Submission + - Critical Windows Code-Execution Vulnerability Undetected until Now (arstechnica.com) 1
joshuark writes: Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue.
EternalBlue is the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.
The latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. It is wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems.
The vulnerability is in the SPNEGO Extended Negotiation Security Mechanism, which allows a client and server to negotiate the choice of security mechanism to use. This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols.
“An attacker can trigger the vulnerability via any Windows application protocols that authenticates,” Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability. “For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop..."
Palmiotti said there’s reason for optimism but also for risk: “While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time...”
Happy Christmas!
JoshK.
EternalBlue is the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.
The latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. It is wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems.
The vulnerability is in the SPNEGO Extended Negotiation Security Mechanism, which allows a client and server to negotiate the choice of security mechanism to use. This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols.
“An attacker can trigger the vulnerability via any Windows application protocols that authenticates,” Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability. “For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop..."
Palmiotti said there’s reason for optimism but also for risk: “While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time...”
Happy Christmas!
JoshK.
CVE-2022-37958 patched in September, 2022 (Score:2)
"Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes."