TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

Critical Windows code-execution vulnerability went undetected until now

Staff by Staff
December 28, 2022
in Computer
0
Critical Windows code-execution vulnerability went undetected until now
466
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.

Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required.

But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.

“An attacker can trigger the vulnerability via any Windows application protocols that authenticates,” Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability, said in an interview. “For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”

Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of “important.” In the routine course of analyzing vulnerabilities after they’re patched, Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue.

Advertisement

CVE-2022-37958 resides in the SPNEGO Extended Negotiation, a security mechanism abbreviated as NEGOEX that allows a client and server to negotiate the means of authentication. When two machines connect using Remote Desktop, for instance, SPNEGO allows them to negotiate the use of authentication protocols such as NTLM or Kerberos.

CVE-2022-37958 allows attackers to remotely execute malicious code by accessing the NEGOEX protocol while a target is using a Windows application protocol that authenticates. Besides SMB and RDP, the list of affected protocols can also include Simple Message Transport Protocol (SMTP) and Hyper Text Transfer Protocol (HTTP) if SPNEGO negotiation is enabled.

One potentially mitigating factor is that a patch for CVE-2022-37958 has been available for three months. EternalBlue, by contrast, was initially exploited by the NSA as a zero-day. The NSA’s highly weaponized exploit was then released into the wild by a mysterious group calling itself Shadow Brokers. The leak, one of the worst in the history of the NSA, gave hackers around the world access to a potent nation-state-grade exploit.

Palmiotti said there’s reason for optimism but also for risk: “While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time,” said Palmiotti. “As we’ve seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether.”

IBM’s writeup of the vulnerability is here.



Source link

Previous Post

How To Fix Ezoic Ads Txt Using The Ads.txt Manager > 9ja Tide

Next Post

TSMC to Announce 3nm Mass Production Has Begun

Next Post
TSMC to Announce 3nm Mass Production Has Begun

TSMC to Announce 3nm Mass Production Has Begun

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

How do you do the octopus tongue?

August 23, 2022
Reduce Costs with Devops

How to Reduce Costs With DevOps

August 19, 2022

Trending.

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

Who is the new weather man on Channel 4 Detroit?

August 24, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

What is a 100000 year period called?

August 23, 2022

Who recently left WDIV?

August 24, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com