Cybersecurity researchers have disclosed particulars about a pair of vulnerabilities in Microsoft Windows, one particular of which could be exploited to result in a denial-of-assistance (DoS).
The exploits, dubbed LogCrusher and OverLog by Varonis, consider intention at the EventLog Remoting Protocol (MS-EVEN), which allows remote obtain to celebration logs.
Though the previous allows “any area person to remotely crash the Event Log application of any Windows device,” OverLog results in a DoS by “filling the challenging travel space of any Windows machine on the domain,” Dolev Taler said in a report shared with The Hacker News.
OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS score: 4.3) and was tackled by Microsoft as portion of its October Patch Tuesday updates. LogCrusher, nevertheless, continues to be unresolved.
“The performance can be interrupted and/or minimized, but the attacker are unable to completely deny service,” the tech giant mentioned in an advisory for the flaw released earlier this thirty day period.
The issues, in accordance to Varonis, bank on the actuality that an attacker can get a manage to the legacy Internet Explorer log, correctly setting the stage for attacks that leverage the handle to crash the Function Log on the sufferer equipment and even induce a DoS ailment.
This is reached by combining it with another flaw in a log backup purpose (BackupEventLogW) to regularly backup arbitrary logs to a writable folder on the focused host until the hard push receives stuffed.
Microsoft has because remediated the OverLog flaw by restricting entry to the Internet Explorer Occasion Log to regional administrators, thereby lessening the prospective for misuse.
“Even though this addresses this individual set of Internet Explorer Celebration Log exploits, there remains possible for other user-available application Party Logs to be equally leveraged for attacks,” Taler reported.
Found this posting fascinating? Follow THN on Fb, Twitter and LinkedIn to study more distinctive material we post.
Some components of this report are sourced from: