New Windows Vulnerability Exposes Devices to Rootkit Installation by Hackers

New Microsoft Windows Vulnerability Could Enable Rootkit Installation by Hackers

September 23, 2021

Security researchers have identified a critical vulnerability in the Microsoft Windows Platform Binary Table (WPBT) that poses risks to all devices operating on Windows since the release of Windows 8. This unpatched flaw could allow attackers to install rootkits, significantly compromising the integrity of affected systems. The researchers from Eclypsium released their findings in a report earlier this week, highlighting the severity of the issue for Windows users.

The researchers noted that the vulnerability could be exploited through various means, including direct physical access to devices, remote access channels, or via manipulation within manufacturer supply chains. They emphasized that these vulnerabilities render all Windows systems susceptible to crafted attacks that could introduce fraudulent vendor-specific tables, undermining established security measures.

WPBT, a feature introduced with Windows 8 in 2012, allows boot firmware to supply the operating system with platform binaries for execution. This mechanism is intended to enhance overall system performance but has inadvertently opened avenues for exploitation. The researchers pointed out that such motherboard-level vulnerabilities could potentially bypass security initiatives, including those under the Secured-core program, due to the widespread reliance on the Advanced Configuration and Power Interface (ACPI) and WPBT.

The implications of this vulnerability are significant, particularly for business owners who rely on Windows-based systems. The ease of exploiting this flaw raises concerns about the ability of adversaries to gain initial access, establish persistence, and escalate privileges, all vital tactics outlined in the MITRE ATT&CK Matrix. These tactics represent a framework for understanding the methodologies employed by cybercriminals and a means for organizations to bolster their cybersecurity strategies.

Organizations using Windows platforms must prioritize patch management and remain vigilant against potential threats. As this situation continues to develop, it is evident that both the identification and remediation of such vulnerabilities are essential to maintain system integrity. The insights provided by the Eclypsium report serve as a crucial reminder of the importance of cybersecurity awareness and proactive defense measures in today’s digital landscape.

Source link

Related Posts

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

Cisco Issues Patches for Three Critical Vulnerabilities in IOS XE Software

On September 24, 2021, Cisco Systems announced the release of patches to address three critical security vulnerabilities in its IOS XE network operating system. These flaws could allow remote attackers to execute arbitrary code with administrative privileges and potentially trigger a denial-of-service (DoS) condition on affected devices. The identified vulnerabilities are as follows:

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most critical issue, CVE-2021-34770, is described by Cisco as a “logic error” occurring during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allows a central wireless controller to manage access points.

SonicWall Releases Critical Patches for Vulnerability in SMA 100 Series Devices

On September 25, 2021, SonicWall, a network security firm, addressed a serious security vulnerability identified in its Secure Mobile Access (SMA) 100 series appliances. This flaw allows remote, unauthorized attackers to gain administrative access to the affected devices. Designated as CVE-2021-20034, the issue involves arbitrary file deletion and has a critical CVSS score of 9.1 out of 10. Exploiting this vulnerability could enable an adversary to bypass path traversal checks, leading to deletion of files and a reset of the device to factory settings. SonicWall indicated that the vulnerability stems from inadequate file path restrictions, potentially allowing arbitrary file deletions. Fortunately, the company noted that there are currently no signs of exploitation in the wild. SonicWall also acknowledged Wenxu Yin of Alpha Lab, Qihoo 360, for reporting this security concern, which affects the SMA 100 Series, including models like SMA 200 and SMA 210.

Critical Chrome Update Released to Fix Actively Exploited Zero-Day Flaw

On September 25, 2021, Google issued an urgent security patch for its Chrome web browser to address a vulnerability that is currently being exploited. Identified as CVE-2021-37973, the issue is categorized as a “use after free” flaw within the Portals API, a system that facilitates seamless navigation between web pages. Clément Lecigne from Google’s Threat Analysis Group reported the vulnerability. While detailed information about the flaw has not been shared to protect users, Google confirmed that an exploit for CVE-2021-37973 is known to be in use. This update comes shortly after Apple patched a related exploit affecting older versions of iOS and macOS (CVE-2021-30869).