Hjem » Nyheter » Sikkerhetsproblemer i MMC tillate å ta kontroll over systemet

Sikkerhetsproblemer i MMC tillate å ta kontroll over systemet

The Microsoft Management Console (MMC), used by system administrators to configure and track system performance, contains a number of vulnerabilities, using which attackers can implement malware or intercept control on the attacked machine.

The vulnerability group, which includes XSS og XXE bugs, received a common identifier CVE-2019-0948. Attackers can exploit problems using the snap-in mechanism in the MMC. Snap-ins are small programs that allow customizing different aspects of the system.

In order to exploit the vulnerability, an attacker will need to create a file with the .msc forlengelse, containing specially crafted XML content, and then convince an authorized user (for eksempel, using social engineering) to import this file.

As the researchers from Check Point, who discovered the bugs, explained, an attacker can create a file with the Link to Web Address snap-in (link to a web-resource) and include a link to its own server, thus redirecting to a page with malicious code.

“We have successfully managed to insert malicious URL link that contains malicious payloads such as redirection to SMB server that will capture the user NTLM hash”, - rapport forskere.

På samme måten, an attacker can create a file with the ActiveX Control snap-in and save it as an .msc file by changing the string value in the StringsTables section to a malicious URL controlled by it.

The attacker chooses an ActiveX Control snap-in
The attacker chooses an ActiveX Control snap-in

Ifølge eksperter, MMC files are used by system administrators and are not considered antivirus software as malicious. Cybercriminals can take advantage of it to control of a PC with administrator status and further advance over the network.

The problems affect versions of Windows 7, Windows 8.1, Windows 10 og Windows Server 2008Windows Server 2019. Microsoft has already fixed vulnerabilities with the release of June service pack. For tiden, there are no cases of bugs’ exploitation.


LESE  Etter å ha oppdaget sårbarheter på Black Hat konferansen, begynte angrepene på Fortigate og puls sikker VPN-løsninger

The Microsoft Management Console (MMC) is a tool for opening, creating, and saving administration tools (called MMC consoles) that manage hardware, programvare, and network components of the MS Windows operating system.

Kilde: https://research.checkpoint.com

[Totalt:0    Gjennomsnitt:0/5]

Om Trojan Killer

Carry Trojan Killer Portable på minnepinne. Vær sikker på at du er i stand til å hjelpe din PC motstå eventuelle cyber trusler uansett hvor du går.

Sjekk også

ERosary smarte rosenkrans sårbarheter

Forskere funnet svakheter i eRosary smart kranser fra Vatikanet utviklere

Forskerne fant svakheter i eRosary smart rosenkrans, som Vatikanet utviklerne hadde tidligere innført. …

Krack for Amazon Echo og Kindle

Krack Sårbarhets Trusler Millioner av Amazon Echo og Kindle-enheter

Millioner av første generasjons Amazon Echo smarttelefoner og åttende generasjons Amazon Kindle e-bøker har vært …

Legg igjen et svar