Microsoft

OneDrive Vulnerability Dispute: Bitdefender Warns, Microsoft Not

The IT security company Bitdefender is currently warning of a malware campaign with which fraudsters are trying to mine cryptocurrencies via a network of hacked PCs. The perfidious thing about it is the security gap – because it is in OneDrive, but Microsoft is not taking action.

Bitdefender had already discovered around 700 attacked Microsoft OneDrive instances in May of this year. A dynamic link library (DLL) sideloading vulnerability in Microsoft OneDrive is exploited. The security company handled this discovery in the familiar manner: They contacted Microsoft, explained their findings and assumed that Microsoft would issue a security update and a warning. But none of that has happened so far.

“Microsoft does not interpret sideloading via a dynamic link library as a security vulnerability,” writes Bitdefender now in the vulnerability disclosure and explained what is behind the discovery and Microsoft’s response.

Performance Affected

First of all, there is an active wave of attacks via the DLL vulnerability in OneDrive. Germany is among the more severely affected countries. The sideloading vulnerability is currently being used to perform crypto mining using the hacked resources. Victims of the hack notice losses in the performance of the systems. However, the vulnerability is also suitable for ransomware attacks or for infection with spyware.

Take Precautionary Measures

Microsoft currently sees no need for action. Cybercriminals exploit a regular feature of the database, so a software update would not be effective. Instead, Microsoft suggests precautionary measures. Users can install Microsoft OneDrive either “per user” or “per machine”. The default is the installation “per user”. In this configuration, users without special privileges can write to the folder in which OneDrive is located.

Hackers can place malicious malware here, modify or completely overwrite executable files. Microsoft, therefore, recommends installing the OneDrive “per machine”. Instructions on how to do this can be found at: https://learn.microsoft.com/en-us/onedrive/per-machine-installation, explains Bitdefender. However, the “per machine” installation is not suitable for everyone. Bitdefender, therefore, warns OneDrive users to be very careful: “Both the virus protection and the operating system used must always be updated.

Share
Published by
Research Snipers

Recent Posts

Samsung Galaxy Tab S12 Ultra Leak shows design of the high-end tablet

New render images provide a preview of the upcoming Samsung Galaxy Tab S12 Ultra. While…

23 hours ago

TSMC wants to remain No. 1 in chips: A14, A13, A12 nodes from 2028

Taiwan Semiconductor Manufacturing Company (TSMC) has once again provided an outlook on its plans for…

23 hours ago

Apple iPad Mini 8 with OLED screen probably coming in autumn

The iPad Mini could soon see notable innovations for the first time in years. According…

24 hours ago

Pixel 11 Pro Fold Leak: Expected function appears to be missing

A current leak shows Google's upcoming folding smartphone in a new color variant. In addition…

24 hours ago

Tesla to introduce a bike, but not in the way you might think

The car manufacturer Tesla has brought a new two-wheeler onto the market. However, this is…

24 hours ago

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

2 days ago