Varonis discovers Windows event log exploits
Data security and analytics company Varonis has discovered two new vulnerabilities in the Windows event log left behind from the legacy of the now-discontinued Internet Explorer.
The company has provided details of two proof-of-concept exploits including LogCrusher, which allows any domain user to remotely crash the Event Log application of any Windows machine on the domain.
Meanwhile, the OverLog exploit can be used to cause a remote denial-of-service attack by filling the hard drive space of any Windows machine on the domain, Varonis said.
While Microsoft has issued a partial patch for the exploits, LogCrusher can still be performed by attackers that gain access to a victim’s network.
Without logs, security controls are blind, and some security control products even attach themselves to the logger service, meaning taking down the service can disable the controls, Varonis warned. This could allow an attacker to use any type of usually detected exploit or attack with impunity.
Meanwhile, there remains potential for other user-accessible application Event Logs to be similarly leveraged for attacks, the company added.
Lakera launches framework for testing LLM security
Check Point’s Lakera has developed an open-source framework for testing the security of...
Cognizant forges BRaaS alliance with Rubrik
Cognizant is expanding its partnership with security and AI company Rubrik to develop joint...
Bitdefender launches endpoint security tool
Bitdefender has launched its new GravityZone PHASR pre-emptive endpoint security solution in...
