Microsoft issues Windows warning, Windows log used to hide malware and why you should tighten cloud security.
Welcome to Cyber Security Today. It’s Friday September 10th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Windows administrators should pay attention to a warning issued this week for a remote code execution vulnerability. The problem is in a bug in a browser rendering component called MSHTML. That gets tripped when a victim opens a malicious Microsoft Office document. Inside the document is an ActiveX control that leverages the bug to give an attacker unrestricted access to their computer. From there the attacker can download malware and do all sorts of nasty things. If your firm doesn’t use Internet Explorer you won’t be hit. If you do use Internet Explorer consider disabling the installation of all new ActiveX controls. Some antivirus products might catch this attack.
Researchers at security firm Huntress issued this advisory, saying Microsoft’s workaround is not effective in all cases.
Meanwhile FireEye’s Mandiant threat intelligence team has discovered a new malware family that leverages a flaw in Windows’ Common Log File System, or CLFS. Briefly, an attacker using this technique can hide registry change data as log records. It works because the CLFS file format isn’t widely used or documented, so there are no tools for parsing these log files. One threat researcher was quoted as saying this is like an attacker finding an obscure haystack to hide a needle in. There’s a link in the text version of this podcast to the Mandiant report with advice to threat hunters on combing through CLFS for signs of this malware.
Palo Alto Networks’ Unit 42 threat intelligence team has identified what it says is the first known vulnerability that could enable one user of Microsoft’s Azure Container-as-a-Service platform to break out of their environment to attack users in the same cloud service. Cloud environments are supposed to be built so Company A’s service on a cloud platform can’t be used to attack Company B on the same platform. Microsoft quickly fixed this problem. But, say, researchers, this highlights the need for cloud users to take a defence-in-depth approach to securing cloud workloads.
Finally, organizations that use ManageEngine’s ADSelfServicePlus for password management are being warned to update to the latest build. This is because a serious vulnerability has been found
Later today the Week in Review podcast will be out. I’ll be talking with Terry Cutler of Montreal’s Cyology Labs about more ways to combat ransomware.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon