Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Microsoft identifies four OpenVPN flaws that can lead to RCE and LPE
Global Security

Microsoft identifies four OpenVPN flaws that can lead to RCE and LPE

AdminBy AdminAugust 9, 2024No Comments3 Mins Read
OpenVPN
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 9, 2024Ravi LakshmananVulnerability / Network Security

OpenVPN

Microsoft on Thursday disclosed four medium-severity security flaws in its open-source OpenVPN software that could be combined to achieve remote code execution (RCE) and local elevation of privilege (LPE).

“This chain of attacks can allow attackers to gain complete control over targeted endpoints, potentially leading to data leakage, system compromise, and unauthorized access to sensitive information,” Vladimir Tokarov of the Microsoft Threat Intelligence Community. said.

However, the exploit presented by Black Hat USA 2024 requires user authentication and a deep understanding of OpenVPN’s inner workings. The vulnerabilities affect all OpenVPN versions up to 2.6.10 and 2.5.10.

Cyber ​​security

The list of vulnerabilities is as follows –

  • CVE-2024-27459 – Stack Overflow Vulnerability leading to Denial of Service (DoS) and LPE in Windows
  • CVE-2024-24974 – Unauthorized access to a channel named “\\openvpn\\service” on Windows, which allows an attacker to remotely interact with and execute operations on it
  • CVE-2024-27903 – Vulnerability in the plugin engine leads to RCE on Windows and LPE and data manipulation on Android, iOS, macOS, and BSD
  • CVE-2024-1305 – Memory overflow vulnerability leading to DoS in Windows

The first three of the four flaws are in a component called openvpnserv, and the last one is in the Windows Terminal Access Point (TAP) driver.

OpenVPN

All of the vulnerabilities can be exploited once an attacker has access to an OpenVPN user’s credentials, which in turn can be obtained through a variety of methods, including purchasing stolen credentials on the dark web, using hijacking malware, or eavesdropping on network traffic to capture hashes NTLMv2 and then use cracking tools like HashCat or John the Ripper to decrypt them.

The attacker can then combine different combinations – CVE-2024-24974 and CVE-2024-27903 or CVE-2024-27459 and CVE-2024-27903 – to achieve RCE and LPE, respectively.

Cyber ​​security

“An attacker could use at least three of the four identified vulnerabilities to create exploits to facilitate RCE and LPE, which could then be combined into a powerful attack chain,” Tokarov said, adding that they could use techniques such as Bring your vulnerable driver (BEUD) after reaching the LPE.

“With these techniques, an attacker can, for example, disable Protect Process Light (PPL) for a critical process such as Microsoft Defender, or bypass and interfere with other critical processes on the system. These actions allow attackers to bypass security products and manipulate key system functions, further strengthening their control and avoiding detection.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.