Cloud USB System Vulnerabilities Reaches Millions of Users


A total of 27 system failures by software provider Eltima have put millions of system users to cloud computing at risk, including the networks of companies like Amazon. The exploit was in a technology used to link locally linked devices, such as storage drives and webcams, to remote desktops connected to the internet. Its malicious use would allow remote code execution.

Detailed by security company SentinelOne, the issue showed up in a plug-in SDK (software development kit) from Eltima, with two vulnerable drivers. From them, it would be possible to work with the buffer overload and execute malicious code outside the memory limits, resulting in attacks that allowed the escalation of user privileges, the installation of malware, disabling of security protocols and the manipulation of components of the system; as well as corrupting a remote machine completely.

The fear, as always, is about ransomware attacks and the theft of credentials that can be gained from escalating these privileges. SentinelOne also points out that systems such as Eltima’s were widely used in the transition from face-to-face employees to the home office, in the pandemic; and now with hybrid regimes. This leads to a total of those affected which is difficult to estimate, but which easily reaches millions of people.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!

Recommendation for mitigating vulnerability is immediate update

Also according to experts, the magnitude of the failure has to do with the fact that it is “inherited” from the software provider’s systems to those of other companies. In addition to Amazon, Accops, Amzetta and FlexiHub are part of the list of affected platforms — and Eltima itself. All have already released updates for the vulnerabilities, originally discovered at the end of the first half of this year, and recommend that their customers and users carry out the update immediately.

Experts also point out that administrators of any type of platform that uses Eltima’s services should check if their systems have the SDK compromised. A list of indicators of commitment (CVEs, Common Vulnerabilities and Exposures) linked to the 27 faults found and protection and mitigation recommendations were also released by SentinelOne, to facilitate the process of updating and defending the cloud platforms.

On the other hand, there are no signs of malicious use of the vulnerabilities, but that should change now that the report has been released and attackers are looking for systems that have not yet been updated — in most cases, this installation is mandatory and automatic. Hence the need for urgent patching and monitoring of networks for suspicious behavior.

Share post:


More like this

Deputy president can’t serve as CS, Kingi tells Raila

ODM leader Raila Odinga erred in saying he...

Kuria’s party decries exclusion in Ruto’s Kenya Kwanza

Chama Cha Kazi members in Kikuyu have rejected...

Fuel subsidy tops Treasury Sh64bn extra budget

The National Treasury has asked the National Assembly...

Europa League Conference: Roma win the final against Feyenoord!

At the end of a fairly balanced final where...