New malicious RedLine distribution campaign
Researchers at BitDefender have published a report on a new RedLine malware distribution campaign. According to the analysts, malicious actors are using the RIG Exploit Kit for distribution, which exploits a vulnerability in Internet Explorer that causes memory corruption when the victim accesses a specially crafted website. This flaw, identified as CVE-2021-26411 with a CVSSv3 of 7.8, was patched by Microsoft in March 2021.
Privilege escalation in Windows Active Directory
Security firm SOCPRIME has published an article stating that security researchers have revealed a flaw in Windows Active Directory (AD) in environments where the default settings are used. This flaw, which could allow a user with access to add machines to the domain without the need for administrator privileges, could lead to privilege escalation on the vulnerable system. This bug, for which a proof of concept exists, could be exploited using the KrbRelayUp tool.
A possible mitigation would require changing the default configuration and removing authenticated users from the default domain controller policy. More details on mitigating the vulnerability can be found in Mor Davidovich’s research repository.
Nimbuspwn: Privilege escalation vulnerabilities in Linux
Microsoft researchers have identified two new vulnerabilities, called Nimbuspwn, that could allow an attacker to escalate privileges to root on vulnerable Linux systems.
The flaws have been identified as CVE-2022-29799 and CVE-2022-29800, and are found in the networkd-dispatcher component, whose function is to make changes to the state of the network interface.
According to the researchers, the chained exploitation of these vulnerabilities would allow malicious actors to achieve root privileges, giving the possibility, at later stages, to deploy payloads, backdoors, distribute malware and/or perform other malicious actions through arbitrary code execution.
It should be noted that Clayton Craft, administrator of the networkd-dispatcher component, has implemented the corresponding fixes and users are advised to update their instances to prevent possible attacks.