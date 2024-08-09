Microsoft exposes vulnerabilities in OpenVPN -- millions of devices at risk

No Comments

Microsoft researchers have revealed a series of medium-severity vulnerabilities within OpenVPN, an essential open-source VPN solution embedded in myriad routers, PCs, and smart devices worldwide. The vulnerabilities, if exploited, could allow attackers to execute remote code and escalate privileges, gaining unauthorized access to potentially millions of devices.

The research team demonstrated how these vulnerabilities could be chained together to form a potent attack sequence, culminating in attackers taking complete control over affected devices. This complex attack vector requires user authentication and a sophisticated understanding of OpenVPN’s architecture, highlighting the need for robust security measures.

OpenVPN is used across various platforms including Windows, iOS, macOS, Android, and BSD, serving as a critical security tool for thousands of enterprises globally. The vulnerabilities affect all versions of OpenVPN up to 2.6.9 and 2.5.9, posing a severe risk to unprotected endpoints and enterprise systems.

The vulnerabilities, reported through Microsoft's Coordinated Vulnerability Disclosure program in March 2024, have been addressed by OpenVPN in their latest releases (2.6.10 and 2.5.10). Users are urged to update their systems immediately to mitigate potential risks.

The disclosed vulnerabilities include:

  • CVE-2024-27459: Could cause denial of service (DoS) and local privilege escalation (LPE) on Windows platforms.
  • CVE-2024-24974: Allows unauthorized access on Windows.
  • CVE-2024-27903: Enables remote code execution (RCE) and local privilege escalation (LPE) across Android, iOS, macOS, and BSD platforms.
  • CVE-2024-1305: Leads to a denial of service (DoS) through the Windows TAP driver.

Microsoft provided detailed mitigation strategies and emphasizes the importance of applying the latest patches. The company also praised OpenVPN for the prompt response and collaboration in address these issues, reinforcing the significance of responsible vulnerability disclosure in maintaining global cybersecurity.

No Comments
Got News? Contact Us

Recent Headlines

Microsoft exposes vulnerabilities in OpenVPN -- millions of devices at risk

How to remove arrows from Windows shortcuts

Recovering from a data breach requires an effective cyber resilience strategy

Bridging the gap: innovations in AI safety and public understanding

Best Windows apps this week

The emerging trends that security teams need to address [Q&A]

Microsoft warns that Iran is using cyber operations to influence the US 2024 election, just like China and Russia

Most Commented Stories

Say goodbye to Microsoft Windows 11: Nobara 40 is the Linux-based operating system you need!

111 Comments

Say goodbye to Microsoft Windows 11 and hello to Ubuntu-based Linux Mint 22

66 Comments

Microsoft releases the new Outlook for Windows for anyone who wants it, including commercial customers

15 Comments

Transform Microsoft Windows 11 into Windows 10

14 Comments

If you're sticking with Windows 10, use this trick to make it look a bit more like Windows 11 for free

10 Comments

Bad CrowdStrike update causes major outages of Microsoft systems worldwide

10 Comments

Acronis True Image is back, baby!

9 Comments

Leadership changes at GNOME Foundation: Should DEI influence the selection of a new director?

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.