Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Microsoft Defender under active exploitation

Microsoft has fixed a serious zero-day remote access vulnerability in its Defender antivirus platform as part of its first Patch Tuesday round of bug fixes for 2021.

The vulnerability, tracked as CVE-2021-1647, is a remote code execution bug which hackers used to embed code on devices with Microsoft Defender installed, by tricking victims into opening a malicious document.

This was part of 83 bug fixes released this week across a range of Microsoft products, including Windows, Azure and other services. The tech giant also released a patch for a flaw in the Windows splwow64 services. This bug, tracked as CVE-2021-1648, could be exploited to escalate privileges.

Seven Adobe products receive Patch Tuesday treatment

Adobe Photoshop, Illustrator, InCopy, Animate, Bridge, Captivate and Campaign Classic all received eight security fixes this week as part of the company’s own round of Patch Tuesday updates.

All vulnerabilities were rated ‘critical’ apart from a privilege escalation flaw in Adobe Captivate 2019, which was deemed ‘important’. The flaws in Photoshop, Illustrator, InCopy, Animate, and two in Bridge, could all be exploited for arbitrary code execution.

The final bug, affecting Adobe Campaign Classic, is tracked as CVE-2021-21009, and can be exploited for the purposes of sensitive information disclosure.

SaferVPN flaw allows privilege escalation on Windows

The popular virtual private network (VPN) service SaferVPN is embedded with a flaw that could be exploited by hackers to escalate privileges on a victim’s Windows machine and run a malicious file.

In a Medium post, a security researcher known as nmht3t claimed he was publishing the details behind the vulnerability, as well as a proof-of-concept because SaferVPN hadn’t fixed it 90 days following disclosure.

Because low-privileged users are allowed to create folders under the C:\ drive, it’s possible for somebody to create an appropriate file path and place within it a malicious file. Once the VPN service starts, the file will load a malicious OpenSSL engine library, and allow result in arbitrary code execution on the system.

The flaw affects SaferVPN for Windows versions 5.0.3.3 through to the latest iteration, version 5.0.4.15, released on 12 January - there’s currently no patch available for this flaw.

Zero-days used to load websites with malware

Four now-patched zero-day vulnerabilities in Chrome have been flagged by Google’s Project Zero security research team as having been under active exploitation by cyber criminals during 2020.

These Google Chrome flaws were tracked as CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027. The attack itself was revealed to researchers as part of an initiative aimed at researching new ways to detect zero-day exploits in the wild.

The bugs were exploited through watering-hole attacks, which involved “highly sophisticated” attackers compromising frequently-visited websites and loading them with malicious code that installs malware on victims’ devices. The hackers targeted both Android and Windows users with the compromised sites by deploying two exploit servers, before fixes were released in February and April 2020.

Mimecast admits hackers access Microsoft accounts

Cyber criminals violated a small number of Mimecast customers’ Microsoft 365 accounts after they obtained one of the firm’s digital certificates and abused it to gain access to their user accounts.

Roughly 10% of customers use the connection involving this certificate, with no more than nine customers believed to be affected by the breach. Nevertheless, the incident represents a huge worry in light of the recent attack against SolarWinds.

As a precaution, Mimecast has asked the customers who use the affected certificate to immediately delete the existing connection within their Microsft 365 tenant, and re-establish a new certificate-based connection.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Monero miners target cloud-native development environments
cryptocurrencies

Monero miners target cloud-native development environments

5 Mar 2021
IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021