Read the article by Mike Walters, President and Co-founder of Action1, to learn from LastPass mistakes and improve your cybersecurity strategy.
No proof of concept has been discovered for the exploit as yet, so Microsoft customers should patch immediately, advised Mike Walters, VP of vulnerability and threat research at Action1.
Mike Walters, VP of Vulnerability and Threat Research at Action1 noted that all of the vulnerabilities that were patched today were of “high severity”
Patch management vendor Action1 notes that the exploit for this bug is low in complexity and requires no special privileges. But it does require some user interaction, and can’t be used to gain access to private information or privileges.
“These incidents demonstrate the critical importance of privileged access management, as the attackers specifically targeted employees (in this case, DevOps personnel) with privileged access to sensitive systems and data,” Mike Walters, vice president of vulnerability and threat research at Action1, said.
“The tricky part is that malicious activity of this type is not always obvious to a vendor,” commented Mike Walters, VP of vulnerability and threat research at Action1.”
The GoTo breach signifies the risks of maintaining encryption keys within the same or interconnected environment as backups, according to Action1’s Mike Walters.
Microsoft has already seen this hole [CVE-2023-21674] being exploited in the wild. However, the nature of the flaw has yet to be publicly disclosed. Despite that, IT should still make it a top priority, as exploiting it should be relatively simple, according to Mike Walters, Co-founder of Action1.
“Users should beware of sophisticated phishing attacks aimed at stealing their master password,” said Mike Walters, vice-president of vulnerability and threat research at Action1, a provider of patch management solutions.
Action1 released the new version of its solution, helping organizations intelligently automate patching and remediation of security vulnerabilities across their endpoints and monitor patching results in real-time.
Mike Walters, vice president of vulnerability and threat research at Action1, says the high-impact bug could have repercussions for Windows operating systems, starting with Windows 7 and Windows Server 2008 R2, PowerShell 7.2 and 7.3.
Mike Walters, vice president of vulnerability and threat research at Action1 Corp., also pointed to a Windows Print Spooler elevation of privilege vulnerability (CVE-2022-44678), as another issue to watch.
Mike Walters, vice president of vulnerability and threat research at Action1, added that the vulnerability affects all versions of the browser on all platforms.
The cloud-native patch management, remote access, and remote monitoring and management (RMM) firm stated its platform has been upgraded to spot abnormal user behavior and automatically block threat actors to prevent attackers exploiting its tool to carry out malicious activity.
“It is very likely that this vulnerability allows remote code execution,” Mike Walters, vice-president of vulnerability and threat research at Action1, says.
It is easy to get started with Action1. In as little as 5 minutes, you can have your first endpoints deployed with data already pulled into a dashboard.
“Since the company claims that the current hack is based on data compromised in the previous hack, this raises the question: Why did they not learn from the earlier hack and correct the root cause?” Mike Walters, VP of vulnerability and threat research at Action1, told Spiceworks.
“It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations,” Mike Walters of Action1 said.
All of the vulnerabilities, Mike Walters, VP of Vulnerability and Threat Research at Action1 explains, “can be exploited only if a user visits a website with malicious payloads, such as by clicking on a link in a phishing email or through careless browsing.”
In my opinion, the value and capabilities offered by Action1 keep improving with each new quarterly release. The platform’s comprehensive feature set provides IT admins with all capabilities they need to maintain visibility and control over endpoint patching.