LAS VEGAS — Software giant Microsoft used the spotlight of the Black Hat security conference to document multiple vulnerabilities in OpenVPN and warned that skilled hackers could create exploit chains for remote code execution attacks.
The vulnerabilities, already patched in OpenVPN 2.6.10, create ideal conditions for malicious attackers to build an “attack chain” to gain full control over targeted endpoints, according to fresh documentation from Redmond’s threat intelligence team.
While the Black Hat session was advertised as a discussion on zero-days, the disclosure did not include any data on in-the-wild exploitation and the vulnerabilities were fixed by the open-source group during private coordination with Microsoft.
In all, Microsoft researcher Vladimir Tokarev discovered four separate software defects affecting the client side of the OpenVPN architecture:
- CVE-2024-27459: Affects the openvpnserv component, exposing Windows users to local privilege escalation attacks.
- CVE-2024-24974: Found in the openvpnserv component, allowing unauthorized access on Windows platforms.
- CVE-2024-27903: Affects the openvpnserv component, enabling remote code execution on Windows platforms and local privilege escalation or data manipulation on Android, iOS, macOS, and BSD platforms.
- CVE-2024-1305: Applies to the Windows TAP driver, and could lead to denial-of-service conditions on Windows platforms.
Microsoft emphasized that exploitation of these flaws requires user authentication and a deep understanding of OpenVPN’s inner workings. However, once an attacker gains access to a user’s OpenVPN credentials, the software giant warns that the vulnerabilities could be chained together to form a sophisticated attack chain.
“An attacker could leverage at least three of the four discovered vulnerabilities to create exploits to achieve RCE and LPE, which could then be chained together to create a powerful attack chain,” Microsoft said.
In some instances, after successful local privilege escalation attacks, Microsoft cautions that attackers can use different techniques, such as Bring Your Own Vulnerable Driver (BYOVD) or exploiting known vulnerabilities to establish persistence on an infected endpoint.
“Through these techniques, the attacker can, for instance, disable Protect Process Light (PPL) for a critical process such as Microsoft Defender or bypass and meddle with other critical processes in the system. These actions enable attackers to bypass security products and manipulate the system’s core functions, further entrenching their control and avoiding detection,” the company warned.
The company is strongly urging users to apply fixes available at OpenVPN 2.6.10.
Related: Windows Update Flaws Allow Undetectable Downgrade Attacks
Related: Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications
Related: OpenVPN Patches Remotely Exploitable Vulnerabilities
Related: Audit Finds Only One Severe Vulnerability in OpenVPN
