Critical issue found in ChromeOS by Microsoft

On August 19th 2022, Microsoft released a report stating that “Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE)”.

CVE-2022-2587, as it’s known as on the Common Vulnerabilities and Exposures (CVE) list, has a 9.8 common vulnerability score, meaning it is tagged as a critical issue. A vulnerability allowing remote code execution can be a large threat. This means any form of software can be injected into the device, ranging from ransomware to trojans, putting personal and if working from home, company information at risk.

After locating a local memory corruption issue, Microsoft discovered that the vulnerability could be remotely triggered by manipulating audio metadata. Attackers could have lured users into meeting these conditions, such as by simply playing a new song in a browser or from a paired Bluetooth device.

Shortly after the issue was found, Microsoft quickly deployed a fix to ChromeOS users to no longer allow attackers to exploit the bug in the audio metadata.

The rise in breaches and attacks can be attributed to rising sophistication in tools, monetary gain from ransomware attacks and a high work from home rate, where many people will be working on less secure networks that attackers can exploit.

It is important that you and your organisation have a strong system in place to prevent any attacks. 

With a Security Operations Centre there will be improved threat management which is available 24/7, and a large, qualified team who can detect and hunt down threats, preventing any malicious attempts at breaching the system. As well as this an SOC team can analyse the attacks and use the data they get from analysing to find better ways to protect the systems and networks, preventing future attacks.

Our UK based 24×7 Security Operations Centre can keep your organisation secure all year round.

Establishing an in-house Security Operations Centre that can keep up with the advancing sophistication of cyber attacks is out of reach for all but the largest companies. Even with the biggest of budgets, there is the continual need to hire and train security professionals, manage governance and procure software. Whereas outsourcing to our SOC gives you access to advanced security analytics and cutting-edge detection technology, letting you get on with running your business, safe in the knowledge that specialists are proactively guarding your systems.

Leave a comment

Your email address will not be published. Required fields are marked *

Contact Fundamentals First
× Contact Us