Security Week 42: KRACK WiFi, a hole in Intel processors, 250 Oracle patches

The news of this week and the contender for the title of the attack of the year - KRACK (Key Reinstallation Attack). This is a PoC, designed by Belgian researcher Matthew Vanhuff, to demonstrate how vulnerable WPA2 authentication protocol is.

The attack is based on the features of the 802.11i standard. By manipulating the handshake packets, the attacker has the potential to decipher the transmitted data and inject his own data into it. Of course, SSL encryption is able to protect traffic, but sometimes there is an option to roll back the protocol to a more vulnerable one (remember the good old poodle ), and besides, there are many websites on the Internet that allow HTTP operation.

In general, all vendors who care about their reputation should in theory have to prepare patches. But here, it is not necessary to be clairvoyant to understand that, at best, only those devices that are still being sold will receive the patches. At the same time, if the patches come to the phones automatically, then the routers, cameras and other connected-swag owners will have to be patched manually. And the outdated and obsolete models will remain in the span at all.

Developed an attack on Intel processors
')
News Research If you remember, in the summer, an interesting way to conceal from the operating system any actions on the computer by means of the Intel function Processor Trace was made public. Researchers took it to Microsoft, where they were dismissed from them, they say, this is not a vulnerability, since it requires admin rights.

But the researchers continued to develop the theme, and now they managed to achieve the same effect, but already exploiting a flaw in the MPX (Memory Protection Extensions) extension present in the Intel Skylake processors and later versions. The new attack was called BoundHook and uses the BOUND instruction from the MPX set, which, ironically, just serves to protect against some types of attacks.

The result, however, is very similar to GhostHook. Armed with an exploit malicious software can frolic in memory, remaining unnoticed. However, in order to use GhostHook, attackers should already have access at the kernel level. Therefore, Microsoft is not going to take prompt action, promising, however, to consider this problem in one of the following versions of the system.

Oracle has fixed 250 bugs in the quarterly patchset

News Say what you like, and Oracle works in a big way. Another company because of one vulnerability suits the whole event, and then 250 pieces, but what! And among them there is a very critical one.

So, 38 parrots of bugs are closed in Oracle Fusion Middleware, 37 in Oracle Hospitality Applications, 25 in Oracle MySQL and many more in a heap of other software. In Oracle E-Business Suite, for example, three critical SQL vulnerabilities were identified, through which an unauthenticated hacker can get full remote access to the organization’s internal documents, customer information and bank card data. Researchers from Onapsis noticed on this occasion that Oracle EBS are finding more and more vulnerabilities - this year it is 29% more than in 2016.

Java Standard Edition has received 22 patches, 20 of which can be operated remotely and without authentication, and are relevant to Java Advanced Management Console, Java SE, Java SE Embedded and JRockit. Six holes were also closed in the Oracle Database server, more precisely, in its components Spatial (Apache Groovy), WLM (Apache Tomcat), Java VM, RDBMS Security, Core RDBMS and XML Database.

Such a volume of vulnerabilities, of course, scares, but here we must take into account both the number of the company's products and their sophistication - the more functions and modules, the more weak points. And here, alas, only one scenario is possible: search and patch, search and patch. And so on to infinity.

Antiquities

"Hacked Ping-Pong"
Ping-Pong repeats almost completely. Difference: instead of launching the jumping ball, the interrupt 13h is set to the subroutine of the destruction of the first eight sectors of the floppy disk.

Quote from the book "Computer viruses in MS-DOS" Eugene Kaspersky. 1992 Page 96.

Disclaimer: This column reflects only the personal opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. Then how lucky.