[the_ad id="12394"]
HomeUpdateMultiple Security flaws in the Eltima SDK Hinder Cloud Service Providers

Multiple Security flaws in the Eltima SDK Hinder Cloud Service Providers

-

Researchers discovered various flaws in Eltima’s third-party driver software, which has been “unintentionally adopted” by cloud pc solutions including Amazon Workspaces, Acops, and NoMachine, and can allow adversaries to carry out a variety of destructive operations. In a post published in The Hacker News, SentinelOne researchers warned that,

“Such flaws empower cybercriminals to gain permissions to deactivate antivirus software, rewrite critical components, disrupt the os, or execute harmful tasks freely.”

Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Tools, Eltima USB Network Gate, Amzetta zportal Windows zClient, Amzetta zPortal DVM Tools, FlexiHub, and Donglify have all been updated to remedy the vulnerabilities.

The issues are rooted in an Eltima product that supports “USB over Ethernet” functionalities, allowing desktop virtualization providers including Amazon WorkSpaces to route associated USB devices including webcams to their remote pcs.

The flaws can indeed be discovered in two USB redirection drivers, “wspvuhub.sys” and “wspusbfilter.sys”. According to SentinelOne researchers,

“The threat actors having exposure to an organization’s network may also be able to run code on unsecured systems and leverage this weakness to access special local right acceleration.”

“Threat actors can use additional strategies, including techniques to go deeper into a network in search of sensitive data, to switch to the larger network.”

Riya
Riya is a technology enthusiast and an avid researcher. She writes about consumer tech, hacking, and technology consumer issues at TheDigitalHacker.

Must Read

How a planned gallery uncovered a mother lode of exemplary Slovak...

0
Before the end of last year, the Slovak Design Museum delivered a deciphered assortment of '80s text experiences from the district. The games, frequently...