Security News

Google last week announced the release of proof-of-concept code designed to exploit the notorious Spectre vulnerability and leak information from web browsers. In 2019, the Google team responsible for Chrome's V8 JavaScript engine said that the attack can't be mitigated at the software level, arguing that security boundaries in browsers should be aligned with low-level primitives, such as process-based isolation.

While there is no concrete explanation for the widespread exploitation by so many different groups, speculations are that the adversaries shared or sold exploit code, resulting in other groups being able to abuse these vulnerabilities, or that the groups obtained the exploit from a common seller. For its part, the Dutch Institute for Vulnerability Disclosure reported Tuesday that it found 46,000 servers out of 260,000 globally that were unpatched against the heavily exploited ProxyLogon vulnerabilities.

Since Microsoft disclosed actively exploited Microsoft Exchange security vulnerabilities, known collectively as ProxyLogon, administrators and security researchers have been scrambling to protect vulnerable servers exposed on the Internet. The PoC provided enough information that security researchers and threat actors could use it to develop a functional remote code execution exploit for Microsoft Exchange servers.

Software giant Microsoft Corp. has launched an investigation to determine whether one of its flagship information-sharing programs sprung a leak that led to the widespread exploitation of Exchange server deployments around the world. According to a bombshell report in the Wall Street Journal, Redmond is looking closely at its Microsoft Active Protections Program to figure out if an anti-malware partner in China leaked proof-of-concept code ahead of the availability of security updates.

Google has published JavaScript proof-of-concept code to demonstrate the practicality of using Spectre exploits targeting web browsers to access information from a browser's memory. According to the Google Security Team, the PoC shared today works across a wide range of processor architectures, operating systems, and hardware generations.

A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability. SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept exploit code for a critical remote code execution bug affecting a Windows graphics component. The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.

After security researchers have developed and published proof-of-concept exploit code targeting a critical vCenter remote code execution vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

Details and a proof-of-concept exploit have been released for an unpatched privilege escalation vulnerability in Windows related to the PsExec administration tool. According to Wells, the vulnerability is a local privilege escalation issue that can be exploited by a non-admin process to elevate privileges to SYSTEM when PsExec is executed remotely or locally on the targeted computer.

A day after proof-of-concept exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. PoC exploits for the flaw - as well as 11 other issues in Cisco Security Manager - were published online Monday by security researcher Florian Hauser.