Security specialists at Microsoft have discovered four critical vulnerabilities in the Perforce Helix Core Server source code management platform during a routine audit. The vulnerabilities let hackers run code remotely or cause Denial of Service (DoS) problems.
Microsoft security researchers discovered four vulnerabilities during a routine audit of the Perforce Helix Core Server, which is used by the tech giant’s game development studio and others.
Hackers can take over the system
Vulnerability CVE-2023-45849 allows arbitrary code to be run as LocalSystem, making it the most dangerous of the four vulnerabilities. It allows hackers to run code from the “LocalSystem” account in Windows, giving them access to local resources, system files and registry settings.
The flaw comes from mishandling the user-bgtask RPC command. In this way, Perforce Helix Core Server allows hackers like LocalSystem to execute arbitrary commands, including PowerShell scripts, remotely.
Causing DoS attacks.
The other three vulnerabilities found, CVE-2023-5759, CVE-2023-35767 and CVE-2023-45319, can cause remote DoS attacks. These types of attacks can lead to many operational disruptions in addition to financial consequences.
Measures to be taken
Microsoft security specialists advise users to upgrade to version 2023.1/2513900 of Perforce Helix Core Server, released in November this year.
Other tips to counter the vulnerabilities include regularly updating third-party software, restricting access through a VPN or IP allow list, using TLS certificates with a proxy for user validation, logging all access to Perforce Server, setting up crash alerts for IT and security teams and using network segmentation.
Finally, Microsoft security experts refer to tips from the official security guide.
Also read: Cybersecurity in 2023: Is it five to or five past twelve?
2 days ago
