Microsoft Discovers Security Vulnerabilities in OpenVPN – What You Need to Know

Published: Aug 12, 2024

Security

SHARE ARTICLE

Key Takeaways:

  • Microsoft has disclosed multiple security flaws in OpenVPN that could enable remote code execution and unauthorized access on various platforms.
  • The vulnerabilities affect OpenVPN versions older than 2.5.10 and 2.6.10.
  • Microsoft advises updating to the latest OpenVPN versions and disconnecting affected clients from the Internet.

Microsoft has disclosed a series of security vulnerabilities in OpenVPN that could allow attackers to execute remote code and gain unauthorized access to targeted endpoints. These newly discovered flaws present significant risks to the integrity and confidentiality of affected systems.

What is OpenVPN?

OpenVPN is open-source software designed to create a secure virtual private network (VPN). It enables users to safely connect remote computers to a company’s internal network. OpenVPN supports all major platforms, including macOS, Windows, Linux, Android, and iOS.

OpenVPN client server model
OpenVPN client-server model (Image Credits: Microsoft)

How do hackers exploit OpenVPN vulnerabilities?

Microsoft first reported the medium-severity vulnerabilities to OpenVPN back in March 2024. The first flaw (tracked as CVE-2024-27459) impacts the openvpnserv component, which could cause Denial of service (DoS) and local privilege escalation (LPE) on Windows PCs. The second vulnerability (CVE-2024-24974) allows unauthorized access to Windows machines.

Furthermore, the third security flaw (CVE-2024-27903) can be exploited by hackers to deploy malicious plugins on Android, iOS, macOS, and BSD. Lastly, CVE-2024-1305 can be exploited to launch DoS attacks via the Windows TAP driver.

“All the identified vulnerabilities can be exploited once an attacker gains access to a user’s OpenVPN credentials, which could be accomplished using credential theft techniques, such as purchasing stolen credentials on the dark web, using info-stealing malware, or sniffing network traffic to capture NTLMv2 hashes and then using cracking tools like HashCat or John the Ripper to decode them,” the Microsoft Threat Intelligence team explained.

How to mitigate OpenVPN vulnerabilities?

Microsoft has indicated that these vulnerabilities impact all supported versions of OpenVPN older than 2.5.10 and 2.6.10. It is important to note that these flaws are present on the client side of OpenVPN, while the server remains secure. Microsoft recommends that organizations should apply the latest security patches to all affected devices to mitigate these risks.

Lastly, administrators should ensure that all OpenVPN clients are disconnected from the Internet and restrict access to VPN services. Microsoft also advises using security solutions like Defender for Endpoint and Microsoft Sentinel to help protect corporate networks from potential security threats.

SHARE ARTICLE