Unresolved Unauthorized File Read Vulnerability Impacts Microsoft Windows OS

On November 30, 2021, it was reported that unofficial patches have been released to address a poorly patched Windows security flaw which poses risks for information disclosure and local privilege escalation (LPE) on affected systems. Identified as CVE-2021-24084 (CVSS score: 5.5), this vulnerability is linked to the Windows Mobile Device Management component, potentially allowing attackers to gain unauthorized access to the file system and read arbitrary files. Security researcher Abdelhamid Naceri discovered and reported the issue in October 2020, leading Microsoft to include it in their February 2021 Patch Tuesday updates. However, as noted by Naceri in June 2021, the patch can be bypassed, and it has also been found that the inadequately addressed vulnerability enables attackers to gain administrator privileges and execute malicious code on Windows 10 systems.

Unpatched Unauthorized File Read Vulnerability Exposes Microsoft Windows OS

Published: November 30, 2021

A security vulnerability affecting Microsoft Windows operating systems has come to light, revealing potential risks for data disclosure and local privilege escalation. This flaw, identified as CVE-2021-24084 and assigned a CVSS score of 5.5, pertains specifically to the Windows Mobile Device Management component. The vulnerability allows unauthorized access to the file system, enabling attackers to read arbitrary files on compromised systems.

The discovery of this security flaw can be attributed to researcher Abdelhamid Naceri, who identified and reported the bug in October 2020. In response, Microsoft included a fix in its February 2021 Patch Tuesday updates. However, a review conducted by Naceri in June 2021 raised alarms: the implemented patch was found to be inadequate, allowing attackers to exploit the vulnerability and achieve their objectives through bypassing the initial fix.

Further investigations by Naceri this month revealed that the inadequately addressed vulnerability could be exploited not only for unauthorized file access but also to escalate privileges, enabling attackers to execute malicious code on Windows 10 systems. This deepens the severity of the threat, especially for organizations reliant on these operating systems for their critical operations.

The implications of this vulnerability extend beyond individual machines; any system that utilizes the affected component is at risk. Business owners should be keenly aware of these vulnerabilities, as attackers could manipulate the flaw to gain initial access. Tactics associated with this type of exploitation may include persistence mechanisms and privilege escalation, as outlined in the MITRE ATT&CK framework. These tactics demonstrate the sophistication that adversaries may employ to compromise systems and expand their access.

The publication of unofficial patches signifies a growing urgency among cybersecurity communities to address these risks. Yet, caution is needed, as reliance on unofficial remedies could lead to further complications. Organizations are encouraged to closely monitor for official updates and apply them promptly, as partial fixes do not provide comprehensive protection.

As businesses continue to adopt and integrate technology into their infrastructure, the importance of safeguarding against such vulnerabilities cannot be overstated. Understanding the nature of these risks, including the potential for information disclosure and privilege escalation, is crucial for business owners looking to bolster their cybersecurity posture.

As the landscape of cyber threats evolves, vigilance is essential. Regular assessments of system vulnerabilities and rapid responses to emerging threats will be fundamental in protecting sensitive data and maintaining operational integrity. Ultimately, the responsibility to secure systems lies with organizations, requiring them to stay informed and proactive in their approach to cybersecurity management.

Source link

Related Posts

Serious Security Vulnerability Discovered in Multiple HP Printer Models

On November 30, 2021, cybersecurity experts revealed significant security weaknesses affecting 150 different multifunction printers from HP Inc. These flaws, which have been present for eight years, can be exploited by attackers to gain control of vulnerable devices, steal sensitive information, and infiltrate enterprise networks to execute further attacks.

The two vulnerabilities, termed Printing Shellz, were uncovered by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev and reported to HP on April 29, 2021. As a result, HP released patches earlier this month addressing the issues:

  • CVE-2021-39237 (CVSS Score: 7.1): An information disclosure vulnerability affecting specific HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.

  • CVE-2021-39238 (CVSS Score: 9.3): A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.

Further details on the vulnerabilities are currently under review.

CISA Issues Warning on Exploited Critical Vulnerability in Zoho ManageEngine ServiceDesk

On December 3, 2021, the FBI and CISA alerted the public about active exploitation of a newly patched vulnerability in Zoho’s ManageEngine ServiceDesk Plus. Identified as CVE-2021-44077 (CVSS score: 9.8), this flaw enables unauthenticated remote code execution in versions up to 11305. If unaddressed, it allows attackers to upload executable files and establish web shells for further malicious activities, such as compromising admin credentials, lateral movement, and exfiltrating sensitive information like registry hives and Active Directory files. Zoho also highlighted that a security misconfiguration in ServiceDesk Plus was the root cause of this issue.

Alert: New Zoho ManageEngine Vulnerability Actively Under Attack

December 4, 2021

Zoho has issued a warning regarding a newly patched critical vulnerability in its Desktop Central and Desktop Central MSP products, which is currently being exploited by cybercriminals. This marks the third security flaw in Zoho’s offerings found to be targeted in just four months. The vulnerability, identified as CVE-2021-44515, is an authentication bypass that enables attackers to bypass security measures and execute arbitrary code on the Desktop Central MSP server.

“If exploited, attackers can gain unauthorized access by sending a specially crafted request, resulting in remote code execution,” Zoho cautioned in its advisory. “Given the signs of active exploitation, we strongly recommend that customers update to the latest build immediately.” The company has also provided an Exploit Detection Tool to assist customers in identifying any potential vulnerabilities.

Pegasus Spyware Allegedly Targeted iPhones of U.S. State Department Employees and Diplomats

December 4, 2021

Reports from Reuters and The Washington Post indicate that Apple has informed several U.S. Embassy and State Department staff that their iPhones might have been compromised by an unidentified attacker using state-sponsored spyware developed by the controversial Israeli firm NSO Group. At least 11 officials, either stationed in Uganda or involved in matters related to the country, reportedly had their iPhones, linked to their overseas numbers, singled out. The identities of the perpetrators and the specific information sought remain unclear. These incidents represent the first known use of this advanced surveillance tool against U.S. government personnel. NSO Group produces Pegasus, military-grade spyware that enables clients to discreetly access files, photos, and conversations.