27 SDK rights vulnerabilities or will affect millions of cloud users

EltiMasDK is a developing package for many cloud service providers to remotely install local USB devices, which helps business employees install local USB large-capacity storage devices on their cloud-based virtual desktop. Under the influence of the epidemic and remote office trends, ELTIMASDK’s usage frequency is also increasing, but recently, Sentinelone researchers found 27 ration vulnerabilities in Eltima SDK.

The cloud desktop provider, including Amazon Workspaces, relies on ELTIMA, etc., Sentinelone warned that millions of users around the world have exposed in the discovered vulnerability.

Remote attackers can use these vulnerabilities to get higher access on the cloud desktop and run the code in kernel mode.

Researchers said: “An attacker uses these vulnerabilities to enhance its access rights, can disable security products, cover system components, destroy the operating system or unimpeded to perform malicious operations.”

The specific CVE ID of these 27 vulnerabilities is as follows:

Currently, Eltima has released the affected version of the repair, but the cloud service provider is required to adapt new ELTIMASDK after the cloud service provider is updated. According to Sentinelone, the affected software and cloud platforms are:

Amazon Nimble Studio Ami, 2021/07/29 Previous Version

Amazon Nice DCV, as follows: 2021.1.7744 (Windows), 2021.1.3560 (Linux), 2021.1.3590 (Mac), 2021/07 / 30amazon Workspaces Agent, as follows: V1.0.1537, 2021/07 / 31Amazon AppStream Customer The end version is as follows: 1.1.304, 2021/08 / 02Nomachine [all products of Windows, higher than V.7.0.346 below V.7.7.4 (V.6.x is also updated) Applicable to the ACCOPS HYWORKS client for Windows: V3.2.8.180 or lower version Suitable for Windows ACCOPS HYWORKS DVM Tools: Version or lower (part of the Accogn Hyworks product below V3.3 R3) ELTIMA USB Network Gate is below 9.2.2420 above 7.0 . 1370amzetta Zportal Windows Zclientamzetta Zportal DVM Tools Flexihub is below 5.2.14094 (Latest) above 3.3.11481donglify below 1.7.14110 (Latest) above 1.0.12309

It should be noted that Sentinelone researchers have not studied that there may be an ELTIMA SDK product that is susceptible to attack, so there may be other more products that are affected by this group of vulnerabilities.

In addition, according to the code sharing strategy, some services are prone to attacks in the client, and some services are easily attacked in the server side, and there are some vulnerabilities on both.

Vulnerability relief measures

Sentinelone researchers said that there is currently no evidence that attackers use these vulnerabilities, but for cautious considerations, corporate administrators should revoke privileges before applying security updates and should be carefully checked for signs of suspicious activities.

Most suppliers have patched these vulnerabilities and drive them through automatic updates. However, some of the need for end user operations can apply security updates, such as upgrading client applications to the latest available versions.

The following is a list of repair programs published by different suppliers:

Amazon – On 25 June 2021, the repair procedures released on September 6, 2021 issued a repair program on September 5, 2021, issued a repair program on September 5, 2021, and notified the customer to upgrade. In addition, December 4, 2021 released the utility MecHdyne for detecting the vulnerable endpoint – has not yet responded to the researcher AMZETTA – September 3, 2021 released the repair program Nomachine – October 21, 2021 Repair