The vulnerability is already being exploited in attacks by highly skilled hacker groups.

The exploit was published by Privacy Piiano founder and CEO Gil Dabah, who discovered the vulnerability two years ago.

Daba said he chose not to report his discovery to Microsoft because it was very difficult to get money through its vulnerability bounty program.

The vulnerability, identified as CVE-2022-21882, could allow aт attacker to elevate his privileges on the local system.

Microsoft mentioned RyeLv as the researcher who discovered the vulnerability. The researcher submitted his description of the input type mismatch vulnerability in Win32k.sys on January 13, 2022.

Investment in the program was also the top recommendation of RyeLv’s technical analysis for Microsoft. He told how to “kill the bug class”:

Let me remind you that we also wrote that Zerodium offers up to $400,000 for exploits for Microsoft Outlook, and also that Google recruits a team of experts to find bugs in Android applications.

The post 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues appeared first on Gridinsoft Blog.

The problem was discovered by the research team of the cloud security company Wiz. Experts named the vulnerability ChaosDB and reported it to Microsoft on August 12, 2021. At the same time, according to the researchers, the vulnerability was hidden in the code “for at least several months, and possibly years.” Microsoft paid Wiz a $40,000 fee for this bug.

The bug allowed attackers to exploit a chain of bugs associated with the work of the open source Jupyter Notebook functionality, which is enabled by default and is designed to help clients visualize data.

The successful operation allowed access to the credentials of other Cosmos DB users, including the primary key that enables full and unrestricted remote access to databases and Microsoft Azure customer accounts.

Microsoft ultimately disabled the feature within 48 hours of receiving the report and notified over 30% of Cosmos DB customers of a potential security breach.

It is worth noting that since February 2021, since all new Cosmos DB instances are created with Jupyter Notebook features enabled, Cosmos DB will automatically disable Notebook functionality if it has not been used within the first three days. This is why the number of affected Cosmos DB clients is so small, it is estimated that about 70% of clients either disabled Jupyter Notebook manually or automated it. However, according to Wiz, the actual number of affected users is likely much higher given the vulnerability has been around for a very long time.

At Microsoft’s request, researchers will have publish technical information about ChaosDB, as it could help attackers develop their own exploits, but experts promise to release a detailed white paper soon.

To mitigate risk and block potential attacks, Microsoft recommends Azure customers to recreate Cosmos DB primary keys that may have been stolen before the affected feature was disabled.

According to Microsoft, there is no evidence that attackers discovered and exploited the Chaos DB vulnerability before the Wiz experts.

Let me remind you that I also talked about the fact that Microsoft Warns of New Print Spooler Vulnerability.

The post Microsoft warned of a critical vulnerability in Cosmos DB appeared first on Gridinsoft Blog.

For a successful attack on a Kindle, just one book with malicious code is enough.

The potential attack began by sending a malicious e-book to the user’s mail. After receiving such an attachment, the victim only had to open it, and this launched the exploit. No additional user permission or action was required.

Even worse, the discovered vulnerabilities allowed attackers to target a specific category of users. For example, to hack a specific group of people or demographic group, a hacker simply had to inject malicious code into a popular e-book in the corresponding language or dialect. As a result, attacks became highly targeted.

The root of the problem lay in the structure of the parsing framework, namely the implementation associated with PDF documents. The attacks were possible thanks to a heap overflow associated with the PDF rendering feature (CVE-2021-30354), which allowed arbitrary write permissions on the device, and a local privilege escalation vulnerability in the Kindle App Manager service (CVE-2021-30355), which allowed combine two vulnerabilities into a chain to run malicious code with root privileges.

The researchers reported their findings to Amazon in February 2021, and already the April update of the Kindle firmware to version 5.13.5 contained a patch (the firmware is automatically installed on devices connected to the network).

Let me remind you that Researcher Found Three Bugs Allowing Hacking Amazon Kindle also this February.

The post Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device appeared first on Gridinsoft Blog.

The vulnerability received the identifier CVE-2021-3438 and has been present in the driver code since 2005, that is, it poses a threat to hundreds of millions of devices manufactured and sold over the past 16 years.

The vulnerability is described as a buffer overflow in the SSPORT.SYS driver file.

The bug can be used to elevate privileges, that is, it can help locally installed malware to gain access at the administrator level (of course, only if a vulnerable driver is used on the system).

Experts note that on some Windows systems, the vulnerable printer driver could be installed even without the user’s awareness. This could happen if users connected one of the vulnerable printers to their PCs and the driver was downloaded via Windows Update.

Experts advise users to check lists of problem devices and, if necessary, look for updates on the manufacturer’s website.

Let me remind you that I also talked about the fact that New Issues Found with Windows Print Spooler.

The post Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers appeared first on Gridinsoft Blog.

Windows Print Spooler Service is a universal interface between OS, applications, and local or network printers, allowing application developers to submit print jobs. This service has been included with Windows since the 90s and is notorious for its myriad of problems.

In particular, vulnerabilities such as PrintDemon, FaxHell, Evil Printer, CVE-2020-1337 and even a number of 0-day bugs were associated with Windows Print Spooler, which were used in Stuxnet attacks.

The newest problem CVE-2021-1675 was discovered by experts from Tencent Security, AFINE and NSFOCUS earlier this year.

However, Microsoft updated the bug description last week to report that the issue can cause remote arbitrary code execution.

Previously, almost nothing was known about CVE-2021-1675, since experts did not publish technical descriptions of the problem or exploits for it. But last week, the Chinese company QiAnXin showed a GIF file where it demonstrated the operation of its exploit for CVE-2021-1675. At the same time, the company did not publish any technical details and the exploit itself, in order to give users more time to install patches.

However, a detailed report with a technical description of the problem has now been posted on GitHub, as well as a working PoC exploit. It looks like it was due to someone else’s error and the repository was shut down after a few hours. However, even in this short time, several other users managed to clone it.

This leaked document, written by three analysts of the Chinese company Sangfor, provides details how the experts discovered the error independently of the aforementioned experts.

Additionally, the experts explained that after QiAnXin published a demo of their exploit, they thought it was time to publish their report and PoC.

However, a few hours after this statement, the team retracted their words (it seems that the experts decided not to disclose all the details of their speech, scheduled at the Black Hat USA 2021 conference) and deleted the repository from GitHub. But it was too late, the PoC exploit became public.

Since CVE-2021-1675, which Sangfor calls PrintNightmare, affects all versions of Windows and can even affect XP and Vista when used for remote code execution, companies are strongly encouraged to update their fleet of Windows machines as soon as possible.

Let me remind you that I also talked about Microsoft fixes a bug that corrupted FLAC files.

The post Exploit for dangerous PrintNightmare problem in Windows has been published online appeared first on Gridinsoft Blog.

The bug affected several editions of Windows 10 (Home, Pro, Enterprise, Education, Pro Education and Pro for Workstations), as well as several versions (2004 and 20H2). The problem could arise when editing the metadata of FLAC files containing an ID3 frame with title and artist information before the audio file header.

The developers fixed this bug in the KB5003214 preview update released for all supported versions of Windows 10, including Windows 10 21H1, Windows 10 20H2, and Windows 10 2004.

The company also published a special PowerShell script to fix files already damaged due to this bug. Although the script will not help recover the lost metadata stored in the ID3 frame, the file will play again.

Bleeping Computer explains that in order to “fix” files, you need to do the following.

• Download the ZIP-archive with the script and extract its contents.
• Find the file FixFlacFiles.ps1, right-click on it and select the item: “Run with PowerShell”.
• When prompted, enter the name of the FLAC file that cannot be played and press Enter.

In addition, the company is investigating another issue related to audio: after the release of cumulative updates this month, Windows 10 users began to complain about high-frequency noise when using some 5.1 configurations.

A fix for this bug should appear in the near future, but for now the company recommends using the following workarounds: use a browser or another application for video and audio (instead of applications affected by the problem); temporarily disable Spatial sound in sound settings.

Let me remind you that I wrote that Windows 10 bug causes BSOD when opening a specific path.

The post Microsoft fixes a bug that corrupted FLAC files appeared first on Gridinsoft Blog.