Windows and Linux Vulnerabilities Explained

, , ,

KB5012170 (Windows)

  • This is a security flaw that allows a potential hacker or penetration tester to gain system root access by overriding certain codes in BIOS that allows them to circumvent UEFI secure boot restrictions. Since this exploit targets firmware, when it’s done right, neither a system reboot nor a reinstallation of the operating system will resolve this issue. You will then need to reflash the entire bios chip.
  • The best way to circumvent and prevent this from happening is to first make sure to download BIOS update files from official websites, that is, either the motherboard or the system manufacturers’ websites. After that, you can make sure that your BIOS is up to date and is the latest version. If there are no updates, make sure to install Microsoft’s KB5012170 patch.

NULL pointer dereference (Windows)

  • This is a security flaw that requires an attacker or penetration tester to alter network packets in a certain way in an effort to cause a particular application to crash. This may not look like a huge security flaw, but if those vulnerable applications are security software such as Heimdal Kerbos, it could pose an immense threat to the system security that utilizes this application.
  • According to a Carnegie Mellon University security expert, this can be addressed temporarily by using the Heimdal master branch of beta software, but since it is still in beta, it is not yet released for the public, which means that unless you have access to the developer’s beta program, you are most likely still vulnerable with the existing stable public release.

CVE-2022-34918 (Linux)

  • This exploit exists within the Netfilter command in the Linux system’s kernels. Basically, when executed right, it could potentially be hijacked by an attacker used to escalate their system privileges to obtain root access to alter system files. This exploit, according to CVE details, has a risk score of 7.2, which is really high because it can severely compromise system integrity and/or render the system completely inoperable.
  • Unfortunately, since this is still an ongoing issue, there is no permanent fix to this exploit. But there are some safeguard methods to decrease the chance of this from happening, and that is to tread with extreme caution with the Netfilter command, especially when it comes to potential buffer overflow operations. And if possible, disable all its corresponding processes and services until an update to the Linux kernel is issued.

CVE-2022-1116 (Linux)

  • This exploit also exists within the Linux Kernel versions 5.4.24 to 5.4.189. Basically, what this exploit does is that it will allow an attacker to take advantage of the flaws that exist within the io_uring system draw call that is used to access onboard storage devices to corrupt certain memory partitions to achieve the escalation of privilege that allows it to gain system root access. According to CVE Details, due to the nature of this exploit and the fact that it requires little to no pre-existing technical knowledge or skillset to carry it out, it was rated at a very high-risk score of 7.2.
  • The remedy for this exploit is already present, and that is to stay away from the Linux kernel versions prior to 5.4.189. The current and the most recent stable release of the Linux kernel is 6.0, so as long as the Linux Kernel is up to date, you are well protected and no longer vulnerable to this exploit.

References

Microsoft (no date) KB5012170: Security update for Secure Boot DBX: August 9, 2022Microsoft Support. Available at: https://support.microsoft.com/en-us/topic/kb5012170-security-update-for-secure-boot-dbx-august-9-2022-72ff5eed-25b4-47c7-be28-c42bd211bb15 (Accessed: October 20, 2022).

Stephens, K. (2022) CERT/CC Vulnerability Note vu#730793VU#730793 – Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference. Software Engineering Institute. Available at: https://kb.cert.org/vuls/id/730793 (Accessed: October 20, 2022).

CVE Details (2022) Vulnerability details : CVE-2022-34918CVE. Available at: https://www.cvedetails.com/cve/CVE-2022-34918/ (Accessed: October 20, 2022).

CVE Details. (2022, May 17). Vulnerability details : CVE-2022-1116. Retrieved October 20, 2022, from https://www.cvedetails.com/cve/CVE-2022-1116/ (Accessed: October 20, 2022).

Leave a comment