Global cybersecurity leader Trend Micro continued its commitment to making the digital world safer, emphasizing the impact the Zero Day Initiative (ZDI)* plays in detecting and reporting critical vulnerability in the Samba file-sharing protocol.
You can visit our blog and technical support alert pages to learn more about the vulnerability in Samba and how to mitigate its effects.
Trend Micro regularly hosts Pwn2Own events around the world, and attendees try to find and exploit new vulnerabilities in widely used software and systems. It is organized as part of company-wide efforts to improve cybersecurity for customers and the entire online community through ZDI and Trend Micro’s own global threat intelligence team of thousands of researchers.
These efforts are becoming increasingly important as businesses continue to transform digitally, their attack surface expands, and their reliance on software, especially open source components.
The vulnerability, named CVE-2021-44142, had a CVSS score of 9.9 due to its critical potential impacts on the affected organizations. If this vulnerability is exploited, insufficient heap read-write failure allows remote attackers to execute arbitrary code as root users.
While no cyberattacks exploiting this vulnerability have yet been seen, the time it takes for affected organizations to fix this new critical vulnerability before cyber attackers begin using it is getting shorter and shorter.
Therefore, Trend Micro urges all organizations to implement the hotfixes developed for CVE-2021-44142 or update to the latest Samba version as soon as possible.
* The vulnerability was first disclosed by STAR Labs’ Nguyen Hoang Thach and Billy Jheng Bing-Jhong at the Pwn2Own Austin 2021 event. Lucas Leong of Trend Micro’s ZDI initiative discovered additional variants reported to Samba as part of this fix. The original issue was independently found by Orange Tsai, also of DEVCORE. ZDI is the world’s largest vendor-independent bug bounty program. Since 2005, it has made software more secure by encouraging researchers to find vulnerabilities and responsibly disclose them to vendors.