Weekly Comments

15 - 22 October 2019

A four-year-old critical Linux Wi-Fi Bug can allow attackers to fully compromise vulnerable machines.

A four-year-old critical Linux Wi-Fi Bug can allow attackers to fully compromise vulnerable machines. The vulnerability, assigned CVE-2019-17666, exists in the “rtlwifi” driver, which is a software component used to allow certain Realtek Wi-Fi modules to communicate with the Linux operating system. An attacker within the vulnerable system Wi-Fi range can trigger a buffer overflow at the “rtlwifi” driver to crash the target system or execute remote code, without the need for authentication. The vulnerability only affects Linux devices that use a Realtek chip when Wi-Fi is turned on. All versions of the Linux kernel after 5.3.6, released in 2013, are affected. A proposed fix is currently being developed and will be incorporated into the Linux kernel in the coming weeks.  

References:

October 2019 Security Updates

Microsoft Security Update Guide

Security Advisory: Active Directory Open to More NTLM Attacks

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence