Weekly threat roundup: Zyxel, Samsung Galaxy, Windows 10

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Admin-level backdoor in Zyxel’s VPNs

The Zyxel company logo as seen on its website through a magnifying glass

Zyxel customers are being urged to upgrade the firmware of their virtual private network (VPN), firewall, and access point controller products due to a serious hardcoded credential vulnerability.

Assigned CVE-2020-29583, the now-patched vulnerability essentially served as a backdoor account using a username and password that were both visible in plain text within Zyxel system binaries that run firmware version 4.60 Patch0. This ‘zyfwp’ account was included to deliver automatic firmware updates, although an individual could exploit the embedded flaw to gain root access to the Zyxel device, according to researchers with Eye Control.

The flaw affected dozens of individual products, with businesses using the company’s VPNs, firewalls, and access point controllers being urged to install version 4.60 Patch1 as soon as possible.

Samsung Galaxy fingerprint glitches return

A smartphone with a fingerprint scanner displayed on the screen

The latest Samsung Galaxy Note 20 series was embedded with a fingerprint scanning flaw that mirrored the alarming 'fake fingerprint' vulnerability in Samsung Galaxy S10 and Note 10 devices.

A firmware update released this month patched a number of vulnerabilities, including SVE-2020-19216, branded ‘false recognition of fingerprint scanner’. According to the description, the flaw centred on odd behaviour centred on the smartphone’s screen protector resulting in a high false recognition rate.

There’s nothing in the patch notes that suggest the flaw led to a higher ‘false acceptance rate’, which was the problem plaguing the previous generation of Samsung Galaxy devices. These problems were so severe that major banks, such as Nationwide and Natwest, withdrew biometric support for their apps on affected devices until the issues were resolved.

Windows 10 escalation of privilege flaw

The Windows key being pushed on a blue laptop

On Christmas Eve, Google’s Project Zero security team published the details around a severe elevation of privilege flaw in Windows 10 that has been exploited in the wild.

The privilege of escalation vulnerability was first disclosed to Microsoft on 24 September, although it was eventually disclosed publicly after the 90-day window elapsed, even though a patch had yet to be released.

The flaw involves the ‘splwow64’ process and can be exploited if an attacker sends a local procedure call (LCP) message from another low-intensity malicious process. This would allow them to write arbitrary values to an arbitrary address in splwow64’s memory space.

The researcher behind the disclosure, Maddie Stone, said the original issue, assigned CVE-2020-0986, wasn’t properly fixed when Microsoft first attempted to patch it in June 2020, and that attackers only needed to make a few tweaks to continue to exploit the flaw, now identified as CVE-2020-17008. It’s expected that a patch will be available in the next patch Tuesday round of fixes.

TCP/IP flaws expose IoT and OT systems

Dozens of vulnerabilities are embedded in millions of internet of things (IoT) and operation technology (OT) systems, according to a report published in December by Forescout Research Labs.

The findings identified 33 flaws in four TCP/IP stacks, dubbed AMNESIA:33, leaving products belonging to more than 150 vendors compromised. Analysis has found the TCP/IP stacks are vulnerable across the board, with many of these flaws arising from bad software development practices. Feature-rich protocols, such as DNS, are also particularly affected.

Despite its claims that millions of devices are affected, the researchers added that it’s difficult to determine which devices are affected because of the complexity of IoT and OT supply chains.

However, some mitigating actions can be taken, such as disabling or blocking IPv6 traffic when it’s not needed since a handful of the flaws relate to IPv6 components. Devices should also be configured to rely on internal DNS servers as much as possible. Businesses should, finally, monitor network traffic for malformed packets.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
Ofcom report reveals alarming uptick in smishing attacks
scams

Ofcom report reveals alarming uptick in smishing attacks

22 Oct 2021
Graylog launches new cyber security solution to address legacy issues
cyber security

Graylog launches new cyber security solution to address legacy issues

21 Oct 2021
US to ban surveillance software exports to authoritarian governments
cyber security

US to ban surveillance software exports to authoritarian governments

21 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021