Connect with us


Vulnerability in Secure Boot Gives Administrators Headache on Patch Tuesday



Much easier Patch Tuesday than recently, a publicly disclosed and actively exploited zero-day vulnerability in the Windows Secure Boot security feature looks set to be a constant headache for administrators and security teams.

tracked as CVE-2023-24932 — and one of two zero-day exploits in Microsoft’s May patch release on Tuesday — the successful exploitation of this bypass vulnerability, credited to ESET’s Martin Smolar and SentinelOne’s Tomer Sneor, is considered particularly dangerous.

This is because, when used in combination with boot kit known as BlackLotus to run attacker-signed code at the Unified Extensible Firmware Interface (UEFI) layer, it will run before the operating system (OS), so the attacker can then deactivate the protections to cause even more damage.

“CVE is rated ‘important’ by Microsoft’s scoring algorithms, but with confirmed exploits, you can ignore this severity rating and respond to real risk indicators,” explained Ivanti Vice President of Security Product Management Chris Gettle.

“This vulnerability requires an attacker to either have physical access or administrative permissions on the target system through which they can set a vulnerable boot policy that can bypass Secure Boot and further compromise the system. The vulnerability affects all currently supported versions of Windows OS” , – he said.

Microsoft said that while a fix for CVE-2023-24932 is provided in the current release, it is disabled by default and does not yet provide full protection, meaning that customers will have to follow a manual process to update bootable media and apply revocation before enabling the updated.

To this end, it uses a three-stage approach, the first of which is the initial release. The update release on Tuesday, July 11 will see a second release containing additional update options to simplify deployment. Finally, sometime between January and March 2024, the final release will include a default fix and force the withdrawal of Boot Manager on all Windows devices.

According to Microsoftthis is necessary because secure boot controls the bootable media that can be loaded the first time the system OS is started very precisely, so if the update is applied incorrectly, it can cause additional crashes and prevent the system from starting.

Conversation with TechTarget in the US, Gettle said, this can be a painful process, and some of them face the prospect of being “stuck for a very long time.”

Zero days

Another zero-day exploitable vulnerability fixed this month is CVE-2023-29336privilege escalation (EoP) vulnerability in Win32k attributed to Jan Wojtešek, Milanek and Luigino Camastra of Avast, but also CVE-2023-29325A critically acclaimed remote code execution (RCE) vulnerability in Windows OLE, disclosed but not yet exploited, is attributed to Will Dormann of Vul Labs.

CVE-2023-29936 does not require user interaction and can be used to gain system level privileges if successful. This affects Windows 10 and later and Windows Server 2008-2016.

“For the fifth month in a row, a privilege escalation vulnerability has been exploited as a zero-day vulnerability,” the report said. Reliable Senior Research Engineer Satnam Narang. “We expect details related to its use to be made public soon by the researchers who discovered it.

“However, it is not clear if this flaw is a bypass of the fix. We have historically seen three separate instances where Win32k EoP vulnerabilities have been exploited like zero days,” he explained. “In January 2022, Microsoft fixed CVE-2022-21882which has been exploited in the wild and reportedly fix workaround for CVE-2021-1732, which was fixed in February 2021 and has also been used in real-world situations. In October 2021, Microsoft patched another EoP Win32k identified as CVE-2021-40449which was linked to a remote access trojan known as MysterySnail which was a bypass patch for CVE-2016-3309.

“While this is a relatively rare occurrence, it is interesting to see several EoP vulnerabilities in Win32k that have been exploited as zero days that were also workarounds,” Narang said.

Meanwhile, CVE-2023-29325 is a critical vulnerability for which a proof of concept is available. It has a network attack vector and a high attack complexity, and although no special privileges are required to use it, the victim must be tricked into opening a malicious email. This affects Windows 10 and Windows Server 2008 and later.

“In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted email message to the victim,” the report said. Action1 co-founder and VP of Vulnerability and Threat Research Mike Walters.

“The victim could either open the email using a vulnerable version of Microsoft Outlook or view it in the Outlook application, thereby allowing the attacker to execute remote code on the victim’s computer.

“To mitigate the risk, Microsoft recommends the use of certain measures. In Microsoft Outlook, you should be careful when working with RTF files from unknown or untrusted sources. Another precautionary step is to read email messages in text format, which can be configured in Outlook or through Group Policy. It’s important to note that switching to a plain text format can result in the loss of visual elements such as images, custom fonts, and animations,” Walters said.

The remaining critical vulnerabilities in the May fall include five RCE vulnerabilities and one EoP vulnerability.

RCE vulnerabilities in order of CVE numbers:

  • CVE-2023-24903 in Windows Secure Sockets Tunneling Protocol (SSTP).
  • CVE-2023-24941 on Windows Network File System.
  • CVE-2023-24943 on Windows Pragmatic General Multicast (PGM).
  • CVE-2023-24955 in Microsoft SharePoint Server.
  • And CVE 2023-28283 in the Windows Lightweight Directory Access Protocol (LDAP).

Critical EoP Vulnerability – CVE-2023-29324 on the Windows MHSTML platform.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Google’s AI plans will soon sever what little human connection we still have at work.



Google I/O 2023 has come to an end and the company has shown off some exciting new hardware and exciting new features for Android devices; but the bulk of the presentation focused on how Google is integrating AI into all of its core services, from Maps to Gmail, from Docs to Photos.

Even its major Android device releases, the Google Pixel 7a, Google Pixel Tablet, and Google Pixel Fold, are not spared from ever-expanding AI integration, such as AI-crafted wallpapers and AI chat integration at your fingertips.

Continue Reading


Billions of dollars worth of renewable energy projects on hold



Major renewable energy projects are being delayed by more than 10 years as the grid reaches full capacity.

Continue Reading


This Japanese company believes that by 2027 it will be able to catch up with chip manufacturers such as TSMC.



In a letter: A little-known Japanese company, Rapidus, plans to begin mass production of 2nm chips just two years after the likes of Samsung, TSMC and Intel. Many in the industry see this as an impossible task, but one in two of the company’s executives believes it should just focus on being the first to develop new process technologies – something like TSMC. Rapidus also has the advantage of being at the center of Japan’s strategy to conquer cutting-edge semiconductors, meaning it will receive a plethora of subsidies in the coming years to fund its ambitions.

Back in 2021, the Japanese government said it would make it a top priority to reboot the local semiconductor industry, which was once the dominant force in the global market. Even though Japan has more chip factories than any other country, Japan lags behind when it comes to mass production of chips at advanced technology nodes. By comparison, Japan’s share of global semiconductor sales has declined from 50% in 1988 to 50% in 1988. 9 percent in 2022.

Meanwhile, Taiwan has become a world leader in this field, thanks in large part to TSMC. The country now produces more than half of the world’s semiconductors, and that figure is over 90 percent if you look at chips made using the most advanced technology nodes. South Korea has a much smaller share of the overall market but dominates when it comes to memory chips, thanks in no small part to companies like Samsung and SK Hynix.

However, industry veteran Tetsuro Higashi speaks he’s building a semiconductor company that could catch up with TSMC and Samsung in just four short years. Despite being 73 years old, Higashi is determined to show that Japan has what it takes to rejuvenate its chip industry and help it regain its edge.

It all started in August 2022 with the creation of Rapidus, a government-backed enterprise tasked with building a prototype 2nm class process node by the end of 2025. Those ambitions became more apparent last December when Rapidus enlisted assistance to IBM in research and development. The American tech giant has extensive semiconductor intellectual property and was the first company to introduce 2nm chips back in 2021.

Rapidus is led by two industry veterans, Tetsuro Higashi (formerly of Tokyo Electron) and Atsuyoshi Koike (formerly of Japan’s Western Digital). It is also backed by several technology and financial firms such as Kioxia (formerly Toshiba Memory Corp.), Sony, Toyota Motor, Denso, NEC, NTT, Softbank, and Mitsubishi UFJ Bank.

More importantly, the company receives significant subsidies from the government of Japan. And its partnership with the American firm represents a significant departure from Japan’s previous attitude towards working with international organizations when it comes to national efforts. As a result, Rapidus engineers are studying the 2nm process at IBM’s Albany, New York research center, and the US is acquiring a strategic semiconductor manufacturing partner.

Higashi says that Rapidus plans to have the advanced manufacturing facility fully operational by 2027. This massive undertaking will cost about seven trillion yen (about $52 billion), most of which will come from government subsidies. In terms of location, we only know that the company is targeting Chitose, a city located 36 kilometers from Sapporo, the prefectural capital of Hokkaido.

TSMC Factory in Kumamoto Prefecture | Kyodo

Choosing the right location for a chip manufacturing plant is a difficult task. Chitose has ample water and relies on renewable sources to meet its energy needs, making it a good candidate. However, most of the relevant suppliers are concentrated in Kumamoto Prefecture, so Rapidus will need to encourage their presence in Hokkaido as well. Notably, this is where TSMC is building a chip manufacturing plant as part of a joint venture with Sony.

See also: The pursuit of atoms: the art of making chips smaller

Perhaps the biggest challenge for Rapidus will be acquiring all the necessary EUV lithography equipment from ASML. Intel, Samsung and TSMC are also looking to secure EUV machines for their expansion plans, so lead times are now around two years. Luckily for Rapidus, US sanctions against Chinese semiconductor companies have blocked some orders, which could help shorten waiting times for everyone else.

Unlike other low profile chip makers, Rapidus is not interested in making chips using older and more mature technology nodes. In addition, Higashi explains that the company will not be able to compete with companies like TSMC and Samsung when it comes to production volume, so instead it will focus entirely on beating them in the transistor miniaturization race.

Building a leading semiconductor company from scratch is a bold bet, but now that Moore’s Law has slowed down, it might actually be easier to catch up with existing chip makers. We’ll have to wait and see as companies like TSMC, Samsung and Intel have deep pockets and are just as determined to take chip manufacturing to the next level as their future depends on it.

Continue Reading


Copyright © 2023 Millennial One Media.