zero-day Archives

Latest Chrome Update Highlights Numerous Vulnerabilities

Chrome, Ophtek, Updates, zero-daychrome, Ophtek, updates, zero-click attacksOphtek, LLC

Aug 2022

Chrome is the most popular web browser on the market by far, but its success is no guarantee of being free from vulnerabilities as a new update shows.

No piece of software is created perfectly, so there’s always a need to update and refine applications. In particular, security vulnerabilities are one of the most common issues which software designers find themselves needing to go back and solve. And this is because threat actors will use all their resources to discover even the tiniest chink in an application’s armor. Once this has been discovered, they’re presented with the opportunity to bypass security and exploit the software.

Chrome’s latest update comes packed full of functionality upgrades, but also 11 security fixes. As it’s likely your organization regularly works with Chrome, we’re going to look at what this patch offers you.

What is Chrome’s Latest Update?

The latest update from Chrome – details of how to install it are here – delivers a variety of fixes which include:

A zero-day vulnerability – tagged as CVE-2022-2856 – which has allowed hackers to take advantage of a flaw in Web Intents, a process which allows web apps to connect with web services.
Several ‘use-after-free’ vulnerabilities, these are flaws that are usually opened when an application fails to clear its memory when used. This scenario provides a foothold to threat actors looking to breach security.
A heap buffer overload vulnerability relating to downloads made through Chrome, a vulnerability which allows memory corruption to open a backdoor for threat actors.

t only takes one vulnerability to compromise a PC, so the need to patch 11 vulnerabilities strikes a major blow to Chrome’s reputation. To make matters worse, this is the fifth zero-day vulnerability Chrome have had to issue in 2022. Digging deeper into the contents of the update, it also becomes apparent that ‘use-after-free’ errors are a significant problem within Chrome at present.

Is Chrome Safe to Use?

Computer Keyboard with symbolic padlock key

Chrome will continue to work even without the latest update. However, the protection at its disposal will be lacking any substantial strength. There’s a chance, of course, you won’t fall victim to a cyber-attack which exploits these flaws, but do you really want to take a chance? The sensible answer is: NO! And, although Chrome haven’t released any specific details about these latest vulnerabilities, you can bet your bottom dollar that hackers will now be focusing their attention on Chrome.

Therefore, it’s crucial you install this latest Chrome update as soon as possible. Even if your organization’s preference is, for example, to use the Edge browser, you need to update Chrome if it’s present on your PCs. This is the only way to ensure that security gaps are plugged. Naturally, there will be further vulnerabilities which remain unidentified, but you can only deal with threats which are known. Chrome, on the whole, is a reputable and safe browser, you just need to make sure that automatic updates are activated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows is one of the most popular operating systems around and, as it’s a Microsoft product, you would like to think it’s safe. But this isn’t quite true.

As part of their January 2022 ‘Patch Tuesday’ report, Microsoft announced that 97 new security vulnerabilities had been discovered across its range of operating systems. And with an estimated 1 billion Windows PCs in use across the globe, this is very concerning. Any operating system, of course, is a highly complex piece of software. The sheer amount of coding required, to deliver high quality functionality, means that mistakes are inevitable. And then there are the hackers, individuals who are determined to find new and innovative ways to breach Windows.

What Were the Vulnerabilities?

Nine of the reported vulnerabilities were classed as critical by Microsoft, with the remaining 88 being classed as significant threats. Technical details are yet to be released, but it’s known that some of the critical vulnerabilities were associated with Microsoft Exchange Servers and the HTTP Protocol Stack. And, in particular, the HTTP Protocol Stack vulnerabilitiy is one which would allow hackers to allow remote code execution i.e. taking control of an affected PC from a remote connection.

Six of the vulnerabilities discovered have also been categorized as zero-day vulnerabilties. These affect a range of Windows background processes and, as they are classed as zero-day, it’s believed that they were known to hackers before Microsoft’s announcement. Collectively, the 97 vulnerabilities are believed to have impacted the security of major Microsoft applications including Excel, Word, Edge, Windows Defender and all manner of network tools. As a result, it’s believed that users of Windows 7, Windows 8, Windows 10, Windows 11, Windows Server 2019 and even Windows Server 2022 are all at risk.

How Can Windows Users Stay Safe?

Naturally, any user of Windows is likely to be very concerned after reading the above. But the good news is that Microsoft’s January 2022 patch addresses all of these vulnerabilities. Installing it, therefore, should be the number one priority for any PCs running Windows. And that will be nearly all of them. Unfortunately, for those running Windows Server 2019 and Server 2022, this patch was withdrawn due to bugs it was generating in these environments. Users of these operating systems should remain extra vigilant and ensure that automatic Windows updates are in place.

Final Thoughts

The last few months have been relatively poor for Microsoft when it comes to patching vulnerabilities. In September 2021, it was revealed that their patch for the ‘PrintNightmare’ flaw contained bugs which negatively affected numerous printers. And, now, it appears to be history repeating itself with Windows Server users left vulnerable to both security risks and buggy updates. These issues will, no doubt, be rectified quickly but, as ever, time is of the essence when it comes to PC security. Ultimately, installing each and every security update remains the very best practice for protecting your IT devices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Log4Shell Vulnerability Hits Major Web Services

Hackers, Javascript, Log4Shell, Ophtek, Software Security Patches, zero-dayhackers, Java, Log4Shell, Ophtek, software secuirty patches, zero dayOphtek, LLC

Dec 2021

A new zero-day exploit has been discovered which could easily disrupt the services of several major online platforms such as Twitter, Minecraft and Steam.

The vulnerability, which has been named Log4Shell, was recently discovered by LunaSec’s security researchers. It was first located within the Minecraft platform, which is operated by Microsoft, and has since been found in many other online services. The exploit was found in an open source logging utility known as Apache Log4j, an essential tool which is necessary in most Java-based apps and servers. It’s estimated that thousands of companies are likely to be at risk due to this vulnerability.

Vulnerabilities remain a major threat for every organization that employs an IT infrastructure, so we’re going to take a closer look at Log4Shell to see what lessons can be learned.

How Does the Log4Shell Vulnerability Work?

Log4Shell is known as a zero-day exploit and this means that it’s a natural vulnerability, likely due to an oversight on the original coders, which has been discovered but not yet patched. Hackers are determined individuals and are constantly focusing their efforts on analyzing software for vulnerabilities. Once a vulnerability is discovered, hackers can take advantage of it and, for example, gain unauthorized access to web servers. And, if like Apache Log4j, it’s a widely used utility, the hackers can replicate this attack against numerous organizations.

Web monitoring services have detected that around 100 hosts are actively scanning the internet to identify services which are running Apache Log4j. This scanning process is automated, so it can be left running continuously. Once platforms running Apache Log4j are identified, hackers have a relatively easy victim in their sights. All it would take is for the exploit to be taken advantage of and, very quickly, the hackers would be able to move deeper into the IT infrastructures of some major online businesses.

Protecting Yourself Against Vulnerabilities

Vulnerabilities such as Log4Shell are, unfortunately, inevitable due to the complexity of building software. Open source software, in particular, is difficult to police once it has been released and, of course, human error means nothing will ever be 100% secure. No specific damage has, as of this time of writing, been associated with the Log4Shell exploit, but the number of individuals at risk is very concerning. Thankfully, Apache have quickly developed a security patch for Log4j which will counter the vulnerability once it is installed.

The key takeaway from the Log4Shell vulnerability is that security patches are crucial. These need to be installed as soon as possible to mitigate any potential security breaches. However, there are other steps you can take minimize your risk:

Monitor your network activity for any unusual spikes in traffic or unknown destinations making connections. These indicators could be evidence that your infrastructure has been exploited.

Installing a strong firewall will allow you to restrict the flow of internet traffic in and out of your organization. A fully configurated firewall should quickly put the brakes on any unauthorized access to your network.

Protect devices on your network by using powerful security tools. These will provide you with a number of options for limiting the movements of hackers through your network if they manage to gain access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Windows Print Spooler Vulnerability Accidentally Leaked

Cyber Security, Microsoft, Network, Ophtek, patches, print spooler, zero-daymicrosoft, network, Ophtek, patch, print spooler, security, zero-dayOphtek, LLC

Jul 2021

If a hacker can find a software vulnerability, then it grants them easy access to a PC. This is even easier when a vulnerability is leaked by researchers.

Security researchers are constantly searching for software and hardware vulnerabilities. But where researchers and hackers differ is their intent. A security researcher wants to legitimately identify vulnerabilities so that they can be secured and lessons learned for the future. However, a Chinese technology firm by the name of Sangfor recently revealed details of an unknown Windows vulnerability in Print Spooler. And, unfortunately, Microsoft hadn’t managed to patch it.

What is a Zero-Day Vulnerability?

The type of vulnerability found in Print Spooler is known as a zero-day vulnerability. This name refers to the number of days a software vendor has had to patch a vulnerability and the percentage chance that a user has of being protected. And this is why zero-day vulnerabilities are so dangerous. There is no immediate protection available, so hackers are given free rein to cause widespread chaos.

What is the Print Spooler Vulnerability?

The design of the Print Spooler vulnerability – whose exploit code was listed within Sangfor’s paper – has the potential to cause numerous issues. The specifics of this exploit allow hackers to obtain full system access privileges. This is achieved by granting them permission to load malicious drivers into any servers containing this vulnerability. With full control of an IT network, hackers can then download further malware, steal data and operate infected workstations from a remote location. And, although a patch was recently released for vulnerabilities in Print Spooler, this particular exploit was not identified by Microsoft.

How Do You Protect Against Vulnerabilities?

As of the time of this article, Microsoft do not have a patch available for what has been dubbed the PrintNightmare vulnerability. This is concerning as it provides a significant amount of risk to Windows users. While it is certain that Microsoft will release a security patch, the fact remains that – as revealed by Microsoft – attacks using this exploit have already been identified. Therefore, you need to know how to protect your IT systems:

Disable Print Spooler: In the case of the PrintNightmare vulnerability, you can eliminate the risk is by temporarily disabling the print spooler. This does, however, remove the ability for your organization to print across its network.

Monitor Network Activity: If your IT system has been exploited through a vulnerability then it’s likely there will be an increase in network activity. This will be most visible in outgoing traffic as the hackers will likely be transmitting data to a remote server. An increase in data output to an unknown location should ring alarm bells and indicate that something is wrong.

Always Install Patches: The best way to secure your IT infrastructure is to install all patches as soon as they’re available. New vulnerabilities are discovered every day, so it’s vital that you treat any newly released patches as a priority. A swift approach to these relatively hassle-free installs can be the difference between a secure system and one which is breached.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What are Zero-Day Vulnerabilities?

Backup, Ophtek, PC Security, Updates, Windows vulnerability, zero-dayOphtek, PC Security, updates, Windows, zero dayOphtek, LLC

Mar 2019

Zero-day vulnerabilities are frequently referenced in regards to PC security, but it’s also a term which most PC users will be completely unaware of.

Any vulnerability that is present in your organization’s IT network poses a significant danger to the security of your data and equipment. Educating yourself and your staff on the dangers posed by these vulnerabilities is an important security practice, so understanding what zero-day vulnerabilities are is a crucial step in securing your PCs.

To help you get started, we’ve put together a quick guide to provide you with a zero day introduction.

What Happens on Zero-Day?

The definition of a zero-day vulnerability is very simple; it’s any exploit or security bug that is present in software or hardware that isn’t patched as the software vendor isn’t aware of its existence. To be considered a true zero-day vulnerability it must also be known to hackers. And this is where it becomes a huge security concern.

With hackers aware of such an exploit (known as a zero-day exploit), they’re essentially granted free rein to continually exploit this vulnerability in the face of little opposition. Therefore, malware can be installed, data can be stolen and whole networks taken down without software vendors and customers being aware of how it’s happening.

Once the zero-day vulnerability has been confirmed and the software vendor made aware, Day Zero is established. Naturally, any period before Day Zero is highly problematic, but even the commencement of Day Zero provides little comfort. And this is because developing fixes and patches isn’t an instant process. Instead, time and effort needs to be invested in creating these patches and ensuring that customers install them as soon as possible.

What are Some Examples of Zero-Day Vulnerabilities?

Now that you understand a little more about the makeup of zero-day vulnerabilities, it’s time to consolidate that knowledge with some real life examples:

Microsoft Windows Vulnerability: Even the seasoned professionals at Microsoft are capable of falling foul to zero-day vulnerabilities with one recently being discovered in the system file Win32k.sys. The exploit can be launched by a specific malware installer and, without the relevant patch, can be considered very dangerous.
Adobe Flash Malware: Adobe have suffered numerous zero-day attacks and, in 2016, their users experienced a zero-day vulnerability packaged within an Office document. Activating this vulnerability allowed hackers to download malware to the affected PCs and begin exploiting data until Adobe hastily issued a patch.
Internet Explorer Loses Control: Microsoft was, again, victim of a zero-day vulnerability in December 2018 when their Internet Explorer app experienced a severe security risk. It’s believed that the vulnerability is exploited by directing victims to an infected website where the hackers can then assume control of the PC from a remote location.

Final Thoughts

Zero-day vulnerabilities are troubling security flaws as their very definition means that there is no immediate protection available. Accordingly, it’s important that your organization takes the following steps:

Always install all updates to ensure zero-day vulnerabilities are treated as soon as possible
Backup all data and store it correctly in the case of a zero-day vulnerability disrupting your network and productivity
Educate your staff on the dangers of zero-day vulnerabilities and ensure they’re aware of the telltale signs of infection

For more ways to secure and optimize your business technology, contact your local IT professionals.

Category Archives: zero-day

What Happens on Zero-Day?

What are Some Examples of Zero-Day Vulnerabilities?

Final Thoughts