication functionality. This is a mechanism in which the front-end site forwards authentication requests to the back-end system when it detects a SecurityToken cookie.

Because Microsoft Exchange must be configured to use this feature, the module that handles this is often not loaded and attackers can take advantage of an efficient authentication verification bypass. This can be abused to disclose personal information, with an attacker, for example, able to copy all email addresses to a targeted account and forward them to an account they control.

Hackers exploit WebSVN flaw to launch malware

Cybercriminals abuse flaw in open source web application to browse source code, WebSVN, to deploy variants of the Mirai malware.

The critical command injection flaw identified as CVE-2021-32305, discovered and fixed earlier this year, is still being abused in unpatched versions of the app, according to researchers with Palo Alto Networks.

A proof of concept of exploitation was released in June, and a week later, cybercriminals seized the vulnerability to deploy variants of the infamous Mirai Distributed Denial of Service (DDoS) malware.

Hackers abused this command injection flaw to download a shell script that infects a targeted system with the malware strain. From that point on, they used the initial attack as a platform from which to launch DDoS attacks.

AMD chips vulnerable to Meltdown attacks

All processors developed by AMD are susceptible to attacks that reflect the famous Meltdown vulnerability identified several years ago and affecting Intel processors.

Researchers at TU Dresden in Germany have discovered a flaw identified as CVE-2020-1296, which is described as “the transient execution of non-canonical access”. When combined with specific software sequences, AMD processors “can transiently execute non-canonical loads and store using only the lower 48 address bits, which could lead to data leakage,” according to the company. .

Scientists who discovered the flaw also described the exploit mechanism as “very similar to Meltdown-like behavior.”

This data leakage flaw can be exploited to gain access to secrets stored on a computer, with all AMD processors affected.

Microsoft Azure Cosmos DB ‘Worst Possible Cloud Flaw’

Microsoft has warned thousands of its Azure customers that hackers may have compromised their databases.

The vulnerability resides in Microsoft’s Azure Cosmos DB and allows intruders to read, modify and delete information, according to the security researchers with Wiz.

Businesses use Cosmos DB to handle massive amounts of data in real time. The exploit, dubbed ChaosDB, has been described as “the vulnerability of the global cloud you can imagine” with researchers able to access any client database they wanted.

The ChaosDB exploit is built on the Jupyter Notebook feature that allows customers to visualize their data and create custom views, which was introduced to all Cosmos databases in February. A series of misconfigurations meant that this feature opened up an attack vector that the researchers were able to exploit. Microsoft has disabled the feature for all accounts, and it’s now undergoing a security overhaul.

Featured Resources

ITIL 4 in ten minutes

A quick start guide to the latest ITSM framework

Download now

The State of Ransomware in Retail 2021

Overview of the current state of ransomware in the retail industry

Download now

Questioning safety rules

Protect data and simplify IT management with Chrome OS

Download now

Nine qualities you need to be successful as a cybersecurity leader

What characteristics and certifications make a successful cybersecurity leader?

Download now

Source link

Previous LTO-7 gives body cameras to traffic officers
Next PN Launches Revamped Online Website Ahead of 'Be the Change' Campaign