The CMMC Accreditation Body signs MOU with the U.S. Department of Defense

The CMMC-AB is pleased to announce that it has mutually signed the Memorandum of Understanding (MOU) with the Department of Defense.  We are working to make additional information available to the public in conjunction with our DoD partners, who are necessarily focused on the COVID-19 public crisis.

The CMMC-AB continues its collaboration with DoD and industry across multiple lines of effort related to implementing CMMC in support of current milestones.

We are grateful for the opportunity to establish and implement CMMC assessment, certification, training, and accreditation processes to help the Department achieve the goals of improving cybersecurity in the Defense Supply Chain.

-The Cybersecurity Maturity Model Certification Body

Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796) – Security Advisory

SUBJECT:

A Vulnerability in Microsoft Windows SMB Server Could Allow for Remote Code Execution (CVE-2020-0796)

 

OVERVIEW:

A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. Microsoft Server Message Block (SMB) is a network file sharing protocol that allows users or applications to request files and services over the network. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the account running the SMB server and client processes. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

THREAT INTELLIGENCE:

There are no reports of this vulnerability being exploited in the wild.

 

SYSTEMS AFFECTED:

  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)

 

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low

 

TECHNICAL SUMMARY:

A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. This vulnerability is due to an error in handling maliciously crafted compressed data packets within version 3.1.1 of Server Message Blocks. To exploit this vulnerability, an attacker can send specially crafted compressed data packets to a target Microsoft Server Message Block 3.0 (SMBv3) server. Clients who connects to the malicious SMB server would then also be impacted. Microsoft Server Message Block (SMB) is a network file sharing protocol that allows users or applications to request files and services over the network. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the account running the SMB server and client processes. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

 

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Consider applying the workarounds provided by Microsoft until patches are released; The workaround does not mitigate attacks targetting SMB clients.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

 

REFERENCES:

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005

 

Tenable:

https://www.tenable.com/blog/cve-2020-0796-wormable-remote-code-execution-vulnerability-in-microsoft-server-message-block

 

CVE:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0796

Setting up the root account on Kali 2020

Starting with Kali 2020.1, there is no longer a superuser account and the default user is now a standard, non-privileged user.  In Kali Linux 2020.1, both the default username and password are “kali

 

If you would like to use root instead of the none superuser account kali, here are the instructions to do so:

Issue command “sudo su”

<Enter the password for kali user account>

Issue command “passwd root”

<Enter new password and retype that password>

At this point you can log-off and re log-in or you can just switch the user and log in as root.

 

Let me know if this helped you.

 

Kali 2020.1 Default Username & Password – kali kali

Starting with Kali 2020.1, there is no longer a superuser account and the default user is now a standard, non-privileged user. Until now, users have logged on to the system with the user “root” and the password “toor”. In Kali Linux 2020.1, both the default user and password will be “kali

 

username: kali

password: kali

kali linux invalid password root toor for version 2020.1

 

If you would like to use root instead here are the instructions to do so:

Issue command “sudo su”

<Enter the password for kali user account>

Issue command “passwd root”

<Enter new password and retype that password>

At this point you can log-off and re log-in or you can just switch the user and log in as root.

 

Let me know if this helped you.

 

 

Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)

Vulnerability: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)

Severity: High

Location: 623/TCP & 16992/TCP

Summary: Multiple potential security vulnerabilities in Intel Active Management Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.
Vulnerability Detection Result

Installed version: 11.8.55.3510
Fixed version: 11.8.70
Installation
path / port:      /

Solution type: VendorFix  – Upgrade to version 11.8.70, 11.11.70, 11.22.70, 12.0.45 or later.

Affected Software/OS: Intel Active Management Technology 11.0 to 11.8.65, 11.10 to 11.11.65, 11.20 to 11.22.65 and 12.0 to 12.0.35.

Vulnerability Insight:

Intel Active Management Technology is prone to multiple vulnerabilities:

– Cross site scripting may allow a privileged user to potentially enable escalation of privilege via network access (CVE-2019-11132)

– Insufficient input validation may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access (CVE-2019-11088)

– Logic issue may allow an unauthenticated user to potentially enable escalation of privilege via network access (CVE-2019-11131)

– Insufficient input validation may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access (CVE-2019-0131)

– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via network access (CVE-2019-0166)

– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via physical access (CVE-2019-11100)

Vulnerability Detection Method:

Checks if a vulnerable version is present on the target host.

Details: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241) (OID: 1.3.6.1.4.1.25623.1.0.143286)

Version used: 2020-01-07T08:25:23+0000

References

CVE: CVE-2019-11132, CVE-2019-11088, CVE-2019-11131, CVE-2019-0131, CVE-2019-0166, CVE-2019-11100
CERT: CB-K19/0978, DFN-CERT-2019-2375
Other: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Cybersecurity Maturity Model Certification (CMMC) Levels

The CMMC model has five defined levels, each with a set of supporting practices and processes, illustrated in Figure 2.  Practices range from Level 1 (basic cyber hygiene) and to Level 5 (advance/progressive).  In parallel, processes range from being performed at Level 1, to being documented at Level 2, to being optimized across the organization at Level 5.  To meet a specific CMMC level, an organization must meet the practices and processes within that level and below.

Each of the levels is described in more detail below.

Level 1

CMMC Level 1 focuses on basic cyber hygiene and consists of the safeguarding requirements specified in 48 CFR 52.204-21.  The Level 1 practices establish a foundation for the higher levels of the model and must be completed by all certified organizations. Not every domain within CMMC has Level 1 practices. At both this level and Level 2, organizations may be provided with FCI. FCI is information not intended for public release. It is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government. FCI does not include information provided by the Government to the public. While practices are expected to be performed, process maturity is not addressed at CMMC Level 1, and therefore, a CMMC Level 1 organization may have limited or inconsistent cybersecurity maturity processes.

Level 2

CMMC Level 2 focuses on intermediate cyber hygiene, creating a maturity-based progression for organizations to step from Level 1 to 3.  This more advanced set of practices gives the organization greater ability to both protect and sustain their assets against more cyber threats compared to Level 1.  CMMC Level 2 also introduces the process maturity dimension of the model. At CMMC Level 2, an organization is expected to establish and document standard operating procedures, policies, and strategic plans to guide the implementation of their cybersecurity program.

Level 3 

An organization assessed at CMMC Level 3 will have demonstrated good cyber hygiene and effective implementation of controls that meet the security requirements of NIST SP 800-171 Rev 1. Organizations that require access to CUI and/or generate CUI should achieve CMMC Level 3.  CMMC Level 3 indicates a basic ability to protect and sustain an organization’s assets and CUI; however, at CMMC Level 3, organizations will have challenges defending against advanced persistent threats (APTs).  Note that organizations subject to DFARS clause 252.204-7012 will have to meet additional requirements such as incident reporting.  For process maturity, a CMMC Level 3 organization is expected to adequately resource activities and review adherence to policy and procedures, demonstrating management of practice implementation.

Level 4

At CMMC Level 4, an organization has a substantial and proactive cybersecurity program.  The organization has the capability to adapt their protection and sustainment activities to address the changing tactics, techniques, and procedures (TTPs) in use by APTs. For process maturity, a CMMC Level 4 organization is expected to review and document activities for effectiveness and inform high-level management of any issues.

Level 5

At CMMC Level 5, an organization has an advanced or progressive cybersecurity program with a demonstrated ability to optimize their cybersecurity capabilities.  The organization has the capability to optimize their cybersecurity capabilities in an effort to repel APTs. For process maturity, a CMMC Level 5 organization is expected to ensure that process implementation has been standardized across the organization.