Weekly threat roundup: Zyxel, Samsung Galaxy, Windows 10

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Admin-level backdoor in Zyxel’s VPNs

The Zyxel company logo as seen on its website through a magnifying glass

Zyxel customers are being urged to upgrade the firmware of their virtual private network (VPN), firewall, and access point controller products due to a serious hardcoded credential vulnerability.

Assigned CVE-2020-29583, the now-patched vulnerability essentially served as a backdoor account using a username and password that were both visible in plain text within Zyxel system binaries that run firmware version 4.60 Patch0. This ‘zyfwp’ account was included to deliver automatic firmware updates, although an individual could exploit the embedded flaw to gain root access to the Zyxel device, according to researchers with Eye Control.

The flaw affected dozens of individual products, with businesses using the company’s VPNs, firewalls, and access point controllers being urged to install version 4.60 Patch1 as soon as possible.

Samsung Galaxy fingerprint glitches return

A smartphone with a fingerprint scanner displayed on the screen

The latest Samsung Galaxy Note 20 series was embedded with a fingerprint scanning flaw that mirrored the alarming 'fake fingerprint' vulnerability in Samsung Galaxy S10 and Note 10 devices.

A firmware update released this month patched a number of vulnerabilities, including SVE-2020-19216, branded ‘false recognition of fingerprint scanner’. According to the description, the flaw centred on odd behaviour centred on the smartphone’s screen protector resulting in a high false recognition rate.

There’s nothing in the patch notes that suggest the flaw led to a higher ‘false acceptance rate’, which was the problem plaguing the previous generation of Samsung Galaxy devices. These problems were so severe that major banks, such as Nationwide and Natwest, withdrew biometric support for their apps on affected devices until the issues were resolved.

Windows 10 escalation of privilege flaw

The Windows key being pushed on a blue laptop

On Christmas Eve, Google’s Project Zero security team published the details around a severe elevation of privilege flaw in Windows 10 that has been exploited in the wild.

The privilege of escalation vulnerability was first disclosed to Microsoft on 24 September, although it was eventually disclosed publicly after the 90-day window elapsed, even though a patch had yet to be released.

The flaw involves the ‘splwow64’ process and can be exploited if an attacker sends a local procedure call (LCP) message from another low-intensity malicious process. This would allow them to write arbitrary values to an arbitrary address in splwow64’s memory space.

The researcher behind the disclosure, Maddie Stone, said the original issue, assigned CVE-2020-0986, wasn’t properly fixed when Microsoft first attempted to patch it in June 2020, and that attackers only needed to make a few tweaks to continue to exploit the flaw, now identified as CVE-2020-17008. It’s expected that a patch will be available in the next patch Tuesday round of fixes.

TCP/IP flaws expose IoT and OT systems

Dozens of vulnerabilities are embedded in millions of internet of things (IoT) and operation technology (OT) systems, according to a report published in December by Forescout Research Labs.

The findings identified 33 flaws in four TCP/IP stacks, dubbed AMNESIA:33, leaving products belonging to more than 150 vendors compromised. Analysis has found the TCP/IP stacks are vulnerable across the board, with many of these flaws arising from bad software development practices. Feature-rich protocols, such as DNS, are also particularly affected.

Despite its claims that millions of devices are affected, the researchers added that it’s difficult to determine which devices are affected because of the complexity of IoT and OT supply chains.

However, some mitigating actions can be taken, such as disabling or blocking IPv6 traffic when it’s not needed since a handful of the flaws relate to IPv6 components. Devices should also be configured to rely on internal DNS servers as much as possible. Businesses should, finally, monitor network traffic for malformed packets.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Best free malware removal tools 2021
Security

Best free malware removal tools 2021

5 May 2021

Most Popular

Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021