Summer Cybersecurity Roundup: Microsoft Vulnerabilities, CrowdStrike Outage
There was no break from cyber threats this summer, and no shortage of breaches and attacks that left companies reeling. From the headline-garnering outage impacting Microsoft devices due to CrowdStrike to encryption guidelines for quantum computing, we’ve compiled what you need to know about July and August’s cybersecurity news.
Microsoft outage due to CrowdStrike
During the early morning hours of July 19, CrowdStrike issued an automatic software update to its users. This update encountered an issue with Microsoft operating systems, causing the “blue screen of death.” Any user who has a Microsoft operating system with the CrowdStrike Falcon Sensor product downloaded may have been impacted in the outage. This caused a global tech outage that impacted businesses of all sizes from airlines and healthcare providers to banks and more and continues to impact IT systems.
Recommended reading: CrowdStrike Update Causes Global Microsoft Outages: What You Need to Know
Security recommendations
CrowdStrike has advised that each device must be manually rebooted in safe mode by an administrator, and the impacted CrowdStrike file “C-00000291*.sys” must be manually deleted.
Additionally, all businesses are encouraged to apply any patches that have since been released.
Critical Windows vulnerability impacts all systems with IPv6 enabled
On August 13, Microsoft released information on CVE-2024-38063 with critical severity impacting all Windows systems using IPv6 packets. According to Microsoft, through this vulnerability, “an unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.”
According to reports, attackers could exploit this to trigger buffer overflows that can be used to execute arbitrary code on vulnerable Windows 10, Windows 11, and Windows Server systems. Microsoft has flagged this vulnerability as an Integer Underflow (Wrap or Wraparound) weakness.
Because of the nature of this vulnerability, bad actors may gain unauthorized access to sensitive information, disrupt system operations, and install additional malicious software or malware onto the impacted devices.
It’s important to note that the vulnerability is triggered before it is processed by the local Windows firewall, therefore blocking IPv6 on the local firewall won’t block exploits.
Security recommendations
Microsoft has recommended that all users prioritize applying all available security patches. Additionally, Microsoft does not recommend that you disable IPv6.
OpenVPN recommends that you monitor closely for any possible attacks or disruptions if you have any Windows devices in your network or business.
EFG breached through unnamed VPN
Enterprise Financial Group recently announced a breach due to an undisclosed third-party VPN software. This breach may have exposed the personal information of almost 20,000 clients, including:
- Full names
- Social security numbers
- Driver's license numbers
- Passport numbers
- Bank account or payment card numbers
- Medical information, and/or insurance information
While the VPN provider responsible for the breach has not been named, EFG released in a statement that they have “fully replaced the third-party VPN appliance as a precaution to prevent further potential disclosures of information.”
Of note, OpenVPN was not the VPN provider and does not have further information on which VPN provider or appliance was impacted.
Security recommendations
OpenVPN recommends that all organizations continually monitor and apply security patches when available. Additionally, ensure that a multi-factor authentication (MFA) tool or an SSO is used to verify that all users are legitimate, should their passwords become compromised. We also advise that IT admins and security professionals review any log streams possible to identify potential breaches or changes in your network security.
NIST releases first 3 finalized Post-Quantum Encryption Standards
While not related to a breach or vulnerability, we wanted to share some interesting information from the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST).
NIST has issued three Federal Information Processing Standards (FIPS) for Post-Quantum Cryptography. This principal set of encryption algorithms was designed to withstand cyberattacks from a quantum computer, which threaten current standards. The three algorithms specified in these standards are each derived from different submissions to the NIST Post-Quantum Cryptography Standardization Project.
As quantum computers come closer to realization, this is an important step in creating effective protection for the future.
Of note: OpenVPN already has had TLS Crypt and TLS Crypt v2, for several years, to help protect against quantum attacks. Now that post-quantum encryption standards are becoming more clearly defined, newer and better ciphers can start to be implemented and made available to protect even better against quantum attacks.
Security recommendations
There are no security recommendations or necessary steps at this time. It is likely that cybersecurity and network security companies will review this information in the coming months and decide the next steps for their respective encryption updates if needed.
OpenVPN vulnerability hyperbole
If you attended Black Hat, you may have seen or heard a presentation sharing four vulnerabilities in OpenVPN’s core open source software. These include CVE-2024-27903, CVE-2024-27459, and CVE-2024-24974.
In short, these vulnerabilities have already been identified and patched and present no immediate threat. You would need to have an already significant amount of access to the target system in order to exploit these vulnerabilities — enough access that you would likely not need to exploit these vulnerabilities at all.
We do encourage people on Windows to update their client software to be sure that you have all present security updates, but there is no particularly urgent reason.
You can read more about these vulnerabilities and how we have addressed them in our recent blog post.
Security recommendations
The OpenVPN team recommends installing all updates. If you are on Windows and using OpenVPN GUI, please update to the latest version (2.6.10 or 2.5.10) that includes the fixes for these issues.
For more information, you can check out all of OpenVPN’s security advisories, past and present. You can also read more about OpenVPN’s security compliance procedures and certifications. If you have further questions, please do not hesitate to reach out to a member of our team.
Steps to improve your cybersecurity
Being targeted in an attack is a hassle at best, and devastating at worst. Take these steps to improve your security posture before an attack:
- Monitor for any and all security advisories from your security providers, SaaS applications, and other software vendors you may use.
- Review vendors' compliance information and monitor third-party audits for tools in your tech stack on a quarterly basis if possible.
- Utilize an Intrusion Detection System and Intrusion Prevention System, or IDS/IPS, to mitigate malicious traffic and suspicious activity.
Level up your network security with Access Server
For ultimate control of your network security, check out OpenVPN’s self-hosted Access Server. Try Access Server for free, and improve your security posture in under 20 minutes. Get started with free connections today.