Avertium initially advised users to update their Oracle VirtualBox instances to version 7.0.16. However, Oracle has since released an update cautioning against this version due to a potential issue. Specifically, there's a risk of a host operating system crash when the virtual machine (VM) is set to use bridged or host-only networking. Oracle announced that they will notify mailing lists once a fix is available for download. Meanwhile, users are encouraged to review Oracle's 7.0 maintenance release, which enhances stability and addresses regressions. Further details can be found in Oracle’s Changelog.
overview
A critical vulnerability (CVE-2024-21111) has been found in Oracle VirtualBox, impacting versions prior to 7.0.16. This flaw allows attackers with basic access to a Windows system running VirtualBox to escalate privileges to NT AUTHORITY\SYSTEM.
The exploit leverages VirtualBox's mishandling of log files, allowing attackers to manipulate critical system files through symbolic link attacks. The vulnerability has a CVSS score of 7.8 and is easily exploitable - heightening the risk of widespread attacks, especially targeting Windows-based systems running VirtualBox.
Successful exploitation of CVE-2024-21111 can result in complete control over the compromised system. Oracle has addressed the issue in its recent Critical Patch Update for April 2024. Since a PoC has been released for the vulnerability, users are strongly advised to update to Oracle VirtualBox version 7.0.16 or later to mitigate risk. Stay informed. Stay secure.
For more information regarding patch guidance, please see Oracle’s advisory.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2024-21111. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION