Weekly threat roundup: Exchange Server, AMD CPUs, Azure Cosmos DB

Graphic showing a red unlocked padlock surrounded by blue locked padlocks
(Image credit: Shutterstock)

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Microsoft Exchange Server vulnerable to information disclosure bug

A now-patched flaw in Microsoft Exchange Server could be exploited by unauthenticated users to perform configuration actions on targeted mailboxes and leak personal data.

The vulnerability, tracked as CVE-2021-33766 and dubbed ProxyToken, lies in the platform's Delegated Authentication feature. This is a mechanism in which the front-end site passes authentication requests to the back-end system when it detects a SecurityToken cookie.

Because Microsoft Exchange must be configured to use this feature, the module that handles this often isn’t loaded, and attackers might take advantage of an effective bypass of the authentication check. This can be abused to disclose personal information, with an attacker, for example, able to copy all email addresses on a targeted account and forward these to an account they control.

Hackers exploit WebSVN flaw to launch malware

Cyber criminals are abusing a flaw in the open source web application for browsing source code, WebSVN, to deploy variants of the Mirai malware.

The critical command injection flaw tracked as CVE-2021-32305, discovered and patched earlier this year, is still being abused in unpatched versions of the application, according to researchers with Palo Alto Networks.

A proof-of-concept for exploitation was released in June, and a week later, cyber criminals seized on the vulnerability to deploy variants of the infamous Mirai distributed denial of service (DDoS) malware.

Hackers have abused this command injection flaw to download a shell script that infects a targeted system with the malware strain. From this point, they’ve used the initial attack as a platform from which to launch DDoS attacks.

AMD chips vulnerable to Meltdown-style attacks

All CPUs developed by AMD are susceptible to attacks that mirror the infamous Meltdown vulnerability identified a number of years ago that affected Intel CPUs.

RELATED RESOURCE

The essential cyber security toolkit for SMBs

Practical tips for cyber security training

FREE DOWNLOAD

Researchers at TU Dresden in Germany discovered a flaw tracked as CVE-2020-1296, which is described as “transient execution of non-canonical accesses”. When combined with specific software sequences, AMD CPUs "may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage”, according to the comapny.

The scientists who discovered the flaw also described the exploit mechanism as “very similar to Meltdown-type behaviour”.

This data leakage flaw can be exploited to access secrets stored on a computer, with all AMD CPUs affected.

‘Worst possible cloud flaw’ hits Microsoft Azure Cosmos DB

Microsoft has warned thousands of its Azure customers that hackers might have compromised their databases.

The vulnerability lies in Microsoft’s Azure Cosmos DB and allows intruders to read, alter, and delete information, according to the security researchers with Wiz.

Companies use Cosmos DB to manage massive amounts of data in real-time. The exploit, dubbed ChaosDB, was described as “the world cloud vulnerability you can imagine” with the researchers able to gain access to any customer database they wanted.

The ChaosDB exploit relies on the Jupyter Notebook feature that allows customers to visualise their data and create customised views, which was introduced to all Cosmos DBs in February. A series of misconfigurations means this feature opened up an attack vector that the researchers were able to exploit. Microsoft has turned off the feature for all accounts, and it’s now subject to a security redesign.

Keumars Afifi-Sabet
Contributor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.