The Department of Homeland Security Cybersecurity and Infrastructure Security Agency alerted to two Microsoft software updates. The recent patch (August 12, 2020) addresses both a vulnerability to spoofing and a flaw to remote execution of code (RCE) currently under active exploit.
The RCE flaw CVE-2020-1380 is found in the way the scripting engine handles objects in Internet Explorer memory, which can get exploited in a way that would allow an actor the ability to execute arbitrary code while posing as a current user.
In truth, a successful hack will give the same user rights for an actor as for the current user. As such, if the current user is logging in with administrative rights, the flaw will allow the actor to take full control of the affected system and then install programs and access, modify or delete data and create new user accounts with user rights.
Recent research indicates that an attacker might host a specially crafted website in case of a web-based attack which is designed to exploit the vulnerability through Internet Explorer and then convince a user to access the website.
The research also denotes, In an application or Microsoft Office document that hosts the IE rendering engine, a hacker may inject an ActiveX control marked ‘secure for initialization. The hacker can also take advantage of compromised websites and websites which accept or host content or advertisements provided by the user. These websites might also contain specially crafted content which might exploit the vulnerability deeper.
How bad was it?
Microsoft’s patch fixed the vulnerability by changing the way the scripting engine handles memory. The vulnerability is found In Windows 10, Windows 7, Windows 8.1, Windows Server 2008, and Windows Server 2012.
The flaw was misused successfully and now organizations should prioritize patching to avoid falling victim to an attack. Microsoft could not specify workarounds or other methods of mitigation.
Microsoft has also released a patch for a spoofing flaw identified as CVE-2020-1464, which occurs when Windows validates file signatures incorrectly. A successful hack would allow an attacker to bypass security to load signed files improperly.
System vulnerabilities are a key entry point for several hacking groups, especially those who demand ransomware. Research from Unit 42 of Palo Alto Network showed in June a new malware campaign known as Lucifer is deliberately courting a host of unpatched high risk and vital vulnerabilities in Windows to launch crypto-jacking and denial-of-service attacks.
Earlier, the FBI cautioned that cybercriminals have increasingly exploited security flaws in remote desktop protocols and vulnerabilities in software since there has been an upsurge in ransomware attacks.
What’s the Solution?
The outcomes of a data breach may range from minimal impact on companies in all sectors to millions of dollars in losses. Having this in mind, data breach planning is extremely important along with the changing regulatory landscape, and far from optional. You should be seeking advice from an experienced cybersecurity company for proper planning and response to data breach events.
Do not let your hard-built business collapse with a simple data breach!