What is CVSS and how does it effect me?
A critical vulnerability with a Common Vulnerability Scoring System (CVSS) score of 9.8 is considered to be of severe impact. The CVSS is a standardized framework for rating the severity of security vulnerabilities in software. Scores are calculated based on various factors including the complexity of the exploit, the level of privileges required, the extent of user interaction needed for exploitation, the impact on confidentiality, integrity, and availability, among others. Scores range from 0 to 10, with 10 being the most severe. A score of 9.8 falls within the “critical” severity range, which is typically between 9.0 to 10.0. This indicates that the vulnerability is highly exploitable, potentially allowing an attacker to compromise the affected system with little to no prior access or user interaction. The exploitation of such vulnerabilities could lead to a wide range of impacts, including but not limited to:- Complete System Compromise: The attacker might gain full control over the affected system, allowing for the execution of arbitrary code, data theft, installation of malware, and more.
- Denial of Service (DoS): Availability of the systems or services could be compromised, preventing legitimate users like employees or customers from accessing them.
- Data Breach : Hackers could gain access to data on the affected system, or in this case, compromise cloud data stored in Microsoft’s SharePoint or OneDrive. This attack method would also allow criminals to leverage other methods like session stealing which bypasses MFA to gain full control over the Microsoft 365 account.
Ikigai One’s cybersecurity and managed IT clients have been protected from this attack since it was first discovered in October of 2023.
How do I protect my business if I’m not a client of Ikigai One?
According to the CVE disclosure report Microsoft has as of February 13, 2024 issued a patch in the form of an update to the Outlook desktop client for Windows and Mac. It is imperative that you ensure all systems are up to date. Failure to update ALL systems in your business can leave you open to compromise. Since this attack method is not stopped by Outlook or Microsoft’s spam and phishing prevention and the low skill exploit is now public knowledge, it is critical that your organization be constantly vigilant and remains aggressive in your IT patching.How does #MonikerLink bug work?
When the user clicks on the malicious hyperlink designed to exploit the #MonikerLink bug, it initiates a connection using the SMB protocol to a remote server controlled by the attacker. This process can transmit the user’s NTLM credentials to the attacker’s server, thereby compromising authentication details.
Furthermore, it can enable the execution of arbitrary code by leveraging the Component Object Model (COM) in Windows.
The full technical write-up can be found on Check Point Research.Here’s the takeaway: Not only did our vast network of threat intelligence and threat researchers discover and report this exploit to Microsoft, but our clients have been protected from it for months.