Microsoft Identifies Four Security Vulnerabilities in OpenVPN Software

August 9, 2024

Microsoft unveiled four medium-severity security vulnerabilities in the open-source software OpenVPN, which could potentially be exploited to achieve remote code execution (RCE) and local privilege escalation (LPE). According to Vladimir Tokarev of the Microsoft Threat Intelligence Community, the exploitation of these vulnerabilities could allow attackers to gain complete control over the targeted endpoints, potentially leading to data breaches, system compromise, and unauthorized access to sensitive information. The vulnerabilities were presented at the Black Hat USA 2024 conference and require user authentication and a detailed understanding of OpenVPN's structure for successful exploitation. The flaws affect all versions of OpenVPN prior to version 2.6.10 and 2.5.10.

The vulnerabilities are located in a component called openvpnserv and the Windows Terminal Access Point (TAP) driver. The vulnerabilities can be exploited if an attacker gains access to a user's OpenVPN credentials. These credentials can be obtained through various methods, such as purchasing stolen credentials on the dark web, using stealer malware, or capturing NTLMv2 hashes from network traffic and decoding them with cracking tools like HashCat or John the Ripper.

The vulnerabilities, identified as CVE-2024-24974, CVE-2024-27459, and CVE-2024-27903, can be chained in different combinations to achieve RCE and LPE. Tokarev stated, 'An attacker could leverage at least three of the four discovered vulnerabilities to create exploits to facilitate RCE and LPE, which could then be chained together to create a powerful attack chain.' After achieving LPE, attackers could use methods like Bring Your Own Vulnerable Driver (BYOVD).

This would allow the attacker to disable Protect Process Light (PPL) for a critical process such as Microsoft Defender or bypass and interfere with other critical system processes. These actions would enable the attacker to bypass security measures and manipulate the system's core functions, further consolidating their control and avoiding detection. The article concludes by emphasizing the importance of understanding real-world threats and using tools like GenAI to protect sensitive data.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.