Tech News

New Zero-day Vulnerability in Windows Systems

Security researcher John Page has found a zero-day vulnerability in Windows that could allow a remote attacker to compromise Windows machines and execute arbitrary code.

"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows," wrote Page.

However, there is a catch. "User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file," he further added.

The flaw exists in the processing of vCard files, but a hacker can disguise anything in the vCard to embed a compromised link. If any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.

For those who don't know, vCard is a VCF file format used for storing contact information. Microsoft Outlook supports vCard.

Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt

New Systemd Vulnerability Affects Most Mainstream Linux Distributions

Security researchers at Qualys have discovered three new vulnerabilities in systemd, the init system for Linux-based operating systems.

The vulnerabilities (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866) resides in the systemd-journald service and could allow an attacker to gain root access on the targeted systems.

"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on AMD64, on average," the researchers wrote.

Qualys said that all systemd-based Linux distributions are affected by the vulnerability except for SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29. These distributions compile their userspace code with GCC's -fstack-clash-protection.

No patches have been released by Red Hat or Canonical to fix these vulnerabilities.

Source: https://www.qualys.com/2019/01/09/system-down/system-down.txt

SQLite Database Vulnerable

The Tencent Blade security team has discovered a vulnerability in the immensely popular open source SQLite database engine. Tencent is one of the three Chinese giants known as BAT (Baidu, Alibaba, and Tencent).

"This vulnerability can be triggered remotely, such as accessing a particular web page in a browser, or any scenario that can execute SQL statements," said a Tencent blog post.

Because SQLite is one of the most widely used databases, touching all modern applications, this vulnerability affects a wide range of the user base.

According to ZDNet, "Firefox and Edge don't support this API, but the Chromium open-source browser engine does. This means that Chromium-based browsers like Google Chrome, Vivaldi, Opera, and Brave, are all affected." That said, Firefox is affected because it comes with a locally accessible SQLite database, allowing it to be exploited locally, but not remotely.