Breaking Microsoft news for their users. Last update from Microsoft should to protected users from cybercriminals
Microsoft's monthly Patch Tuesday security updates always attract a lot of attention. However, the focus is always on the Windows operating system itself. Now, two zero-day Windows vulnerabilities are actively exploited by cybercriminals. This month, attackers begin to attack more and more users. The fact is that due to the introduction of quarantine and self-isolation, people often use the OneDrive service. That is the main vulnerability for users.
New vulnerability CVE-2020-0935.
According to Microsoft, the vulnerability in CVE-2020-0935 is a risk associated with the functions that OneDrive uses to process symbolic links. If this vulnerability is successfully exploited, an attacker could gain control of the Windows system.
What are symbolic links?
Microsoft explains that there is a risk if the OneDrive desktop version of Windows “does not correctly handle symbolic links.” But what exactly does this mean? According to Chris Hass, director of information security and research at Automox, symbolic links are “file system objects that point to another file system object”. According to Hass, “an attacker gaining access to an endpoint can use OneDrive to overwrite the target file, which will lead to control of the Windows system.”
What if an attacker has already gained access?
The fact is that an attacker needs to log in to Windows before he can perform any action. The scope of this problem is currently limited. Therefore, it is rated as important, not critical. But this does not mean that the problem cannot affect many users. The fact that if an attacker manages to gain access to your computer does not mean that he can do much. The activity of the attacker will be what kind of control he managed to gain.
“The fact is that control over Windows allows an attacker to further compromise the system and perform the necessary actions. These kinds of actions may require higher privileges to use the system in order to be able to perform them. For example, an attacker could gain access to personal or confidential information that was previously unavailable. ”
What to do now?
The answer is to install the update, although it is highly likely that a copy of the OneDrive desktop app on Windows will update on its own. Ivanti Senior Product Manager, Todd Shell explains:
“OneDrive has an upgrade function that periodically checks and updates the OneDrive binary. Therefore, most customers should already be protected from this vulnerability automatically.
An exception is when there are problems with the network that prevent the loading of additional protection. In this case, Microsoft recommends that users download and install the updated binary file on their own.
Users who work remotely are in great danger.
In addition to the wider use of collaboration tools, such as scaling, which many might not have used before starting work from home, you also need to properly monitor security and other work tools. OneDrive is an integral part of many Microsoft accounts. Not all users will pay for the OneDrive additional storage, but more and more people will use it while working at home. ESET Cybersecurity Specialist Jake Moore explains:
“The fact is that many users use online storage tools more often than ever before. Therefore, we all must first think about the security of the platforms used. ”
Jake Moore also adds:
“People quickly forget about protecting their data. Therefore, applications and platforms need to focus on ease of use, as more importance is attached to functionality. Although Microsoft has identified this threat as important, it may ultimately become critical. ”