On September 25th, 2024, TeamViewer released a security bulletin highlighting two critical vulnerabilities impacting their Remote Client & Remote Host products for Windows. The two security flaws, tracked as CVE-2024-7479 & CVE-2024-7481, have both been rated an 8.8 CVSS score, indicating that the flaws pose significant risks to users of the TeamViewer software.
Both flaws in question stem from the improper verification of cryptographic signatures that occurs during the installation of specified drivers. The drivers in question are the VPN & Printer Drivers which are installed via the TeamViewer_service.exe process in the TeamViewer Remote Clients software suite.
CVE-2024-7479:
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.
CVE-2024-74:
Improper verification of cryptographic signature during installation of a printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.
The one saving grace for these vulnerabilities is that attackers must have local access to the Windows system, meaning that they cannot be exploited remotely. But while remote exploitation is not possible, once an attacker gains local access then the potential damage that can be caused by exploiting these vulnerabilities is severe. These security flaws can allow unprivileged local users to escalate their account privileges and install malicious drivers on the target system. Once a driver is installed, an attacker can execute code with escalated privileges and gain full, uncontested access to the system.
The risk posed by these flaws can be amplified in corporate environments, as local access to devices can be obtained via physical means or social engineering.
The vulnerabilities affect many TeamViewer versions, elevating the risk even further. Thankfully, TeamViewer have confirmed that versions 15.58.4 or later are unaffected by the vulnerabilities and are urging all users to upgrade to these versions as soon as possible.
References:
TeamViewer Urges Users to Patch Privilege Escalation Flaws (securityonline.info)
TV-2024-1006 (teamviewer.com)
CVE-2024-7479 (tenable.com)
CVE-2024-7481 (tenable.com)
____________________________________________________________________
A critical vulnerability in the NVIDIA Container Toolkit poses a significant risk to AI applications across both cloud and on-premises environments that depend on it to access GPU resources. This vulnerability, tracked as CVE-2024-0132, allows attackers to perform container escape attacks, potentially gaining full access to the host system. Once inside, adversaries can execute arbitrary commands or exfiltrate sensitive data.
The toolkit, which is commonly pre-installed on many AI platforms and virtual machine images, is the standard tool for GPU access in environments using NVIDIA hardware. This makes the issue particularly concerning, as it’s prevalent in a wide range of machine learning and AI applications.
CVE-2024-0132 has been assigned a critical-severity score of 9.0, and it affects NVIDIA Container Toolkit version 1.16.1 and earlier, as well as GPU Operator 24.6.1 and earlier. The root cause is a failure to properly isolate the containerised GPU from the host system, allowing attackers to mount sensitive portions of the host file system or access runtime resources, such as Unix sockets, which are crucial for inter-process communication.
Although many file systems are mounted with read-only permissions, certain Unix sockets, like docker.sock and containerd.sock, remain writable. This oversight enables an attacker to interact with the host system directly, including executing commands. A specially crafted container image could exploit this flaw to break out of the container and compromise the host.
A patch was released on September 26th, and affected users are strongly advised to upgrade to NVIDIA Container Toolkit version 1.16.2 and NVIDIA GPU Operator 24.6.2.
At Norm, we offer a variety of advanced monitoring tools designed to help businesses stay ahead of security threats. Our suite includes patch management tools, which are essential for addressing vulnerabilities like CVE-2024-0132. With real-time monitoring and automated patch deployment, we help organisations maintain secure systems and minimise exposure to emerging threats.
References:
Critical flaw in NVIDIA Container Toolkit allows full host takeover (bleepingcomputer.com)
A critical Nvidia Container Toolkit bug can allow a complete host takeover (csoonline.com)
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (thehackernews.com)
____________________________________________________________________
Passwords are the first line of defence against unauthorised access to computer systems and data. However, the question of how often passwords should be changed has been a subject of debate for many years. Some organisations have begun to move away from password expiration policies, arguing that they can be more trouble than they are worth. However, this decision can also introduce new security risks.
Why Password Expiration Was Introduced
Password expiration policies were originally introduced to mitigate the risk of brute-force attacks. In a brute-force attack, attackers systematically try every possible password combination until they guess the correct one. By forcing users to change their passwords regularly, organisations can limit the window of time during which an attacker can potentially crack a password.
The Downside of Password Expiration
While password expiration policies can help to improve security, they can also have some drawbacks. For example, users who are forced to change their passwords frequently may be more likely to choose weak passwords that are easy to remember. They may also reuse passwords across multiple accounts, which can increase the risk of a domino effect if one account is compromised.
The Risks of ‘Never Expire’ Passwords
Organisations that remove password expiration policies altogether are essentially placing all their trust in the strength of the initial password. If a user chooses a weak password or their password is compromised through a phishing attack or other means, there is nothing to prevent the attacker from continuing to use that password for an extended period. This can significantly increase the risk of a data breach.
Recommendations
Here are some recommendations for organisations considering moving away from password expiration policies:
By following these recommendations, organisations can help to mitigate the risks associated with ‘never expire’ passwords while still reducing the burden on IT help desks.
References:
Why ‘Never Expire’ Passwords Can Be a Risky Decision (thehackernews.com)
NIST SP 800-63 Digital Identity Guidelines (nist.gov)
Microsoft account security info & verification codes (support.microsoft.com)
Guide to Two-Factor Authentication (duo.com)
DHS NCSAM 2019 – Social Media Cybersecurity (cisa.gov)
Password Storage (owasp.org)
____________________________________________________________________
Norm tracks and monitors the latest security trends and cyber threats and collates these into a fortnightly threat bulletin.
You can receive this bulletin for free, every fortnight, by entering your business email address below:
