SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Researchers find POC for wormable vulnerability in Microsoft Windows HTTP protocol stack
Description: A recently discovered wormable vulnerability in the Windows HTTP protocol stack could also be used to target unpatched Windows 10 and Server systems publicly exposing the Windows Remote Management service. A security researcher released POC code for the vulnerability, patched in this month’s Microsoft security update, last week. The vulnerability only affects WinRM if a user manually enables it on their Windows 10 systems, though enterprise Windows Server endpoints have it toggled on by default. This potentially increases the attack surface for any adversaries that uses the vulnerability to spread a ransomware attack, as they could move quickly across the targeted environment. Microsoft has urged users to update their affected products as soon as possible.
Snort SIDs: 57605
Title: Heap-based buffer overflow in Google Chrome could lead to code execution
Description: Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Google Chrome. CVE-2021-21160 is a buffer overflow vulnerability in Chrome’s AudioDelay function that could allow an adversary to execute remote code. An attacker could exploit this vulnerability by tricking a user into visiting a specially crafted HTML page in Chrome. Proper heap grooming can give the attacker full control of this heap overflow vulnerability, and as a result, could allow it to be turned into arbitrary code execution.
Snort SIDs: 57057, 57058