Weekly threat roundup: SAP, Windows 10, Chrome

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

SAP exploit grants root access to corporate servers

Bicycles outside the SAP offices

Hackers can take advantage of a fully-functional exploit that abuses a vulnerability in the SAP Solution Manager. Tracked as CVE-2020-6207, this flaw is a missing authentication check in EEM Manager, a component of the Solution Manager, and is rated a perfect 10/10 on the CVSS threat scale.

Solution Manager is an administrative system used in all SAP environments and centralises the management of all SAP and non-SAP systems within the SAP landscape. By exploiting this flaw, cyber criminals can gain root access to enterprise servers, and access mission-critical applications, business processes and data. They’ll need access to the Solution Manager HTTP(s) port, and can execute the exploit remotely.

Onapsis previously identified this flaw in 2020 and demonstrated at the Black Hat conference how it could be chained with two other flaws to give remote attackers root access. SAP issued a patch for the flaw in March of last year. Onapsis, however, has continued to scan for activity in the wild and have encountered this new exploit published by a Russian researcher on Github.

Unpatched Windows 10 flaw can corrupt your hard drive

Plasters over a hard disc drive to symbolise patch management

Microsoft is working on a fix for a “nasty” vulnerability in Windows 10 that can corrupt users’ hard drives. It can be triggered by opening a specially crafted file name inserted in any folder, according to the Verge, and has apparently existed in Windows for several years.

The vulnerability was flagged by security researcher Jonas L, and corroborated by vulnerability analyst Will Dormann. He suggested the problem seems to have been introduced with Windows 10 version 1803, and that he had reported a similar issue to Microsoft almost two years ago. 

The flaw poses a security risk, given it’s possible for an attacker to hide a specially crafted line inside a ZIP folder, for instance, or even a shortcut. When this specific path is opened, the vulnerability will present a message claiming that your hard drive is corrupted. Microsoft confirmed to the Verge that a fix for this bug will be published in a future Windows update.

Flaws in DNS software can be chained to devastating effect

An Android smartphone laid flat on a surface beside a model of the Android mascot

Seven vulnerabilities have been discovered in DNSMasq, software used for domain name system (DNS) caching and IP address assignment, which can be exploited by attackers to mount DNS spoofing attacks, or compromise networking devices.

Researchers with JSOF have found three bugs that allow DNS spoofing and four buffer overflow flaws, the worst of which can lead to the execution of arbitrary code remotely on a vulnerable device. The vulnerable DNSMasq software is used in Cisco routers, Android phones, Aruba devices, as well as systems built by Technicolor, Red Hat, Siemens, Ubiquiti networks, Comcast, and others.

While each of these vulnerabilities has a limited impact in isolation, the researchers found that these can be combined in chained in certain ways to build extremely effective multi-staged attacks. While there are several minor workarounds available, the only full mitigation is for manufacturers to update DNSMasq to version 2.83 or above.

RCE exploit fixed in Google Chrome

The Chrome app on a mobile phone

Google has released a Chrome browser update addressing a number of flaws including a critical vulnerability tracked as CVE-2021-21117. This is the most severe of the 36 fixes and centres on ‘insufficient policy enforcement in Cryptohome’.

This bug can be successfully exploited by an attacker to execute arbitrary code remotely. Attackers would be able to view, change, or delete data depending on the privileges associated with the browser, meaning it can be partially mitigated if the application is configured with weaker administrative rights.

These 36 security fixes have been bundled with version 88.0.4324.96 of Chrome, which also includes a tool which users can deploy to check whether their passwords should be strengthened. The feature makes it easier to fix weaker passwords by scanning various combinations held in the Chrome password manager and highlighting the weakest links.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Monero miners target cloud-native development environments
cryptocurrencies

Monero miners target cloud-native development environments

5 Mar 2021
IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021