\n<\/p>\n
Angry hacker drops more Windows 0-Days in ongoing campaign.<\/span><\/p>\n NurPhoto via Getty Images<\/small><\/div>\n<\/div>\n<\/figure>\n The day following the Microsoft Patch Tuesday security updates rollout is known in cybersecurity circles as Exploit Wednesday. This month, there is more reason than ever to take that very seriously indeed. While Microsoft didn\u2019t patch any \u201cin the wild\u201d vulnerabilities this time, an angry hacker known by the monikers Chaotic Eclipse and Nightmare Eclipse decided to synchronize the public disclosure of no less than two zero-day exploits with the official release. Here\u2019s what you need to know, and do, about the YellowKey and GreenPlasma exploits.<\/p>\n Forbes<\/span>\u2018Significant Threat\u2019\u2014Billions Of Gmail Users At Risk From Google Security Gaffe<\/span>By Davey Winder<\/span><\/small><\/span><\/span><\/p>\n Hell hath no fury like a security researcher scorned. Well, that appears to be so in the case of a bug bounty hacker known as Chaotic Eclipse, who has a history when it comes to posting Windows zero-days after being unhappy over communications with the Microsoft Security Response Center. Having publicly released exploit code for a zero-day in April, that went by the name of BlueHammer and turned Microsoft Defender\u2019s own update workflow into a credential theft mechanism, they are now at it again. <\/p>\n \u201cMicrosoft has chosen to make this worse instead of resolving the situation like adults,\u201d Chaotic Eclipse said, \u201cthey pulled every childish game possible. My patience is running out you’re making everyone else paying for it.\u201d The security researcher on a mission went on to address Microsoft security directly, saying, \u201cI\u2019m not sure what type of reaction you expected from me when you threw more gas on the fire after BlueHammer,\u201d warning that the \u201cfire will go as long as you want, unless you extinguish it or until there nothing left to burn.\u201d<\/p>\n The latest fuel comes in the form of two new zero-day exploits called YellowKey<\/a> and GreenPlasma. The first is a Windows BitLocker encryption bypass, the second a Windows CTFMON arbitrary section creation elevation of privileges vulnerability. Together, within 24 hours of the public proof of exploit code being published, they have already been used in active attack campaigns<\/a>. <\/p>\n Forbes<\/span>Critical New Linux Zero-Day Leaked\u2014What Admins Need To Do Now<\/span>By Davey Winder<\/span><\/small><\/span><\/span><\/p>\n \u201cBoth of the released exploit POCs suggest significant, potentially systemic flaws in how modern Windows operating system features handle path trust (GreenPlasma) and recovery (YellowKey),\u201d Gavin Knapp, cyber threat intelligence principal lead at Bridewell, said. Microsoft is not the only vendor suffering from such issues, as is evident in my exclusive report on architectural failings in security mechanisms designed to protect Google Drive and Gmail users. Historical system vulnerabilities are being found rapidly, Knapp wanted, \u201cwhich is likely due to skilled researchers leveraging AI to expedite and scale vulnerability research and exploit development.\u201d <\/p>\n Organizations should treat this as an active threat, Neena Sharma, a cybersecurity specialist at Filigree, told me, advising them to \u201cassess their exposure immediately, particularly for devices in high-risk physical access scenarios such as field devices, and shared workstations.\u201d Because immediate patching isn\u2019t possible at the time of writing, Sharma suggested implementing \u201ccompensating controls like restricting USB boot access.”<\/p>\n Meanwhile, Chaotic Eclipse has issued the following warning to the Microsoft Security Response Center: \u201cYour recent actions made me take the difficult decision to drag other companies into this, be prepared to answer questions.What You Need To Know About The YellowKey And GreenPlasma Microsoft Windows Zero-Day Exploits<\/h2>\n
Next Patch Tuesday will have a big surprise for you, Microsoft. And remember, I never failed to deliver a promise.\u201d<\/p>\n<\/section>\n<\/div>\n