Security News

Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server. We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."

Windows users looking to install a VPN app are in danger of downloading one that's been bundled with a backdoor, Trend Micro researchers warn. The trojanized installer is offered on third-party download sites and users who download and run it are unlikely to notice that something is wrong with it.

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

As you can probably tell from the name, it involves Windows - everyone else talks about logging in, but on Windows you've always very definitely logged on - and it is an authentication bypass, because it lets you get away with using a zero-length password. On a Windows network, the secret component is the domain password of the computer you're connecting from.

Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities. The tool Microsoft has released is called "OneFuzz" and the company says it is "The testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world."

Proof-of-concept exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies' Active Directory domain controllers. "This attack has a huge impact: It basically allows any attacker on the local network to completely compromise the Windows domain," said researchers with Secura, in a Friday whitepaper.

In the animation above, you can see how double-clicking a.theme file launches the Windows Settings app, automatically navigates to the Preferences > Themes section, and then opens, copies, selects and renders the new wallpaper file justatest. As Bohops and others have pointed out, you can use a Windows UNC path instead of a website name in a Theme file, which tells Windows to use its file-based networking instead of a regular HTTP connection to retrieve the file.

Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows. "Cisco Jabber uses XHTML-IM by default for all messages. A malicious message can therefore easily be created by intercepting an XMPP message sent by the application and modifying it. Attackers can do this manually on their own machine or it can be automated to create a worm that spreads automatically," the company continues.
Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities-which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. Two of the four flaws can be exploited to gain remote code execution on target systems by sending specially crafted chat messages in group conversations or specific individuals.