Recent discoveries in enterprise security have unveiled critical vulnerabilities affecting Microsoft’s SharePoint and Linux systems. These findings highlight the ongoing challenges in protecting digital infrastructures against sophisticated attacks.
SharePoint Vulnerabilities Uncovered
A pair of vulnerabilities in Microsoft’s SharePoint were identified by Khoa Dinh and his team at Viettel Cyber Security during the Pwn2Own competition in Berlin in May. These weaknesses were demonstrated successfully and subsequently addressed by Microsoft during their Patch Tuesday updates in July. The exploit chain involved manipulating the SharePoint endpoint /_layouts/15/ToolPane.aspx, allowing attackers to bypass authentication and execute remote code with a single request.
The exploit specifically targeted the authentication and validation checks within the SharePoint code. By crafting a URL with specific parameters, attackers could set the DisplayMode to Edit while circumventing authentication checks. This manipulation allowed for the specification of a form parameter, MSOTlPn_DWP, which needed to correspond to a valid file on the server. This vulnerability granted access to all internal controls on the SafeControls list.
Following the identification of the flaws, which were found in the wild on July 19, 2023, Microsoft confirmed their existence and issued an emergency patch the following day. The exploitation appears to be linked to a group of Chinese threat actors, with reports indicating that over 400 systems worldwide have been compromised.
Linux Initramfs Security Risks
In a separate security concern, a new attack targeting the initramfs on Linux systems has come to light. This vulnerability exploits the fact that the initramfs image, crucial for the boot process, is not signed. This allows attackers to modify it if they gain access to a debug shell, which can be launched after multiple incorrect decryption attempts.
The research indicates that many Linux distributions provide a debug shell when the wrong encryption password is entered several times. An attacker could leverage this to initiate a quick “evil maid” attack, gaining access to the initramfs and potentially installing a malicious version.
Clear Linux Ceases Maintenance
In a related development, Clear Linux, an operating system developed by Intel, has announced that it will no longer be maintained as of July 18, 2023. This decision follows a series of departures among Linux engineers at Intel and has raised concerns among users who relied on Clear Linux for various applications, including production environments. The abrupt cessation of updates and security fixes has left users scrambling to transition to a supported Linux distribution.
Malware Exploits Accessibility Features
A recent report from Akamai has highlighted the emergence of malware named Coyote, which exploits accessibility features in Windows to gather sensitive user information. A particular strain targeting Brazilian users employs the Microsoft UI Automation (UIA) framework, allowing the malware to easily extract data from running applications. Akamai researchers have been monitoring this threat and continue to urge vigilance in defending against such attacks.
As the landscape of cybersecurity evolves, the importance of maintaining robust security protocols cannot be overstated. These incidents underscore the need for organizations to stay vigilant and proactive in addressing potential vulnerabilities before they can be exploited.
