Microsoft Windows & Office ‘Follina’ Zero-day Vulnerability

Back at the beginning of April several researchers came across a unique attack which overrides Microsoft’s Protected View and anti-malware detection. The vulnerability which Microsoft initially ignored until the following month (May 2022) exploits via Word and plain TxT documents sent to the victims system as an attachment, usually via an email, however whereas in the past the victim would have needed to open the document for the malicious code to install itself on the victim’s computer, the Follina attack does not require it to be opened.

One of the researchers, Kevin Baumont said: “The document uses the Word remote template feature to retrieve an HTML file from a remote web server, which in turn uses the ms-msdt MSProtocol URI scheme to load some code and execute some PowerShell”. “That should not be possible.”

And even if your Office macros are disabled attackers are still able to exploit the vulnerability. The affected Microsoft versions are Office 2013, 2016, 2019, 2021 and Microsoft 365.

Twitter user @crazyman_army disclosed the vulnerability to Microsoft on 12th April, however Microsoft decided it wasn’t a real concern or security threat. Kevin Beaumont believes that Microsoft did try to fix Office 365 Insider channel, without documenting a CVE (Common Vulnerabilities and Exposures report) or writing it down anywhere, which companies generally do when the issue is so big they wish to keep it away from the general public.

Serious Netgear Router Vulnerabilities that Can’t Be Fixed

Two of Netgears most popular home-working and business devices, the BR200 and BR500 VPN routers advertised as being ultra secure with seamless access to the internet and corporate networks when working in the office, at home or overseas, are far less secure than touted to be, worse yet the vulnerabilities are unfixable.

Though both routers have been sold in their millions over the past few years and continue to be sold, it is unknown how long the threat has been known about, and though we should at the very least commend Netgear for making a public statement about the now known vulnerabilities, as it’s a lot more than the likes of Apple, Microsoft or Tesla would own up to, it doesn’t help their cause, Netgear did carry out a vulnerabilities report but chose not to share the results from their findings, it must have been pretty damning! Instead security researcher Joel St. John whos team carried out the research was asked to put out a statement instead, Joel said:

“In order to be exploited, these vulnerabilities require the computer managing the router to visit a malicious website or click a malicious link while accessing the router’s management GUI,”

“Do not visit any unknown or suspicious links either in a browser or email client. Close all other browser tabs other than the router’s management GUI. Make sure that you log out when you are not actively managing your router,”

Now that’s all well and good if you are likely to visit dodgy websites or click on dodgy links in spam emails, which I think the majority of us know not to do, the reality is the magnitude of the issue is far greater than Netgear are willing to to let on, as we are aware with the recent Microsoft Teams vulnerability it’s very easy to mistakenly open a link that was shared from a colleague via their compromised Team’s and 365 accounts.

Netgear did go on to recommend that owners of the BR200 and BR500 should use VLANs (Virtual Local Area Network) to reduce their risk and isolate the network, but as many will know VLANs come with a whole host of disadvantages as well, such as packet data being injected with malicious code leading to cyberattacks, packet data being leaked and the need for additional routers to control the workloads on larger networks.

Our advice would be to simply replace the router for a secure one.

Critical Flaw In All Bluetooth Low Energy (BLE) Devices

Bluetooth Low Energy (BLE) formerly known as Bluetooth Smart was designed to be used for a multitude of short range connected applications within fitness, home entertainment, healthcare, you name it, and due to its low energy use it has become the most popular form of Bluetooth technology for virtually everything for the home and office, devices including security from alarm systems, control systems, vehicle controls, smartphones… and laptops, however BLE was not designed for use in critical systems such as smart locks, but as their range is no more than 100m it was assumed that it was highly unlikely hackers would consider targeting such devices from many miles away. Well that certainly isn’t the case.

UK based NCC Group who specialise in cyber security among many things discover while conducting the world’s first link layer attack on BLE that it was possible to connect to any device and take control of it from anywhere in the world. Principal Security Consultant and Researcher, Sultan Qasim Khan, who conducted this research said: “What makes this powerful is not only that we can convince a Bluetooth device that we are near it, even from hundreds of miles away, but that we can do it even when the vendor has taken defensive mitigations like encryption and latency bounding to theoretically protect these communications from attackers at a distance,”

“All it takes is 10 seconds and these exploits can be repeated endlessly.”

“This research circumvents typical countermeasures against remote adversarial vehicle unlocking, and changes the way engineers and consumers alike need to think about the security of Bluetooth Low Energy communications,”

“It’s not a good idea to trade security for convenience, we need better safeguards against such attacks.”

You can read more on NCC Groups findings HERE

The long and short of it is the technology is not safe and there isn’t currently any means to protect it.

If you would like to find out how we can help you to better protect your systems then simply call us today on 01737 824 003, or email us at support@tlptech.co.uk