Microsoft Identifies Four Security Vulnerabilities in OpenVPN Software
August 9, 2024
Microsoft unveiled four medium-severity security vulnerabilities in the open-source software OpenVPN, which could potentially be exploited to achieve remote code execution (RCE) and local privilege escalation (LPE). According to Vladimir Tokarev of the Microsoft Threat Intelligence Community, the exploitation of these vulnerabilities could allow attackers to gain complete control over the targeted endpoints, potentially leading to data breaches, system compromise, and unauthorized access to sensitive information. The vulnerabilities were presented at the Black Hat USA 2024 conference and require user authentication and a detailed understanding of OpenVPN's structure for successful exploitation. The flaws affect all versions of OpenVPN prior to version 2.6.10 and 2.5.10.
The vulnerabilities are located in a component called openvpnserv and the Windows Terminal Access Point (TAP) driver. The vulnerabilities can be exploited if an attacker gains access to a user's OpenVPN credentials. These credentials can be obtained through various methods, such as purchasing stolen credentials on the dark web, using stealer malware, or capturing NTLMv2 hashes from network traffic and decoding them with cracking tools like HashCat or John the Ripper.
The vulnerabilities, identified as CVE-2024-24974, CVE-2024-27459, and CVE-2024-27903, can be chained in different combinations to achieve RCE and LPE. Tokarev stated, 'An attacker could leverage at least three of the four discovered vulnerabilities to create exploits to facilitate RCE and LPE, which could then be chained together to create a powerful attack chain.' After achieving LPE, attackers could use methods like Bring Your Own Vulnerable Driver (BYOVD).
This would allow the attacker to disable Protect Process Light (PPL) for a critical process such as Microsoft Defender or bypass and interfere with other critical system processes. These actions would enable the attacker to bypass security measures and manipulate the system's core functions, further consolidating their control and avoiding detection. The article concludes by emphasizing the importance of understanding real-world threats and using tools like GenAI to protect sensitive data.
Latest News
- Unpatched Microsoft Office Flaw Could Expose NTLM Hashes
- Unpatched Office Zero-Day Vulnerability Disclosed by Microsoft
- Critical Zero-Day Vulnerabilities Identified in Cisco's End-of-Life IP Phones
- CISA Issues Warning on Active Exploits of Apache OFBiz RCE Vulnerabilities
- Critical Cisco Software Vulnerability: Public PoC Exploit Code for CVE-2024-20419 Released
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.