Risk and vulnerability alert

HomepageBlogRisk and vulnerability alert

Category: Risk and vulnerability alert

Mynd úr gagnaveri - ís­lensk fjár­mála­fyr­ir­tæki urðu fyr­ir nokkuð um­fangs­mik­illi netárás
CategoriesRisk and vulnerability alert

Security Incidents in the past week

Security Incidents in the past week

On the 24th and 25th of August, two security incidents were disclosed by
Plex and LastPass respectively.

Plex

Security Incidents in the past week. On 24th of August this year, Plex disclosed through email, a data breach that affected most users using the platform. Around 20 million password hashes and email addresses were leaked due to this breach and it’s recommended that every Plex user change their password as soon as possible and as an extra security measure. 

We encourage double checking devices logged in or to sign out of every device after the password change.

LastPass

On the 25th of August, LastPass disclosed a partial leak of the platform’s source code and technical implementations through a breached developer account. LastPass states that no user information or data was leaked and the breach has not affected their services at all.

LastPass also mentioned that no user action is required, however we highly recommend enabling Multi-factor authentication if you have not done so already. Read more about statement from LastPass here.

It is important to always use Multi-factor authentication when available,
and these incidents serve as a cold reminder of this fact

Although data breaches continue to be a risk and something we never hope to seldom encounter, it is an unfortunate reality we must live with. As users of online services we can minimize the impact of data breaches by using password managers and unique passwords for each service, both personally and professionally. We have to keep our personal and professional information separate so that in case of a more severe breach, we and our organizations are as protected as we can be.

Image of a backlit keyboard
CategoriesRisk and vulnerability alert

Vulnerability Alert (CVE-2022-30190) – updated

Over the weekend, a serious vulnerability
(CVE-2022-30190) was discovered.

Microsoft released guidance for the vulnerability, saying the following.

 

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.

Although Microsoft has not released a patch for the vulnerability it has however released a workaround disabling MSDT.

Recommended workaround:

  1. Run Command Prompt as Administrator.
  2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename
  3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.

 

This vulnerability is particularly malicious. It can have damaging effects through something as simple as a person opening a Word document, according to Microsoft an attacker could,

 “install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights”.

It is important to note that this vulnerability is being investigated and the workaround from Microsoft hasn’t been confirmed by researchers.

For a technical review of this vulnerability we highly recommend a report by  Huntress Labs

The important facts about this vulnerability are as follows:

  • Confirmed to being actively exploited since at least April this year
  • Workaround in place although it’s effectiveness unconfirmed

We will keep an eye on how this vulnerability develops and update this post.

 

Update

Microsoft has patched this vulnerability in a security update recently published. Make sure to refer to this page for further more specific information on each operating system.