Google Project Zero recently announced a 20 year old local privilege exploit (LPE) affecting all versions of Windows both server and client versions from Windows Server 2003 through Windows Server 2019 and Windows XP all the way through Windows 10. It takes advantage of the “ctfmon.exe” process which is a shared service for processing text input. This process doesn’t have access controls which means a malicious request to it will allow an unprivileged user to gain SYSTEM privileges. Microsoft has release a patch in their August updates.
Earlier this week the same researchers that found the original set of vulnerabilities in the Dragonfly handshake for WPA3 have found two more. I thought WPA3 would be less vulnerable than WPA2 but it seems the WiFi Alliance continues to struggle with coming up with a secure algorithm to prevent unauthorized access. The WiFi Alliance recently announced WPA3.1 which will not be vulnerable to these attacks but that’s also at the expense of backward comparability. If you are in the market now for a WPA3 enabled router I would suggest waiting a little bit longer for WPA3.1 to come out.
You may want to upgrade to iOS 12.4 which patches four out of five vulnerabilities. The remaining one hasn’t been disclosed to Apple so there’s a possibility they will be release an update to iOS which will patch it.
This was just in a SANS AtRisk email that I’m subscribed to. If you are using this VPN appliance please be aware of this format string vulnerability. It’s both pre-auth and also capable of remote code execution (RCE). Palo Alto was already aware of this vulnerability internally and they patched the vulnerability, begining with PAN-OS v9.0, which is now shipping with this appliance. However the appliance bought before the patch was made are most likely still running a vulnerable version of PAN-OS so please update to the latest version of PAN-OS:
Reading the write up on this vulnerability and current PoC exploits it looks like this is at most an annoying DoS that won’t lead to remote code execution at least:
If you are using any major Linux distribution you should patch now. There’s a remotely exploitable condition in any Linux Kernel (such as Fedora, Debian, Ubuntu, and others) that is prior to 5.0.8. It’s got the potential for being exploitable, but thankfully it’s fairly difficult the gain code execution but not impossible.
Microsoft has issued a warning regarding a pre-auth bug that could potentially be used for another worm, like WannaCry. It affects Windows XP-8.1 clients and Windows Server 2003-2008R2.
Microsoft release 70 patches and updates this “Patch Tuesday” including two local privilege (LPE) escalations that affected all versions of Windows.
Security researchers have already found a vulnerability in the way that WPA3 negotiates with the clients to set up the encryption, making the scheme more fragile than initially thought:
Splunk Enterprise version 7.2.4 custom application remote code execution exploit using a persistent backdoor with a custom binary payload.