Weekly threat roundup: Exchange Server, AMD CPUs, Azure Cosmos DB

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Microsoft Exchange Server vulnerable to information disclosure bug

A now-patched flaw in Microsoft Exchange Server could be exploited by unauthenticated users to perform configuration actions on targeted mailboxes and leak personal data.

The vulnerability, tracked as CVE-2021-33766 and dubbed ProxyToken, lies in the platform's Delegated Authentication feature. This is a mechanism in which the front-end site passes authentication requests to the back-end system when it detects a SecurityToken cookie.

Because Microsoft Exchange must be configured to use this feature, the module that handles this often isn’t loaded, and attackers might take advantage of an effective bypass of the authentication check. This can be abused to disclose personal information, with an attacker, for example, able to copy all email addresses on a targeted account and forward these to an account they control.

Hackers exploit WebSVN flaw to launch malware

Cyber criminals are abusing a flaw in the open source web application for browsing source code, WebSVN, to deploy variants of the Mirai malware.

The critical command injection flaw tracked as CVE-2021-32305, discovered and patched earlier this year, is still being abused in unpatched versions of the application, according to researchers with Palo Alto Networks.

A proof-of-concept for exploitation was released in June, and a week later, cyber criminals seized on the vulnerability to deploy variants of the infamous Mirai distributed denial of service (DDoS) malware.

Hackers have abused this command injection flaw to download a shell script that infects a targeted system with the malware strain. From this point, they’ve used the initial attack as a platform from which to launch DDoS attacks.

AMD chips vulnerable to Meltdown-style attacks

All CPUs developed by AMD are susceptible to attacks that mirror the infamous Meltdown vulnerability identified a number of years ago that affected Intel CPUs.

Related Resource

The essential cyber security toolkit for SMBs

Practical tips for cyber security training

a guide to cyber security for SMBs - Datto whitepaperFree download

Researchers at TU Dresden in Germany discovered a flaw tracked as CVE-2020-1296, which is described as “transient execution of non-canonical accesses”. When combined with specific software sequences, AMD CPUs "may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage”, according to the comapny.

The scientists who discovered the flaw also described the exploit mechanism as “very similar to Meltdown-type behaviour”.

This data leakage flaw can be exploited to access secrets stored on a computer, with all AMD CPUs affected. 

‘Worst possible cloud flaw’ hits Microsoft Azure Cosmos DB

Microsoft has warned thousands of its Azure customers that hackers might have compromised their databases.

The vulnerability lies in Microsoft’s Azure Cosmos DB and allows intruders to read, alter, and delete information, according to the security researchers with Wiz.

Companies use Cosmos DB to manage massive amounts of data in real-time. The exploit, dubbed ChaosDB, was described as “the world cloud vulnerability you can imagine” with the researchers able to gain access to any customer database they wanted.

The ChaosDB exploit relies on the Jupyter Notebook feature that allows customers to visualise their data and create customised views, which was introduced to all Cosmos DBs in February. A series of misconfigurations means this feature opened up an attack vector that the researchers were able to exploit. Microsoft has turned off the feature for all accounts, and it’s now subject to a security redesign.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021