Defenders urged to rapidly patch vulnerability in popular open-source software
HONG KONG SAR – Media OutReach – 7 February 2022 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today confirmed its commitment to making the digital world safer by revealing the instrumental role its Zero Day Initiative (ZDI)* played in finding and reporting a critical vulnerability in the file sharing protocol Samba.
To find out more about the Samba flaw and how to mitigate its impact, please visit our blog here and technical support alert here.
“This latest vulnerability disclosure comes on the heels of the recent Log4j vulnerability and highlights the challenges many global security teams have in mitigating risk across a multitude of applications and open source software,” said Jon Clay, vice president of threat intelligence at Trend Micro. “The good news is this was found during our Pwn2Own event, which means we had an opportunity to work with the developers to responsibly patch and disclose the vulnerabilities. So far, we have not heard of any in-the-wild attacks occurring.”
Trend Micro’s Pwn2Own events run regularly around the world, challenging contestants to find new vulnerabilities and exploits in widely used software and systems. They are part of a company-wide effort to enhance cybersecurity for customers and the entire online community through the ZDI and Trend Micro’s own global threat intelligence team of thousands of researchers.
These efforts are increasingly important as organizations continue to digitally transform, expanding their attack surface and reliance on software – particularly open source components.
The vulnerability in question, CVE-2021-44142, was given a CVSS score of 9.9, illustrating its potentially critical impact on affected organizations. If exploited, the out-of-bounds heap read write bug could allow remote attackers to execute arbitrary code as root.
While no exploits of this vulnerability have been seen in the wild, the window in which affected organizations must patch critical new vulnerabilities before threat actors start exploiting them is increasingly short.
Trend Micro therefore calls on all organizations to patch CVE-2021-44142 or update to the latest Samba version as a matter of urgency.
* The vulnerability was originally disclosed at Pwn2Own Austin 2021 by Nguyen Hoang Thach and Billy Jheng Bing-Jhong of STAR Labs. Lucas Leong of Trend Micro’s ZDI discovered additional variants which were disclosed to Samba as part of this fix. The original issue was also independently found by Orange Tsai of DEVCORE. The ZDI is the world’s largest vendor-agnostic bug bounty program. Since 2005, it has been making software safer by incentivizing researchers to find and responsibly disclose vulnerabilities to vendors.
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. 
www.trendmicro.com.hk
#TrendMicro
Services
Stakeholder mapping, analysis, engagement and communication needs to be detailed to avoid business losses or even worse, a crisis. How can you do this effectively to prevent failure? ...
Data-driven business decisions have never been as crucial, especially in this era. MGBF leverages off, technology, experience and market presence to aid businesses in making accurate decisions. ...
MGBF provides comprehensive strategic advice and results-focused solutions to solve clients' problems in business-government relations so they can focus on their core business. ...
A critical business challenge is meeting the right decision-makers and potential buyers through the best channel and platform. How will you improve your business competency? ...
Upcoming Events
The threat matrix has evolved to include information warfare, cyberspace incursions, big data and behavioural communications. Business leaders need to be aware of these threats to survive. What are you doing as a key stakeholder?
Companies can now live or die based on their ability to generate and manage data. Effectively managing existential challenges is the opportunity that business leaders need to grasp for a sustainable future. Calling for speakers!
Corporations and their leadership often face weaponised information attacks in the media. Understanding these advanced business threats is crucial. Recently completed. View proceedings online.
Special session: Cyberwarfare Waged on the Corporate Sector - Lessons from the Russia-Ukraine Crisis. Corporations are in a digital arms race that many don't realise. How does this relate to your organisation?
MGBF In The News
We live in the age of crisis. At the heart of any crisis is the threat of rapid change. Change too deep or too wide that the current coping mechanisms for an individual, corporation or government are unable to remain resilient. An unwelcome paradigm shift, like the proverbial spider, that […]
The Malaysia Global Business Forum (MGBF) has released a report following the roundtable on ‘Digital Resilience in the Corporate Sector’, which was recently held in Kuala Lumpur. In attendance as guest of honour was Deputy Minister of Communications and Multimedia, Datuk Zahidi Zainul Abidin. The report recommended several critical development […]
Trade and investment delegations will trickle back over the next few months, but the second half of the year should see considerable return of business travellers. It was learnt that over 50 per cent of international business chambers and industry associations surveyed will consider sending exploratory teams to Malaysia during […]
KUALA LUMPUR, 30 March 2022 – The Malaysia Global Business Forum (MGBF)’s exclusive roundtable on ‘Digital Resilience in the Corporate Sector’ was held in a hybrid setting yesterday at the Element by Westin Kuala Lumpur. The discussion focused on what business leaders need to understand, to ensure business resilience and […]
The Malaysia Global Business Forum (MGBF)’s exclusive roundtable on ‘Addressing Weaponised Information in the Media’ was held in a hybrid setting today at the Hilton Kuala Lumpur. The discussion focused on addressing one of the most relevant threats to businesses in the digital economy – cyber threats causing physical and […]
The current floods that have impacted various parts of the country have given rise to an extensive commentary on the response cycles of various stakeholders. It has in turn led to continued crisis communications and statements in the media by agencies and ministries alike. This binary approach to the discussion […]
The formation of a special Cabinet committee to develop strategic measures to safeguard the economy amid the Covid-19 outbreak shows the Malaysian government is serious about creating a balance between the continued safety of the general population and the survival of the economy. In the global context, as many countries […]
Innovation, coupled with a radical departure from contemporary thinking, is required with a possible reality of a prolonged crisis becoming the new reality that people and companies must function through. Malaysia Global Business Forum founding chairman Nordin Abdullah said innovation and resilience from all stakeholders will be required to shape […]
The recent announcement that a committee jointly chaired by senior ministers in charge of security and economy clusters respectively demonstrates that the Malaysian government is serious about creating a balance between continued safety of the general population and the survival of the economy. In the global context, as many countries […]
Innovation, coupled with a radical departure from contemporary thinking, is required with a possible reality of a prolonged crisis becoming the new reality that people and companies must function through. Malaysia Global Business Forum founding chairman Nordin Abdullah said innovation and resilience from all stakeholders will be required to […]
Innovation, coupled with a radical departure from contemporary thinking, is required with a possible reality of a prolonged crisis becoming the new reality that people and companies must function through. Malaysia Global Business Forum founding chairman Nordin Abdullah said innovation and resilience from all stakeholders will be required to […]
The announcement that a committee jointly chaired by senior ministers in charge of security and economy clusters demonstrates that the government is serious about creating a balance between the safety of the population and the survival of the economy. In the global context, as many countries struggle to deal […]
THE Covid-19 outbreak has exposed the citizens of most countries to a dangerous virus. But perhaps more importantly, it has exposed the weaknesses in supply chains of nations.The government should be commended for setting up a task force to maintain critical supply chains as it’s an excellent step to ensure […]
In the last few days, the Movement Control Order (MCO) has awoken many to the fact that supply chains that we assume work without question have now become highly critical.The establishment of a special task force to maintain critical supply chains by the current government is an excellent step to […]
by Gunaprasath Bupalan (YouTube – Emjay Communications, The Malaysia Global Business Forum, News Hub Asia, Property360Digest) The CEO Series 2019 by REHDA Institute is more than a developer’s driven event; it is about the strategy made real, where property and its ancillary businesses will provide balance in social, economic and […]
I am the Managing Director of Lynas Malaysia and I’m writing to you on behalf of our employees and contractors and their families. In recent weeks you may have seen a campaign of false information by anti-Lynas activists. We have always welcomed informed debate, however, the spreading of false allegations […]
I am the Managing Director of Lynas Malaysia and I’m writing to you on behalf of our employees and contractors and their families. In recent weeks you may have seen a campaign of false information by anti-Lynas activists. We have always welcomed informed debate, however, the spreading of false allegations […]
I am the Managing Director of Lynas Malaysia and I’m writing to you on behalf of our employees and contractors and their families. In recent weeks you may have seen a campaign of false information by anti-Lynas activists. We have always welcomed informed debate, however, the spreading of false allegations […]
SALAM sejahtera, I am the managing director of Lynas Malaysia and I’m writing to you on behalf of our employees, contractors and their families. In recent weeks, you may have seen a campaign of false information by anti-Lynas activists. We have always welcomed informed debates; however, the spreading of false allegations and […]
KUALA LUMPUR • Malaysia could attract investments of up to RM100 billion (S$33 billion) in the rare earth sector over the next 10 years, once the government makes clear how it intends to regulate the industry. Speaking at the Malaysia Global Business Forum yesterday, Entrepreneurial Development Minister Mohd Redzuan Md […]
