View profile

Security Vulnerabilities, MS Exchange, CVE's, Bugs, Codevigilant and more

Anant Shrivastava
Anant Shrivastava
So I did the inevitable, I missed creating a weekly newsletter. Honestly, I was in the middle of so many things half done that I prioritized finishing those tasks before coming to the newsletter as I didn’t want to post a newsletter without full commitment just for the sake of it.

Security Vulnerabilities
It seems 2021 is running on steroid with new bugs and vulnerabilities, Things just won’t stop. I made a diagram of all things got vulnerable since 1st January 2021 till now.
Every single item in this list is vulnerable in 2021
Every single item in this list is vulnerable in 2021
Desktop software to servers to WAF to Routers every single entry in this diagram has had a vulnerability disclosed or exploited. Let me recap the security vulnerabilities / disclosures that have surfaced in last 2 weeks:
  1. VMWare vCenter RCE: Disclosure published on 24th Feb 2021, quickly followed by lots of exploits PoC, Various Check Script for blue teams also started appearing, and like clockwork everyone saw mass scan attempts
  2. Sublime Package Control: Felix Wilhelm disclosed arbitrary File write in Sublime Package Control, which is the de facto package manager for Sublime text editor.
  3. ModSecurity Core Ruleset: Disabling Request Body Access in ModSecurity 3 Leads to Complete Bypass: If you are running v3 with request body access disabled, it was possible by bypass ModSecurity completely
  4. Git clone vulnerability: technical details and github blogpost
  5. Cisco Router RCE’s
  6. Multiple RCE’s in F5 devices
  7. Dell SupportAssist Local Privilege Escalation
  8. Microsoft DNS Server RCE: CVE-2021-26897
Microsoft Exchange Vulnerability
This is one vulnerability which needs a dedicated space of its own. So in brief, Orange Tsai as usual came up with a brilliant research: this time with all fancy names and branding as well. The vulnerability is effectively a SSRF bug in the MS Exchange interface. Important thing to note in the link below is the timeline where Microsoft was aware of the bug since December 2020.
ProxyLogon
Microsoft released a patch to protect against this vulnerability, however reports started surfacing about active exploitation and then Microsoft also made a public blog post about nation state actors exploiting this flow.
Microsoft released a nmap NSE script, however keep in mind this open issue talking about inconsistent results from it. Various detailed writeups about the vulnerability are now public along with tools. I am listing them below, hoping it will be useful for people.
Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm
In other news
  1. Supply Chain Issues continue to be a pain: Attackers exploited Dependency Confusion actively in last two weeks. They targeted both pypi and npm.
  2. SITA the service provider behind STAR Alliance suffered a data breach
  3. OVH data center at Strasbourg caught fire and caused a massive outage.
All I can say now:
Source: https://imgflip.com/i/16o47h
Source: https://imgflip.com/i/16o47h
Projects
While world was busy trying to fix what’s broken. I was feverishly working on the next steps for some of my own projects.
My Blogs: I have been blogging since 2007. However, I could never maintain consistent blogging. All this while I kept blaming it on my tooling, and hence I did what I should do. To prove to myself that tooling was the issue, I ran an experiment for few months running a Hugo based blog. Experiment failed miserably, and I realized fault was not in the tooling but in my motivation.
This year I am trying to revive my old projects, while continue working on newer stuff. Part of that effort was the revival of CodeVigilant. Took the first step by porting the website over to Hugo. (yup neither leaving hugo nor wordpress)
Lets not forget my other public project HackingArchivesOfIndia. So hacking archives of India were in a frozen state for past2-3 months. I have slowly added more conference data to it. This week I have added ~20 more entries.
Hackers of India
More Readings..
This brings us to the last part, as a usual list of topics that could not be covered in this newspaper.
The Kilobyte’s Gambit ♟️💾 1k chess game
Building a High Performance Text Editor
Microsoft previews Windows Server 2022
Post-Spectre Web Development
Exploiting XPC in AntiVirus
Well, this brings us to the end of this newsletter. If the content has helped you and you feel generous, donate here. If you like what you read, please subscribe to the newsletter.
Did you enjoy this issue? Yes No
Anant Shrivastava
Anant Shrivastava @anantshri

This infrequent newsletter contains my commentary around IT (sec) topics

If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.
Bhopal, India