Security News
A fifth flaw, was publicly disclosed but not exploited in the wild. Of more interest are the critical flaws in Hyper-V and VBScript that allow remote code execution via a guest account or a VBScript engine code break.
Microsoft's Update Tuesday patches for April 2020 address 113 vulnerabilities, including three Windows flaws that have been exploited in attacks for arbitrary code execution and privilege escalation. Microsoft has patched two actively exploited remote code execution vulnerabilities related to the Adobe Type Manager Library.
Five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and mobile devices running Android while remaining undetected for nearly a decade, according to BlackBerry. Linux runs nearly all of the top 1 million websites online, 75% of all web servers, 98% of the world's supercomputers and 75% of major cloud service providers.
Such attacks are possible because Zoom for Windows supports remote UNC paths that convert potentially insecure URIs into hyperlinks when received via chat messages to a recipient in a personal or group chat. Hacking Zoom to Steal Windows Passwords Remotely Confirmed by researcher Matthew Hickey and demonstrated by Mohamed Baset, the first attack scenario involves the SMBRelay technique that exploits the fact that Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.
One of the benefits of DTrace is the ability to use more than one probe, providing the tools you need to understand how events are related, and helping to track down complex bugs that traditional debugging tools can't pinpoint. Microsoft has now ported DTrace to Windows, building on the Open DTrace code and specification, adding specific Windows features with support for Event Tracing for Windows, for Windows system calls, and for Windows Process IDs.
In a rare find, a researcher has unveiled dozens of related bugs in a core Windows API that could enable attackers to elevate their privileges in the operating system. The bugs take advantage of a long-understood problem with win32k, which is the user interface kernel component in Windows.
Return-oriented programming has been a very common technique that's particularly hard to block, because instead of trying to inject their own code into running processes, attackers look for small chunks of the legitimate code that's already in memory that contain 'returns' - where the code jumps forward to a new routine or back to the main thread. "With ROP, I can't create new code; I can only jump around to different pieces of code and try to string that together into a payload," Dave Weston, director of OS security at Microsoft told TechRepublic. If the legitimate code has a memory safety bug like a buffer overflow, corrupting those pointers in memory means the system starts running the attacker's own code instead of going back to the address in the program's call stack.
A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges. The researcher tested the flaws on a guest account on the latest Windows Insider Preview, which was updated last in September 2019.
A new Windows malware has emerged that makes disks unusable by overwriting the master boot record. Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that caused widespread, global financial damage.
Researchers have published proof-of-concept exploits to demonstrate that the Windows vulnerability tracked as SMBGhost and CVE-2020-0796 can be exploited for local privilege escalation. The critical flaw, described as "Wormable" and related to the way SMB 3.1.1 handles certain requests, affects Windows 10 and Windows Server versions 1903 and 1909.