Veeam Discloses Critical Backup Enterprise Manager Security Flaw
Veeam Backup Enterprise Manager users are currently being urged to update their software to the latest version following on from the discovery of a critical security flaw which can allow threat actors to bypass authentication protections. The vulnerability is being tracked as CVE-2024-29849 and has been awarded a CVSS score of 9.8. The vulnerability itself can allow an unauthenticated attacker to login to the Veeam Backup Enterprise web interface as any user they wish.
Veeam have also detailed 3 other vulnerabilities in the same product, which can be seen below:
- CVE-2024-29850 (CVSS score: 8.8), this can allow account takeover via NTLM relay
- CVE-2024-29851 (CVSS score: 7.2), this can allow a privileged user to steal NTLM hashes of a Veeam Backup Enterprise Manager service account if it’s not configured to run as the default Local System account
- CVE-2024-29852 (CVSS score: 2.7), this can allow a privileged user to read backup session logs
Veeam have stated that all of these security vulnerabilities have been addressed in version 12.1.2.172, so updating to this latest version is advised. Veeam have also stated that Veeam Backup Enterprise Manager is an optional service, so any environments that have Veeam software but don’t have the backup enterprise manager deployed are not impacted by these vulnerabilities.
The announcement of these vulnerabilities follows on from the recent patching of two major Veeam vulnerabilities. The first of these was a privilege escalation flaw affecting the Veeam Agent for Windows, tracked as CVE-2024-29853 which was given a CVSS score of 7.2. The second of these was a critical remote code execution bug which impacted the Veeam Service Provider Console. This vulnerability in particular was quite nasty, as it was caused by an unsafe deserialisation method used by the Veeam Service Provider Console (VSPC) server in communication between the management agent and its components and under certain conditions, it was possible to perform Remote Code Execution (RCE) on the VSPC server machine. This was tracked as CVE-2024-29212 and awarded a CVSS score of 9.9.
By utilising norm.’s Vulnerability Patch Management module, customers can ensure they are protected against vulnerabilities disclosed via vendor bug bounty programs.
References
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass (thehackernews.com)
Veeam Backup Enterprise Manager Vulnerabilities, CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852 (Veeam)
Veeam Agent for Microsoft Windows Vulnerability, CVE-2024-29853 (Veeam)
Veeam Service Provider Console Vulnerability, CVE-2024-29212 (Veeam)
Microsoft Patch Tuesday – A Deep Dive into CVE-2024-30051
Introduction
CVE-2024-30051 is a significant vulnerability that was addressed in Microsoft’s May 2024 Patch Tuesday. This article provides a detailed analysis of this vulnerability, its impact, and the measures taken to mitigate it.
Description of the Vulnerability
CVE-2024-30051 is an Elevation of Privilege (EoP) vulnerability in the Desktop Window Manager (DWM) Core Library in Microsoft Windows. It is a heap-based buffer overflow vulnerability that can be exploited to elevate an attacker’s privileges on a target system.
Impact
The vulnerability was assigned a CVSS score of 7.8 and is rated as important. Successful exploitation of this vulnerability could allow a local attacker to gain SYSTEM privileges. This means that an attacker could potentially take control of an affected system, leading to a wide range of impacts, from data theft to disruption of operations.
Exploitation
This vulnerability was exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. It is being used as part of post-compromise activity to elevate privileges as a local attacker.
Mitigation
Microsoft has released a patch to address this vulnerability as part of their May 2024 Patch Tuesday. Users and organisations are strongly advised to apply this patch as soon as possible to protect their systems from potential attacks.
Conclusion
CVE-2024-30051 represents a serious security threat, but prompt patching and adherence to best security practices can help mitigate the risk. It is crucial for users and organisations to stay informed about such vulnerabilities and take immediate action to secure their systems.
By utilising norm.’s Vulnerability Patch Management module, customers can ensure they are protected against vulnerabilities disclosed via vendor bug bounty programs.
References:
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) (tenable.com)
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (helpnetsecurity.com)
Patch Tuesday, May 2024 Edition (krebonsecurity.com)
Windows DWM Core Library Elevation of Privilege Vulnerability (microsoft.com)
AI in a Security Context
What is AI?
Artificial intelligence describes the technology utilised by machines to imitate human intelligence. It is often associated with deep learning and machine learning. Machine learning centres on algorithms and data, which improves the accuracy of AI by allowing it to emulate the way that humans learn. Deep learning is a part of machine learning that uses deep neural networks (programs that mimic the activity of biological neurons) to replicate human decision-making.
What is AI currently being used for?
The facial recognition capabilities of smartphones are reliant on machine learning, using a multitude of biometrics to identify a specific person. It studies and saves the facial coordinates of the user in order to unlock your phone. AI is being used by social media platforms to suggest connections and advertisements on a user-specific basis, as well as being able to monitor content. The algorithm can detect content that does not adhere to the terms and conditions by using image recognition and keyword identification.
Siri and Alexa are examples of AI digital assistants, they have the ability to create shopping lists, set alarms, make appointments and call a friend on your behalf. They use algorithmic execution and statistical analysis to understand the request and perform such activities.
The future of AI
Artificial intelligence has applications in almost every industry. Its data analysis abilities can help identify diseases at a quicker and more accurate rate and could even monitor patients through virtual assistants. Its machine-learning capabilities can detect plagiarism in educational settings, and its facial recognition can gauge a student’s feelings. The customer service industry can utilise digital assistants to automate many daily activities like placing an order, which has already been seen by some fast food chains like Chipotle, which have been testing voice assistants for phone orders since 2018.
The consequences of AI
The increasing development and prevalence of AI will have a negative impact on cyber security. The NCSC conducted an assessment of how AI would impact cyber operations and found that there will be an increase in cyber attacks and the effects of a cyber attack will be heightened due to the involvement of AI. This threat is largely attributed to the development and improvement of existing tactics, techniques and procedures. Furthermore, the utilisation of AI will increase social engineering and reconnaissance capabilities, making them more successful and harder to detect.
References:
The Future of AI: How Artificial Intelligence Will Change the World (builtin.com)
Examples of Artificial Intelligence in Everyday Life (claysys.com)
What is artificial intelligence (AI)? (ibm.com)
What is deep learning? (ibm.com)
What is machine learning? (ibm.com)
What is a neural network? (ibm.com)
8 Helpful Everyday Examples of Artificial Intelligence (iotforall.com)
The near-term impact of AI on the cyber threat (ncsc.gov.uk)
Chipotle rolls out AI for phone orders (restaurantdive.com)
Get norm.’s threat bulletin direct to your inbox
norm. tracks and monitors the latest security trends and cyber threats and collates these into a fortnightly threat bulletin.
You can receive this bulletin for free, every fortnight, by entering your business email address below: