Last Updated on 07/12/2021 by Riya
Researchers discovered various flaws in Eltima’s third-party driver software, which has been “unintentionally adopted” by cloud pc solutions including Amazon Workspaces, Acops, and NoMachine, and can allow adversaries to carry out a variety of destructive operations. In a post published in The Hacker News, SentinelOne researchers warned that,
“Such flaws empower cybercriminals to gain permissions to deactivate antivirus software, rewrite critical components, disrupt the os, or execute harmful tasks freely.”
Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Tools, Eltima USB Network Gate, Amzetta zportal Windows zClient, Amzetta zPortal DVM Tools, FlexiHub, and Donglify have all been updated to remedy the vulnerabilities.
The issues are rooted in an Eltima product that supports “USB over Ethernet” functionalities, allowing desktop virtualization providers including Amazon WorkSpaces to route associated USB devices including webcams to their remote pcs.
The flaws can indeed be discovered in two USB redirection drivers, “wspvuhub.sys” and “wspusbfilter.sys”. According to SentinelOne researchers,
“The threat actors having exposure to an organization’s network may also be able to run code on unsecured systems and leverage this weakness to access special local right acceleration.”
“Threat actors can use additional strategies, including techniques to go deeper into a network in search of sensitive data, to switch to the larger network.”