Weekly threat roundup: Exchange Server, AMD CPUs, Azure Cosmos DB

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Microsoft Exchange Server vulnerable to information disclosure bug

A now-patched flaw in Microsoft Exchange Server could be exploited by unauthenticated users to perform configuration actions on targeted mailboxes and leak personal data.

The vulnerability, tracked as CVE-2021-33766 and dubbed ProxyToken, lies in the platform's Delegated Authentication feature. This is a mechanism in which the front-end site passes authentication requests to the back-end system when it detects a SecurityToken cookie.

Because Microsoft Exchange must be configured to use this feature, the module that handles this often isn’t loaded, and attackers might take advantage of an effective bypass of the authentication check. This can be abused to disclose personal information, with an attacker, for example, able to copy all email addresses on a targeted account and forward these to an account they control.

Hackers exploit WebSVN flaw to launch malware

Cyber criminals are abusing a flaw in the open source web application for browsing source code, WebSVN, to deploy variants of the Mirai malware.

The critical command injection flaw tracked as CVE-2021-32305, discovered and patched earlier this year, is still being abused in unpatched versions of the application, according to researchers with Palo Alto Networks.

A proof-of-concept for exploitation was released in June, and a week later, cyber criminals seized on the vulnerability to deploy variants of the infamous Mirai distributed denial of service (DDoS) malware.

Hackers have abused this command injection flaw to download a shell script that infects a targeted system with the malware strain. From this point, they’ve used the initial attack as a platform from which to launch DDoS attacks.

AMD chips vulnerable to Meltdown-style attacks

All CPUs developed by AMD are susceptible to attacks that mirror the infamous Meltdown vulnerability identified a number of years ago that affected Intel CPUs.

Related Resource

The essential cyber security toolkit for SMBs

Practical tips for cyber security training

a guide to cyber security for SMBs - Datto whitepaperFree download

Researchers at TU Dresden in Germany discovered a flaw tracked as CVE-2020-1296, which is described as “transient execution of non-canonical accesses”. When combined with specific software sequences, AMD CPUs "may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage”, according to the comapny.

The scientists who discovered the flaw also described the exploit mechanism as “very similar to Meltdown-type behaviour”.

This data leakage flaw can be exploited to access secrets stored on a computer, with all AMD CPUs affected. 

‘Worst possible cloud flaw’ hits Microsoft Azure Cosmos DB

Microsoft has warned thousands of its Azure customers that hackers might have compromised their databases.

The vulnerability lies in Microsoft’s Azure Cosmos DB and allows intruders to read, alter, and delete information, according to the security researchers with Wiz.

Companies use Cosmos DB to manage massive amounts of data in real-time. The exploit, dubbed ChaosDB, was described as “the world cloud vulnerability you can imagine” with the researchers able to gain access to any customer database they wanted.

The ChaosDB exploit relies on the Jupyter Notebook feature that allows customers to visualise their data and create customised views, which was introduced to all Cosmos DBs in February. A series of misconfigurations means this feature opened up an attack vector that the researchers were able to exploit. Microsoft has turned off the feature for all accounts, and it’s now subject to a security redesign.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021