"There's a critical flaw in the management server in how one of its background services handles certain types of network messages that allows an attacker on the network to run their own code without logging in. That service will accept a message from anyone on the network and then can blindly load a Windows DLL using a standard Windows function. The problem is that the software doesn't properly validate where that DLL is coming from."
"What makes the attack particularly insidious, he said, is that attackers don't need to log into the server or copy files onto it. They simply can host a malicious DLL somewhere they control and instruct Apex Central to load it. Because of the flaw, Apex Central reaches out and loads the DLL itself, effectively pulling in and executing the attacker's code without checking who asked."
A management server background service mishandles certain network messages and can blindly load a Windows DLL via a standard function without validating its source. An attacker on the network can send a message that causes the server to fetch and load a DLL hosted on an attacker-controlled remote location. The loaded DLL executes code, likely at the highest privilege level, enabling remote takeover and potential lateral movement into corporate environments. The attack requires no login or file copying because the server pulls and executes the DLL itself. Exposed, unpatched servers are vulnerable to remote compromise.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]