• Home
  • >
  • Blog
  • >
  • Serious Vulnerabilities Pose New Threats to Organisations

Serious Vulnerabilities Pose New Threats to Organisations

Steve Nice

Chief Technologist at Node4

Last week 3 vulnerabilities had been disclosed by Intel, Cisco and Microsoft. These vulnerabilities pose serious threats to organisation if not mitigated. Node4 are working closely with the vendors to understand the impact and mitigation requirements. Here’s what you need to know.

 

Microsoft RDP critical vulnerability

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical with a Remote Code Execution (RCE) vulnerability in Remote Desktop Protocol.

What is the impact?

Exploiting this vulnerability would allow an unauthenticated attacker to run arbitrary code on an affected system. This type of vulnerability is potentially wormable due to the lack of authentication and pervasiveness of the RDP service.

Have these vulnerabilities been exploited in the wild?

Although a proof-of-concept exploit has not yet been disclosed, this vulnerability should be remediated with very high priority across Windows 7, Server 2008, and Server 2008 R2.

Is there anything I can do now?

Disable RDP for any Internet facing system.

How does it affect Node4?

For Node4 managed clients, we will be applying vendor supplied patches once they have confirmed there’s no degradation of service. For non-managed clients, we recommend applying the patch as soon as possible.

 

ZombieLoad - Intel

ZombieLoad is a sub-class of previously disclosed speculative execution side channel vulnerabilities. Under certain conditions, the vulnerability provides a program with the potential means to read data that program otherwise would not be able to see. Practical exploitation of ZombieLoad is a very complex undertaking and does not, by itself, provide an attacker with a way to choose the data that is leaked.

What is the impact?

Exploiting the vulnerabilities outside the controlled conditions of a research environment is a complex undertaking. The vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it’s important to note that there are no reports of any real world exploits of these vulnerabilities.

Have these vulnerabilities been exploited in the wild?

We are unaware of any use of this exploit in the wild

How does it affect Node4?

Node4 will be applying vendor supplied patches once thorough internal testing has been completed to ensure no degradation of service as previous similar vulnerabilities have been known to introduce performance issues.

 

Thrangrycat - Cisco

Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module. Cisco’s TAm is a proprietary hardware security module used in a wide range of Cisco products and is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root.

What is the impact?

An attacker with root privileges on the device can modify the contents of the FPGA anchor bitstream, which is stored unprotected in flash memory. Elements of this bitstream can be modified to disable critical functionality in the TAm. Successful modification of the bitstream is persistent, and the Trust Anchor will be disabled in subsequent boot sequences

Have these vulnerabilities been exploited in the wild?

We are unaware of any use of this exploit in the wild.

Is there anything I can do now?

As an attacker would require root privileges, reviewing who has root access would be prudent.
Ensure you have best-practice device hardening in place

How does it affect Node4?

Node4 exposure is limited due to our multi-vendor infrastructure. Where devices are vulnerable these will be addressed during normal patch processes. For clients with affected Cisco equipment, Node4 will offer the option of applying vendor supplied patches once they have confirmed there’s no degradation of service and extensive testing has taken place.

 

If you'd like to chat with the team about any of the latest security risks, come along to Techfest to our Cyber Zone to discuss all things Security.