Security News

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. GRUB2 Bootloader Vulnerability Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables-leaving an opportunity for attackers to break the hardware root of trust mechanism.

Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft Windows Bounty Program, launched in 2017, which encompasses flaws in all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.

Microsoft announced last week that it has added scenario-based rewards to the Windows Insider Preview Bounty Program, with a top bounty of $100,000. As part of the WIP program, eligible researchers are invited by Microsoft to find vulnerabilities in the Windows Insider Preview Dev Channel, with general rewards ranging between $500 for denial-of-service issues and $5,000 for remote code execution flaws.

The U.S. Cybersecurity and Infrastructure Security Agency is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a "High potential for compromise of agency information systems." "CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," the agency said in the directive.

The US Cybersecurity and Infrastructure Security Agency has instructed government agencies to immediately address a vulnerability affecting Windows DNS servers. The flaw, which impacts Windows Server versions released in the past 17 years, allows a remote, unauthenticated attacker to run arbitrary code on affected Windows DNS servers using specially crafted requests.

The good news for most of us, at least in terms of patching, is that this vulnerability only affects Windows servers, because the bug is in the Windows DNS server code, not in the Windows DNS client code. DNS servers often need to perform client-like functions, for example by passing on requests that they can't answer themselves to other servers that can, reading in the replies and reformatting them to reply to the original client request that came in.

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.

Microsoft on Tuesday patched a wormable hole in its Windows Server software that can be exploited remotely to completely commandeer the machine without any authorization. Some 18 of those CVE-listed security flaws are considered critical, meaning remote code execution is possible without user interaction.

With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older. An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.