Category: Patches

Patches

Password Managers: A Must-Have for Online Security

In today’s digital world, it is more important than ever to have strong passwords. With so much of our personal and financial information stored online, a single weak password could give hackers access to our bank accounts, email accounts, and even our social media profiles.

A password manager is a software application that can help you create and store strong passwords for all of your online accounts. This can save you a lot of time and effort, and it can also help you to keep your passwords more secure.

Password managers work by encrypting your passwords and storing them in a secure database. When you need to access a password, the password manager will prompt you for your master password. Once you enter your master password, the password manager will decrypt your passwords and allow you to use them.

Password managers offer a number of benefits, including:

  • They can help you create strong passwords that are difficult to guess.
  • They can help you keep track of all of your passwords.
  • They can make it easier to log in to websites and apps.
  • They can help you protect your privacy and security.

If you are looking for a way to improve your online security, then a password manager is a great option. There are many different password managers available, so you can choose one that fits your needs and budget.

Here are some of the most popular password managers:

  • 1Password: 1Password is one of the most popular password managers on the market. It offers a wide range of features, including strong encryption, two-factor authentication, and secure password sharing.
  • LastPass: LastPass is another popular password manager. It offers a similar set of features to 1Password, and it is also available for free with limited features.
  • Dashlane: Dashlane is a password manager that focuses on security and ease of use. It offers a wide range of features, including a secure password generator, autofill, and secure password sharing.
  • Bitwarden: Bitwarden is an open-source password manager that is free to use. It offers a similar set of features to other password managers, but it is not as well-known.
  • Keeper: Keeper Password Manager is a secure and easy-to-use password manager that helps you protect your online accounts.

When choosing a password manager, it is important to consider the following factors:

  • Security features: The password manager should use strong encryption and have a good track record of security.
  • Features: The password manager should have the features that you need, such as password generation, autofilling, and secure password sharing.
  • Price: Password managers can range in price from free to expensive. Choose a password manager that fits your budget.

Once you have chosen a password manager, it is important to use it correctly. Here are some tips for using a password manager securely:

  • Choose a strong master password. The master password is the key to your password manager, so it is important to choose a strong one.
  • Do not forget your master password. If you forget your master password, you will not be able to access your passwords.
  • Enable two-factor authentication. Two-factor authentication adds an extra layer of security to your password manager.
  • Keep your password manager up to date. Password managers are constantly being updated with new security features. Make sure to keep your password manager up to date to protect your passwords.

By following these tips, you can use a password manager securely and protect your online accounts from hackers.

Patches

Windows Update April 2021 Edition

Patch Tuesday includes updates patching 110 vulnerabilities, of which 88 are important and 19 critical. There are 19 Elevation of Privilege, 17 Information Disclosures, 55 Remote Code Executions, 9 Denial of Service, 6 Security Feature Bypass, and 2 Spoofing Vulnerabilities patched with this update.
Some of the most interesting patches are yet another update of the Microsoft Exchange server. Some of these vulnerabilities were brought to you courtesy of the NSA rating the high end of the CVSS rating system at 9.8 each. The other two rank 8.8 and 9.0 respectively. All Four of the vulnerabilities that affect the Microsoft Exchange server are considered critical Remote Code Execution vulnerabilities, but also are labeled to include High Compromise in Confidentiality, Integrity, and Availability of the affected product. These Microsoft Exchange server vulnerabilities are addressed in CVE-2021-28480(9.8), CVE-2021-28481(9.8), CVE-2021-28482(8.8), and CVE-2021-28483(9.0). These affect Microsoft Exchange server versions 2013, 2016, and 2019.
The CISA has issued an alert to Patch Microsoft Exchange Servers Immediately and wishes to clarify these patches are in ADDITION to the Patches from last month and are just as dangerous, but just have not been exploited yet.
The update patch for Windows 10 does have some interesting updates. One update includes a patch which “(a)ddresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers … This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerformTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.”
Another patch resolves an issue in CVE-2020-1036 brought up by a security researcher concerning the RemoteFX vGPU feature and this patch actually deprecates the feature. Microsoft if wanting to use vGPU use the Secure vGPU feature that is included in the Discrete Device Assignment (DDA) in Windows Servers 2016 and 2019.
An elevation of privilege vulnerability addressed in CVE-2021-27092 This is an Azure Active directory Web sign-in vulnerability which “allows arbitrary browsing from the third-party endpoints used for federated authentication”.
CVE-2021-28310 is a “Win32k Elevation of Privilege Vulnerability” in the Windows Desktop Manager discovered by Boris Larin of Kaspersky which is currently being exploited in the wild with a CVSS score of 7.8. This vulnerability is an out of bounds write vulnerability in the Desktop Windows Manager that allows an attacker “to write controlled data at a controlled offset using DirectComposition API. DirectComposition is a Windows component that was introduced in Windows 8 to enable bitmap composition with transforms, effects and animations, with support for bitmaps of different sources (GDI, DirectX, etc.) ”. Full writeup of this vulnerability is in Boris’ blog post here.
There are a total of 27 Vulnerabilties in the Remote Procedure Call Runtime with 15 Important and 12 Critical Impacts listed. All of these vulnerabilities are remotely exploitable and all have a CVSS score of 8.8. A remote attacker maybe able to make a specially crafted RPC request that allows for Remote Code Execution on the targeted machine. It is possible that the higher Criticality levels of these RPC vulnerabilities are for higher privileged access, though it is unclear due to the description of these vulnerabilities provided by Microsoft. Microsoft has listed Yuki Chen as the security researcher who found 26 of the 27 vulnerabilities.

Important Critical
CVE-2021-28434CVE-2021-28343
CVE-2021-28358CVE-2021-28339
CVE-2021-28357CVE-2021-28338
CVE-2021-28356CVE-2021-28337
CVE-2021-28355CVE-2021-28336
CVE-2021-28354CVE-2021-28335
CVE-2021-28353CVE-2021-28334
CVE-2021-28352CVE-2021-28333
CVE-2021-28346CVE-2021-28332
CVE-2021-28345CVE-2021-28331
CVE-2021-28344CVE-2021-28330
CVE-2021-28342CVE-2021-28329
CVE-2021-28341 
CVE-2021-28340 
CVE-2021-28327 
Remote Procedure Call Vulnerabilities

A couple of Windows Media decoder vulnerabilities in CVE-2021-27095 and CVE-2021-28315 allow for an attack to host a specially crafted website and trick a user into visiting it to exploit these vulnerabilities. These vulnerabilities rank a 7.8 on the CVSS rating system. These Vulnerabilities were discovered by yangkang(@dnpushme)
There is an Azure Active Directory Web Sign-in vulnerability addressed in CVE-2021-27092 “Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication.” This vulnerability has been assigned a CVSS score of 6.8.
Other windows component updates include Microsoft Office, SharePoint, DNS Server, Microsoft Edge (Chromium), Windows Speech, Windows Diagnostics Hub, Visual Studio, AppX Deployment Extensions, Event Tracing, Windows Installer, Windows Kernel, Windows Resource Manager, Portmapping, Registry, Remote Procedure Call Runtime, NTFS, Network Files System (NFS), SMB, and TCP/IP.
Microsoft removed the old Microsoft Edge web browser in this update, if it hasn’t already been removed and installed the new Microsoft edge in its place.
Also a note, if you are using Windows 10 version 1909 it goes end of life next month at the next windows update Patch Tuesday. So, may be a good time to upgrade your version 1909 to the latest version of windows 20H2.

Sources:
https://krebsonsecurity.com/2021/04/microsoft-patch-tuesday-april-2021-edition/


https://www.zdnet.com/article/microsoft-april-patch-download-covers-114-cves-including-new-exchange-server-bugs/


https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr


https://msrc.microsoft.com/update-guide/


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28481


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28480


https://www.ghacks.net/2021/04/13/microsoft-windows-security-updates-april-2021-overview/


https://support.microsoft.com/en-us/topic/april-13-2021-kb5001330-os-builds-19041-928-and-19042-928-cead30cd-f284-4115-a42f-d67fec538490


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28315


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27095


https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/


https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617


https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/

https://us-cert.cisa.gov/ncas/current-activity/2021/04/13/apply-microsoft-april-2021-security-update-mitigate-newly


https://securityaffairs.co/wordpress/116767/uncategorized/exchange-server-flaws-nsa.html


https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/


https://www.computing.co.uk/news/4029847/microsoft-patches-zero-day-bugs-april-2021-patch-tuesday-update


https://www.tomsguide.com/news/microsoft-patch-tuesday-april-21