UPDATE (4/26/2024):

Avertium initially advised users to update their Oracle VirtualBox instances to version 7.0.16. However, Oracle has since released an update cautioning against this version due to a potential issue. Specifically, there's a risk of a host operating system crash when the virtual machine (VM) is set to use bridged or host-only networking. Oracle announced that they will notify mailing lists once a fix is available for download. Meanwhile, users are encouraged to review Oracle's 7.0 maintenance release, which enhances stability and addresses regressions. Further details can be found in Oracle’s Changelog. 

overview

A critical vulnerability (CVE-2024-21111) has been found in Oracle VirtualBox, impacting versions prior to 7.0.16. This flaw allows attackers with basic access to a Windows system running VirtualBox to escalate privileges to NT AUTHORITY\SYSTEM. 

The exploit leverages VirtualBox's mishandling of log files, allowing attackers to manipulate critical system files through symbolic link attacks. The vulnerability has a CVSS score of 7.8 and is easily exploitable - heightening the risk of widespread attacks, especially targeting Windows-based systems running VirtualBox. 

Successful exploitation of CVE-2024-21111 can result in complete control over the compromised system. Oracle has addressed the issue in its recent Critical Patch Update for April 2024. Since a PoC has been released for the vulnerability, users are strongly advised to update to Oracle VirtualBox version 7.0.16 or later to mitigate risk. Stay informed. Stay secure. 

 

 

avertium's recommendationS

For more information regarding patch guidance, please see Oracle’s advisory 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-21111. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 




 

SUPPORTING DOCUMENTATION

Oracle Critical Patch Update Advisory - April 2024 

Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published (securityonline.info) 

PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com) 

Text Form of Oracle CPU April 2024 Risk Matrices 

Oracle VM VirtualBox 

 
Chat With One of Our Experts



Flash Notice oracle vulnerabilities Critical Vulnerability Blog