Hijacking Vulnerability Discovered in OneDrive
Don’t Wait to Update OneDrive
Microsoft cloud storage solution, OneDrive, has been found to contain a vulnerability in version 19.232.1124.0010 which could allow it to be hijacked. We recommend upgrading OneDrive to 20.073.0409.0003 as quickly as possible.
All it takes to exploit is adding a specially crafted DLL into the %LOCALAPPDATA% directory on the PC. When OneDrive is launched, it will run the DLL and infect the system. It will have all the privileges as the users using OneDrive.
Robert Brown, Director of Services for Syxsense said, “The vulnerability and method to expose this threat has been made ‘Public Aware’ meaning there could be little time before this vulnerability becomes Weaponized. Ahead of next week’s Patch Tuesday, upgrade OneDrive right now and do not wait until after the weekend.”
Keep Your Organization Protected
Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.
In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.
Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.