Microsoft exposes vulnerabilities in OpenVPN -- millions of devices at risk
Microsoft researchers have revealed a series of medium-severity vulnerabilities within OpenVPN, an essential open-source VPN solution embedded in myriad routers, PCs, and smart devices worldwide. The vulnerabilities, if exploited, could allow attackers to execute remote code and escalate privileges, gaining unauthorized access to potentially millions of devices.
The research team demonstrated how these vulnerabilities could be chained together to form a potent attack sequence, culminating in attackers taking complete control over affected devices. This complex attack vector requires user authentication and a sophisticated understanding of OpenVPN’s architecture, highlighting the need for robust security measures.
Microsoft offers workaround, but no fix, for yet another Windows print spooler security vulnerability
Just as there has been a spate of hugely problematic updates for Windows 10 over the last year, in recent weeks there has been a seemingly endless stream of security flaws relating to the Windows print spooler. Now Microsoft has acknowledged another zero-day vulnerability.
There is currently no fix available for the security bug, a Remote Code Execution vulnerability which is being tracked as CVE-2021-36958. However, Microsoft has offered up a (less than ideal) workaround for this latest vulnerability from the PrintNightmare family.