Weekly threat roundup: Android, Windows 10, AMD

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Google fixes four Android bugs under attack

Google has addressed four vulnerabilities as part of its latest security update for Android that may be under limited, targeted exploitation. These can be abused to give hackers full control over Android devices.

These four vulnerabilities - CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, and CVE-2021-28664 - are embedded in the Qualcomm Graphics and Arm Mali GPU Driver components. These have been patched alongside a swathe of other flaws.

The first two affect the Qualcomm Graphics module. CVE-2021-1905 is described as a use-after-free flaw due to improper handling of memory mapping of multiple processes, and is rated 8.4 on the CVSS threat severity scale. The second, CVE-2021-1906, concerns inadequate handling of address deregistration, which can lead to a new GPU address allocation failure, according to Qualcomm.

The latter two are embedded in the Arm Mali GPU Driver component. CVE-2021-28663 can be exploited to allow an unprivileged user to launch information disclosure attacks or gain root privileges. The final flaw, CVE-2021-28664, similarly allows attackers to achieve read/write access to read-only memory, allowing privilege escalation or denial of service (DoS) attacks due to memory corruption.

Proof-of-concept exploit for wormable Windows 10 flaw unveiled

Security researcher Axel Souchet released a proof-of-concept exploit for a dangerous Windows 10 and Windows Server vulnerability that many fear can spread autonomously if exploited by hackers.

The vulnerability, tracked as CVE-2021-31166, is embedded in the HTTP Protocol Stack used by the Windows Internet Information Services (IIS) web server. It requires attackers to send malicious packets to targeted servers using the vulnerable HTTP Protocol Stack. Microsoft has also warned that the bug can allow unauthenticated attackers to execute arbitrary code remotely, in most cases.

Microsoft patched the flaw during this month’s Patch Tuesday round of updates, and has encouraged users to update their systems as soon as possible. Souchet's exploit this can trigger a denial of service (DoS) attack, leading to the blue screen of death (BSoD) on affected devices.

AMD discloses flaws in CPU encryption technology

AMD has acknowledged two vulnerabilities uncovered by security researchers affecting the first, second, and third generations of AMD EPYC, as well as EPYC embedded CPUs.

Both flaws, CVE-2020-12967 and CVE-2021-26311, are found in the Secure Encrypted Virtualisation (SEV) component of AMD processors. This is a security feature that uses a unique key to encrypt memory contents that are running on a virtual machine (VM) and managed by a hypervisor.

Related Resource

Leveraging knowledge management to scale business

Get the right knowledge to the right person at the right time

Woman sits on a stack of books with pages floating around her - Leveraging knowledge management to scale business - whitepaper from Document 360Download now

The first flaw could potentially lead to remote code execution in the guest virtual CPU. The second flaw, meanwhile, could allow memory to be rearranged in the guest address space and remain undetected, which could be used by a malicious hypervisor to conduct remote code execution within the guest. In both cases, a malicious administrator must have the appropriate privileges to compromise the server hypervisor.

Both flaws have been detailed in research papers that are set to be presented at this year’s IEEE Workshop on Offensive Technologies (WOOT’21). AMD has provided mitigation for the vulnerabilities, but these measures are only compatible with third-generation CPUs.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021
Crypto-mining hackers hit Kubernetes clusters
cryptocurrencies

Crypto-mining hackers hit Kubernetes clusters

10 Jun 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021