Security Weekly 23: Key Reinstallation Attack of WPA2, a Backdoor in Intel Processors, 250 Bugs have been found in Oracle
The news of this week and the contender for the title of the attack of the year is KRACK (Key Reinstallation Attack). This PoC, designed by the Belgian researcher Matthew Vanhouf, to demonstrate how vulnerable the WPA2 authentication protocol is.
The attack is based on the features of the 802.11i standard. Due to the manipulation of the handshake packets, the attacker is potentially able to decrypt the transmitted data and implement their own. Of course, SSL encryption is able to protect traffic, but sometimes there is an option to roll back the protocol to a more vulnerable one (remember the old good poodle), and in addition, there are many websites on the Internet that can work on HTTP.
In general, all caretakers about the reputation of vendors on the idea should already prepare patches. But here, you do not have to be clairvoyant to understand that the patch will get at best only those devices that are still being sold. At the same time, if the phones are patched automatically, then routers, cameras and other connected-hub owners need to patch by hand. And obsolete models will remain vulnerable to that attack.
Developed an attack on Intel processors
If you remember, in the summer was disclosed an interesting way to hide from the operating system any actions on the computer through the Intel function Processor Trace. The researchers took it to Microsoft, where they brushed it off, they say, it’s not a vulnerability, since it requires admin rights.
But researchers continued to develop the theme, and now managed to achieve the same effect, but already exploiting the flaw in the expansion of MPX (Memory Protection Extensions), present in Intel Skylake and later versions. The new attack is called BoundHook and uses the BOUND instruction from the MPX set, which, ironically, just serves to protect against some types of attacks.
The result, however, is very similar to GhostHook. Armed with an exploit malicious software can frolic in memory, remaining unnoticed. However, in order to use GhostHook, intruders should already have access at the kernel level. Therefore, Microsoft is not going to take action, promising, however, to consider this problem in one of the following versions of the system.
Oracle has fixed 250 bugs in the quarterly set of patches
You can say whatever you want, but Oracle is working on a grand scale. Another company because of one vulnerability suits the whole event, and here 250 bugs. And among them, there are very critical ones.
So, 38 parrots of bugs are closed in Oracle Fusion Middleware, 37 in Oracle Hospitality Applications, 25 in Oracle MySQL and a lot more in a bunch of other software. In Oracle E-Business Suite, for example, three critical SQL vulnerabilities were identified, through which a hacker without authentication can get complete remote access to internal organization documents, customer information, and bank card data. Researchers from Onapsis noted on this occasion that Oracle EBS is finding more and more vulnerabilities – this year, 29% more than in 2016.
Java Standard Edition has received 22 patches, 20 of which can be operated remotely and without authentication, and are relevant for Java Advanced Management Console, Java SE, Java SE Embedded and JRockit. Six pieces of holes were also shut down in Oracle Database, more precisely, in its components Spatial (Apache Groovy), WLM (Apache Tomcat), Java VM, RDBMS Security, Core RDBMS and XML Database.
Such a volume of vulnerabilities, of course, frightens, but here you need to consider both the number of products the company and their heap – the more functions and modules, the more and weak points. And then, alas, only one scenario is possible: search and patch.