Bad Neighbor

Microsoft's October Patch Tuesday was less than a week ago, and we're already seeing a tremendous bump in related exploit activity. Researchers are predicting a surge in exploitation for CVE-2020-16898, a possible RCE entry point involving improperly handled ICMP version 6 Router Advertisements. This vulnerability, now being called Bad Neighbor, affects the Windows TCP/IP stack in many versions of Windows 10 and Windows Server 2019.

Exploiting this vulnerability could be as simple as sending a carefully crafted packet to a target machine, so representatives from Microsoft are advising anyone using an affected system version patch immediately.

Election Security

A new plot line for the vulnerabilty we just can't stop talking about, ZeroLogon, is currently unfolding in our nation's Election support systems. The FBI and CISA have recently published a joint advisory warning concerning the vulnerability's prevalence in election infrastructure. The agencies warn that APT groups are using this vulnerability to gain access to some of the nation's most critical election systems. Their report goes on to explain how attackers are chaining together other vulnerabilities, like gaining a foothold through VPN exploits and then using ZeroLogon for post exploitation. The FBI does not currently believe the integrity of the election is at stake, but warns that critical election systems will likely continue to be targeted through the upcoming November elections.

BleedingTooth

Last, but not least, Google and Intel have released details on a new vulnerability with an interesting name, BleedingTooth, which affects Linux Kernel versions prior to 5.9 that support the BlueZ kernel. The vulnerability is currently being investigated as an entry point to IoT devices, but any affected system with a bluetooth interface could be in trouble as well.

According to a post in Google's security research repo on Github, "A remote attacker in short distance, knowing the victim's bluetooth address can send a malicious L2cap packet and cause denial of service or possible arbitrary code execution with kernel privileges". They go on to say that malicious bluetooth chips can trigger the vulnerability as well.

Intel, who has recently invested heavily in BlueZ, has urged users to upgrade to a kernel version 5.9 or later. You can check out Google's proof of concept exploit for the BleedingTooth vuln, or read up on CVE 2020-12351 for more information.

That just about wraps it up for today's attempt at making CISOs cry, please join me again next time for the Daily Vuln.

This podcast is powered by Pinecast.