fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Shares Mitigation for Office zero-day Exploited in Attacks

Microsoft Shares Mitigation for Office zero-day Exploited in Attacks

Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely.

The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group.

Microsoft is now tracking it as CVE-2022-30190. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+).

As security researcher nao_sec found, it is used by threat actors to execute malicious PowerShell commands via MSDT in what Redmond describes as Arbitrary Code Execution (ACE) attacks when opening or previewing Word documents.

“An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application,” Microsoft explains.

Also Read: PDP Act (Personal Data Protection Act) Laws and Regulation

“The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”CVE-2022-30190 exploitation demo (Will Dormann)

Workaround available

According to Redmond, admins and users can block attacks exploiting CVE-2022-30190 by disabling the MSDT URL protocol, which malicious actors use to launch troubleshooters and execute code on vulnerable systems.

To disable the MSDT URL protocol on a Windows device, you have to go through the following procedure:

  1. Run Command Prompt as Administrator.
  2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt ms-msdt.reg
  3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f

After Microsoft releases a CVE-2022-30190 patch, you can undo the workaround by launching an elevated command prompt and executing the reg import ms-msdt.reg command (filename is the name of the registry backup created when disabling the protocol).

Microsoft Defender Antivirus 1.367.719.0 or newer now also comes with detections for possible vulnerability exploitation under the following signatures:

  • Trojan:Win32/Mesdetty.A
  • Trojan:Win32/Mesdetty.B
  • Behavior:Win32/MesdettyLaunch.A
  • Behavior:Win32/MesdettyLaunch.B
  • Behavior:Win32/MesdettyLaunch.C

While Microsoft says that Microsoft Office’s Protected View and Application Guard would block CVE-2022-30190 attacks, CERT/CC vulnerability analyst Will Dormann (and other researchers) found that the security feature will not block exploitation attempts if the target previews the malicious documents in Windows Explorer.

Also Read: What Does Resolution Of Data Really Means

Therefore, it is also advised to disable the Preview pane in Windows Explorer to also remove this attack vector.

According to Shadow Chaser Group’s crazyman, the researchers who first spotted and reported the zero-day in April, Microsoft first tagged the flaw as not a “security-related issue.” Still, it later closed the vulnerability submission report with a remote code execution impact.

The first attacks exploiting this zero-day bug began over a month ago using invitations to Sputnik Radio interviews and sextortion threats as lures.

BleepingComputer has reached out to Microsoft for more info on this vulnerability (jokingly dubbed by Follina) and to ask why it wasn’t considered a security risk. We are yet to receive a reply, but we will update the article as soon as the company shares a statement.

Update: Added more info on lures used in April attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us