Latest news with #zeroDay
Forbes
17-05-2025
- Forbes
VMware Hacked As $150,000 Zero-Day Exploit Dropped
Pwn2Own hackers use $150,000 exploit on VMware ESXi. The elite hackers attending Pwn2Own in Berlin have made hacking history by successfully deploying a zero-day exploit against VMware ESXi. Having already made the headlines with no less than three zero-days compromising Windows 11 on day one of the hacking competition, day two kept the security surprises well and truly coming. Here's what you need to know. Organizations have had a lot to digest regarding enterprise technology security issues over the last few weeks. What with the U.S. Cybersecurity and Infrastructure Security Agency urging them to ensure they are protected against a high-severity Chrome vulnerability already being exploited in the wild, HTTPBot attackers targeting business Windows networks, and Microsoft confirming a critical 10/10 cloud security vulnerability. You might think that the news of VMware ESXi being hacked using a $150,000 zero-day exploit is the icing on the security nightmare cake, but you couldn't be more wrong. Context is everything, and the context here is the environment in which that zero-day was dropped. Pwn2Own is a twice-yearly hackathon where some of the world's leading hackers come together in friendly competition to see who can hack products and services, within strict time limits, using never-before-seen zero-day exploits, and earn the title Master of PWN. The good news is that this is all above board and legal. Remember that hacking is not a crime, folks, and the products and services being hacked have been submitted by the vendors for the purposes of discovering vulnerabilities before cybercriminals do. In the case of the VMware ESXi zero-day exploit, this was the first time in Pwn2Own's history, stretching back to 2007, that the hypervisor has been successfully exploited. The hacker behind the achievement, Nguyen Hoang Thach, who is part of the STARLabs SG team, was able to deploy a single integer overflow exploit. This earned them a not-too-shabby reward of $150,000 on the spot, as well as 15 valuable points towards the coveted Master of PWN title. I have reached out to Broadcom for a statement regarding the VMware ESXi zero-day at Pwn2Own, and will update this article should one be available.
Forbes
14-05-2025
- Forbes
Microsoft Confirms Windows Is Under Attack — You Must Act Now
Multiple zero-day vulnerabilities are being exploited by attackaers, Microsoft warns. It's that time of the month again, when Patch Tuesday is quickly followed by Exploit Wednesday. The former is the monthly rollout of Microsoft's responses to newly discovered vulnerabilities in its services and products, and the latter is when hackers, cybercriminals and state-sponsored actors look to act upon these security disclosures before individuals and organizations have had the opportunity to update their systems. Unfortunately, Exploit Wednesday seems to have preceded Patch Tuesday this month, with Microsoft confirming multiple zero-day vulnerabilities that are known to be under attack before any fix was made available. Make no mistake, with security experts rating the risk prioritization of these exploits as critical, Windows users need to act fast. It is not uncommon, sadly, for Windows users to find themselves faced with zero-day vulnerabilities that are being exploited by attackers in the wild. In March, for example, six zero-day attacks were confirmed, while there were three such active Windows exploits reported in January. The latest Microsoft Patch Tuesday security rollout has now dropped, and it doesn't make for very comforting reading at all. So, let's dive straight into the multiple zero-day exploits impacting Windows users, starting with that has got the security professionals very concerned indeed. This memory corruption vulnerability sits within the Windows scripting engine, and a successful exploit can allow an attacker to execute code over the network. Not only does CVE-2025-30397 affect all versions of the Windows operating system, but it is also confirmed by Microsoft as being exploited in the wild. 'Microsoft's severity is rated as important and has CVSS 3.1 of 7.8,' Chris Goettl, vice president of security product management at Ivanti, pointed out, adding that 'risk-based prioritization warrants treating this vulnerability as critical.' While the official CVE severity-rating scores tend to provide a decent baseline for vulnerability appraisal, in the real world, things are not always that clear-cut. CVE-2025-30397 has a base score of 7.5, and Microsoft says that the attack complexity rating is high. So, what's the issue? 'The advisory FAQ for CVE-2025-30397 explains that successful exploitation requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode,' Adam Barnett, lead software engineer at Rapid7 explains, 'and then causes the user to click a malicious link; there is no mention of a requirement for the user to actively reload the page in Internet Explorer Mode, so we must assume that exploitation requires only that the 'Allow sites to be reloaded in Internet Explorer' option is enabled.' Barnett warned that as the users most likely to still require this kind of Internet Explorer compatibility are enterprise organizations, and the concept of migration is likely 'buried several layers deep in a dusty backlog,' in Barnett's experience, then the pre-requisite conditions are already conveniently in place on the target asset and 'attack complexity is suddenly nice and low.' The remaining under-attack zero-day vulnerabilities are: CVE-2025-32709: an elevation of privilege vulnerability in the Windows ancillary function driver for WinSock that enables an attacker to gain admin privileges locally and impacts Windows Server 12 and later OS versions. Once again. Goettl warned that 'risk-based prioritization warrants treating this vulnerability as critical.' CVE-2025-32701 and CVE-2025-32706 are a pair of zero-day vulnerabilities in the Windows Common Log File Driver System, and could enable a successful local attacker to gain system privileges. Impacting all versions of Windows, these types of security flaws are being closely monitored for detection by the Microsoft Threat Intelligence Center. 'Since Microsoft is aware of exploitation in the wild,' Barnett said, 'we know that someone else got there first, and there's no reason to suspect that threat actors will stop looking for ways to abuse CLFS any time soon.' And finally, we come to another elevation of privilege zero-day vulnerability already being exploited by attackers, CVE-2025-30400, which impacts the Windows desktop window manager and affects Windows 10, Server 2016, and later OS versions. Barnett pointed out that this is great proof that such elevation of privileges vulnerabilities will never go out of fashion, what with Exploit Wednesday marking the one-year anniversary of CVE-2024-30051, which also hit the desktop windows manager. The advice, therefore, is simple. Act now, and ensure that you update your Windows systems with the latest security patches as a matter of some urgency.
