About Us

Microsoft, CISA recommend Mitigations for Zero-Day RCE vulnerability in Windows

Microsoft and government cybersecurity authorities are recommending businesses to implement mitigations to prevent a zero-day remote control execution (RCE) vulnerability in Windows operating systems cybercriminals to create malicious Microsoft Office documents.

Microsoft released a statement on their website –

“Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”

Vulnerability Management – Insights

The process of identifying, analyzing, classifying, and remediating vulnerabilities depending on the risk they constitute to an organization is known as vulnerability management (VM). A vulnerability scanner is the key technical component of this procedure since it detects resources connected to a company’s network and assesses them for vulnerabilities.

Vulnerability scanner scans a computer system for known vulnerabilities such as unsecured software setups, open ports and malware infection susceptibility. A zero-day vulnerability is one that is unknown or brand new. For cyber attacks and security breaches, exploiting flaws in operating systems, devices, browsers, and third-party applications to infect end-user devices is the first step. Identifying and repairing these vulnerabilities before cybercriminals can exploit them is a preventive security technique that should be included in any security program.

The Elements of Vulnerability Management are –  

Plan: Initiate by specifying the scope of the vulnerability management system, including what will be scanned and how it will be scanned. Security teams need to decide the frequency of scanning. Security teams must decide which resources are the most important and who has authority over them.

Scan: An organization’s entire network is scanned for vulnerabilities, insecure devices and software setups, compliance with security regulations. Internal scanning evaluates the cybersecurity of an organization’s network inside the firewall, whereas external scanning is done from the outside. Scanning both internally and externally provides a complete picture of risks.

Remediate: Remediation priorities are set based on the severity of the threat and importance of the resource for an organization, and then it is assigned to an employee who will be remediating the vulnerability. Low-level vulnerabilities are resolved after high or critical vulnerabilities.

Track Progress: Company needs to check the success of its vulnerability management programme. To do this companies, need to define a baseline, set success indicators, and track progress towards their goals. Companies need to improve their vulnerability management system, so they need to add the latest or newly discovered zero-day vulnerabilities to their database.

Proof of Concept

This proof-of-concept helps to understand the technical and financial implications of the vulnerabilities. It also helps in remediating vulnerability.

Risk Scoring

Thousands of vulnerabilities are discovered in an organization. They need an advanced risk rating algorithm to figure out which systems to patch first for effective prioritization. To automate the prioritising of vulnerabilities, the risk score should include threat parameters such as exposure to exploits and viruses, duration of vulnerability.

Scalability

As a company grows, so should its vulnerability management solution’s capacity. Companies should be able to increase capacity at small expenses by adding scan engines to their current solution. The solution vendor should have expertise with similar-sized installations in larger environments. 

Report Customization and Consolidation

Security teams can centrally manage prioritisation and remediation across the firm’s entire network, as well as monitor security risk and compliance trends, by combining data reports collected from each scan engine. On a single dashboard or user interface, the VM solution displays vulnerabilities, customizations, policy compliance, and other asset information like installed software. 

Bug Bounty and Vulnerability Disclosure Programs

Official vulnerability disclosure programs and policies define parameters for security researchers, obligate businesses to avoid legal action if others follow their rules and provide instructions on how to report vulnerabilities discovered. Some organizations offer monetary or other initiatives to promote responsible security researchers to work in good conscience. The incentives are commonly referred to as the “bug bounty” program. Several specialized organizations that are well-known in the security researcher community provide bug bounty program management and support services. Following the discovery of a vulnerability, companies generally issue a software patch or other fix.

The majority of cyber-attacks happen because there is a flaw or vulnerability in the software. Identifying vulnerabilities and fixing them is a crucial step. 100% secure software doesn’t exist thus finding the flaws and fixing them is a continuous process that improves software security. Hence vulnerability management solutions’ cyber security market share is increasing.

Newly Discovered Dell BIOS Bugs Impact 129 Models around 30 Million PCs

After uncovering various vulnerabilities that might allow attackers to execute arbitrary code in Dell PC’s BIOS, security researchers have warned that 129 models and at least 30 million Dell PCs could be at risk.

Eclypsium Discovered the security flaw in the BIOS system and they stated “Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls.”

“The Eclypsium team has coordinated with Dell PSIRT throughout the disclosure process. Dell has issued a Dell Security Advisory and is scheduling BIOS/UEFI updates for affected systems and updates to affected executables from Dell.com” mentioned Eclypsium.

“These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls. As attackers increasingly shift their focus to vendor supply chains and system firmware, it is more important than ever that organizations have independent visibility and control over the integrity of their devices,” said Eclypsium.