Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Microsoft Defender under active exploitation

Microsoft has fixed a serious zero-day remote access vulnerability in its Defender antivirus platform as part of its first Patch Tuesday round of bug fixes for 2021.

The vulnerability, tracked as CVE-2021-1647, is a remote code execution bug which hackers used to embed code on devices with Microsoft Defender installed, by tricking victims into opening a malicious document.

This was part of 83 bug fixes released this week across a range of Microsoft products, including Windows, Azure and other services. The tech giant also released a patch for a flaw in the Windows splwow64 services. This bug, tracked as CVE-2021-1648, could be exploited to escalate privileges.

Seven Adobe products receive Patch Tuesday treatment

Adobe Photoshop, Illustrator, InCopy, Animate, Bridge, Captivate and Campaign Classic all received eight security fixes this week as part of the company’s own round of Patch Tuesday updates.

All vulnerabilities were rated ‘critical’ apart from a privilege escalation flaw in Adobe Captivate 2019, which was deemed ‘important’. The flaws in Photoshop, Illustrator, InCopy, Animate, and two in Bridge, could all be exploited for arbitrary code execution.

The final bug, affecting Adobe Campaign Classic, is tracked as CVE-2021-21009, and can be exploited for the purposes of sensitive information disclosure.

SaferVPN flaw allows privilege escalation on Windows

The popular virtual private network (VPN) service SaferVPN is embedded with a flaw that could be exploited by hackers to escalate privileges on a victim’s Windows machine and run a malicious file.

In a Medium post, a security researcher known as nmht3t claimed he was publishing the details behind the vulnerability, as well as a proof-of-concept because SaferVPN hadn’t fixed it 90 days following disclosure.

Because low-privileged users are allowed to create folders under the C:\ drive, it’s possible for somebody to create an appropriate file path and place within it a malicious file. Once the VPN service starts, the file will load a malicious OpenSSL engine library, and allow result in arbitrary code execution on the system.

The flaw affects SaferVPN for Windows versions 5.0.3.3 through to the latest iteration, version 5.0.4.15, released on 12 January - there’s currently no patch available for this flaw.

Zero-days used to load websites with malware

Four now-patched zero-day vulnerabilities in Chrome have been flagged by Google’s Project Zero security research team as having been under active exploitation by cyber criminals during 2020.

These Google Chrome flaws were tracked as CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027. The attack itself was revealed to researchers as part of an initiative aimed at researching new ways to detect zero-day exploits in the wild.

The bugs were exploited through watering-hole attacks, which involved “highly sophisticated” attackers compromising frequently-visited websites and loading them with malicious code that installs malware on victims’ devices. The hackers targeted both Android and Windows users with the compromised sites by deploying two exploit servers, before fixes were released in February and April 2020.

Mimecast admits hackers access Microsoft accounts

Cyber criminals violated a small number of Mimecast customers’ Microsoft 365 accounts after they obtained one of the firm’s digital certificates and abused it to gain access to their user accounts.

Roughly 10% of customers use the connection involving this certificate, with no more than nine customers believed to be affected by the breach. Nevertheless, the incident represents a huge worry in light of the recent attack against SolarWinds.

As a precaution, Mimecast has asked the customers who use the affected certificate to immediately delete the existing connection within their Microsft 365 tenant, and re-establish a new certificate-based connection.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

McAfee’s MVISION XDR takes security beyond the endpoint
cloud security

McAfee’s MVISION XDR takes security beyond the endpoint

28 Jan 2021
Fears over cyber crime tool that can build phishing pages in real-time
phishing

Fears over cyber crime tool that can build phishing pages in real-time

28 Jan 2021
What is e-safety?
e safety

What is e-safety?

27 Jan 2021
Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
Hackers are actively exploiting three Apple iOS flaws
exploits

Hackers are actively exploiting three Apple iOS flaws

27 Jan 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

26 Jan 2021