Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Microsoft Defender under active exploitation

Microsoft has fixed a serious zero-day remote access vulnerability in its Defender antivirus platform as part of its first Patch Tuesday round of bug fixes for 2021.

The vulnerability, tracked as CVE-2021-1647, is a remote code execution bug which hackers used to embed code on devices with Microsoft Defender installed, by tricking victims into opening a malicious document.

This was part of 83 bug fixes released this week across a range of Microsoft products, including Windows, Azure and other services. The tech giant also released a patch for a flaw in the Windows splwow64 services. This bug, tracked as CVE-2021-1648, could be exploited to escalate privileges.

Seven Adobe products receive Patch Tuesday treatment

Adobe Photoshop, Illustrator, InCopy, Animate, Bridge, Captivate and Campaign Classic all received eight security fixes this week as part of the company’s own round of Patch Tuesday updates.

All vulnerabilities were rated ‘critical’ apart from a privilege escalation flaw in Adobe Captivate 2019, which was deemed ‘important’. The flaws in Photoshop, Illustrator, InCopy, Animate, and two in Bridge, could all be exploited for arbitrary code execution.

The final bug, affecting Adobe Campaign Classic, is tracked as CVE-2021-21009, and can be exploited for the purposes of sensitive information disclosure.

SaferVPN flaw allows privilege escalation on Windows

The popular virtual private network (VPN) service SaferVPN is embedded with a flaw that could be exploited by hackers to escalate privileges on a victim’s Windows machine and run a malicious file.

In a Medium post, a security researcher known as nmht3t claimed he was publishing the details behind the vulnerability, as well as a proof-of-concept because SaferVPN hadn’t fixed it 90 days following disclosure.

Because low-privileged users are allowed to create folders under the C:\ drive, it’s possible for somebody to create an appropriate file path and place within it a malicious file. Once the VPN service starts, the file will load a malicious OpenSSL engine library, and allow result in arbitrary code execution on the system.

The flaw affects SaferVPN for Windows versions 5.0.3.3 through to the latest iteration, version 5.0.4.15, released on 12 January - there’s currently no patch available for this flaw.

Zero-days used to load websites with malware

Four now-patched zero-day vulnerabilities in Chrome have been flagged by Google’s Project Zero security research team as having been under active exploitation by cyber criminals during 2020.

These Google Chrome flaws were tracked as CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027. The attack itself was revealed to researchers as part of an initiative aimed at researching new ways to detect zero-day exploits in the wild.

The bugs were exploited through watering-hole attacks, which involved “highly sophisticated” attackers compromising frequently-visited websites and loading them with malicious code that installs malware on victims’ devices. The hackers targeted both Android and Windows users with the compromised sites by deploying two exploit servers, before fixes were released in February and April 2020.

Mimecast admits hackers access Microsoft accounts

Cyber criminals violated a small number of Mimecast customers’ Microsoft 365 accounts after they obtained one of the firm’s digital certificates and abused it to gain access to their user accounts.

Roughly 10% of customers use the connection involving this certificate, with no more than nine customers believed to be affected by the breach. Nevertheless, the incident represents a huge worry in light of the recent attack against SolarWinds.

As a precaution, Mimecast has asked the customers who use the affected certificate to immediately delete the existing connection within their Microsft 365 tenant, and re-establish a new certificate-based connection.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
New DNS vulnerabilities put millions of IoT devices at risk
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021