Patch Tuesday has come and gone, and one of the juiciest tidbits in there was the patching of vulnerability MS15-085 in Windows Mount Manager. Here’s what Microsoft had to say about it:
“An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and execute it.”
Basically, an attacker could insert a USB device into a machine, and would be able to run whatever malicious code that they wanted. This means they could set the device up to send information wherever they wanted it to, or they could log keystrokes, lock down the entire machine, or steal anything.
Microsoft does believe that the vulnerability has already been used in targeted attacks.
Microsoft labeled this vulnerability as important, rather than critical, due to the fact that the attacker would need to have physical access to a machine in order to exploit it. However, this should not diminish the urgency of patching this vulnerability. Many organizations feel that they are physically very secure despite the fact that that same security has been proven vulnerable, most recently with the BLEkey RFID hack. It’s also a known fact that most employees are under-trained when it comes to Social Engineering.
Social Engineering, which is technically defined as the application of sociological principles to specific social problems, is utilized in the tech world to charm the pants off of employees so that they’ll allow the bad guys to do whatever they want. Okay, that’s not entirely accurate. Sometimes it’s used to blend in with your organization in order to quietly initiate evil deeds.
If you’re opening a door and someone comes up behind you with the obvious intent of following you, do you hold the door for them and say ‘Good Morning’? Do you bother to check if they belong there? How about if someone in a uniform, perhaps even wearing a certified visitor badge, tells you that they’re there to install the new antivirus on your computer? Do you verify them? Perhaps you get one or even both of these situations right. There are hundreds of others. Has your organization been trained? Is everyone as hip to these things as you are?
The fact that this vulnerability requires physical access makes it even MORE important. Networks tend to have increased vulnerability inside the building. They’re so focused on keeping an outside attack at bay, that many companies don’t see the Trojan horse. They aren’t prepared for an attack from the inside. This is why we’re seeing more and more of these attacks. PoS attacks? It’s almost guaranteed that an attacker had some sort of physical connection to one of the machines. They could have bought a candy bar, slid a card with a malicious code on it, and never have been noticed.
There is technology now that acts like the internal sister to the Firewall. It grants and denies access from inside, it monitors activities and behaviors, and it even shrouds files that shouldn’t be accessed. That’s right. If someone should not have access to something, it doesn’t tell them they’re restricted, it completely hides those files or servers. Without the proper credentials, you wouldn’t even know they existed.
It’s time for organizations to take these internal threats more seriously, and the technology is here right now to do so. Don’t wait.