Cybersecurity Newsletter December 2020

As cybersecurity is an evolving business challenge with new threats emerging all the time, we are focused on helping our audience stay up-to-date on current threats.

This newsletter summarises some of the recent risks threatening businesses today.

Critical Vulnerabilities Identified in VMware ESXI

 

VMware has identified the critical vulnerabilities found in the XHCI USB controller (CVE-2020-4004) and a VMX elevation-of-privilege vulnerability (CVE-2020-4005). Together, they can be used to compromise Virtual Domain Controllers running on ESXi and the issue has been classified as a critical update with CVSSv3 Range rating of 8.8 - 9.3 out of 10 in severity. 

Impacted Products:

  • VMware ESXi
  • VMware Workstation Pro/ Player (Workstation)
  • VMware Fusion Pro/ Fusion (Fusion)
  • VMware Cloud Foundation

Urgent Actions Required:

VMWare has recommended users to install the latest patch to remediate these vulnerabilities as soon as possible.

For more information, click here.

Microsoft Netlogon Vulnerability CVE-2020-1472

 

Microsoft has advised that a security vulnerability dubbed ‘Zerologon’ is a privilege-escalation glitch (CVE-2020-1472) with a Common Vulnerability Scoring System (CVSS)  score of 10 out of 10, making it critical in severity. The vulnerability has the ability to affect all currently supported Windows Servers (2008 R2 and above).

The potential attack could have a huge impact, allowing any attacker on the local network to compromise the Windows domain. The attack is completely unauthenticated: the attacker does not need any user credentials.

Remediation plans - click here.

Microsoft is addressing this vulnerability in a phased rollout. The initial deployment phase included the Windows updates released in August 2020. The second phase, planned for Q1 2021 release, will include the transition into the enforcement mode which requires all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant device.

Windows Server 2008 R2 SP1

For those servers running the end-of-support Windows Server 2008 R2 SP1, you will need an Extended Security Update (ESU) license to successfully install any update that addresses this issue. The ESU program is a last resort option for customers who need to run certain legacy Microsoft products past the end of support. It includes Critical* and/or Important* security updates for a maximum of three years after the product’s End of Extended Support date.

For more information, click here.

More Information

If you would like more information about Huon IT's Cybersecurity services, please click here. If you need any help addressing these issues within your business, please don’t hesitate to contact us or call 1300 HUON SD.