The DWM crash is triggered by a bug in the Microsoft DirectX Video Memory Management components, according to a recent report by Microsoft Support, and has no relation to hardware.

Desktop Windows Manager, first introduced in Windows Vista, controls how every application displays pixels on the screen. A document in the Microsoft’s website explains that when DWM is enabled, individual windows no longer draw directly to the screen or primary display devices, like it was in earlier Windows versions. Instead of that, DWM allows for their drawing to be redirected to off-screen memory surfaces in video memory, which later become desktop images that are shown on the monitor.

To put it in a simple language, the Desktop Windows Manager function takes care of the creation of visual effects connected to computing operations, as well as displaying high resolution such as 4K.

DWM crashes can have various consequences, from mild ones to quite irritating ones, according to representatives of multiple online communities. Some users report that after a DWM crash, their screen icons get rearranged and resized. Other users report that they cannot activate Windows Aero themes and, in some cases, a black screen is all that is displayed, the fix of which is only a force restart of the system. In a demonstration of two scenarios, Windows explains that the DWM bug can appear only if a number of specific conditions are met.

In the first scenario you can trigger the DWM issue if:

• You attach an HDMI display to a Windows 10 laptop.
• The display requires a 4K resolution to function.
• You repeatedly play a 4 K H264 video on the computer.
• You open the Advanced settings screen of the Power Options in the Control Panel and set the laptop screen close action as “Do nothing”.

In the second scenario, a DWM issue may appear if:

• You attach a Thunderbolt 3 docking station with two 4K displays
• You attach a laptop to the docking station which has a 4K resolution monitor and then set the 3-fold 4K display configuration in either “clone” or “extend” mode.
• You undock and redock the laptop repeatedly
  

Windows actively seeks to address the DirectX issue and to come up with a solution. However, the company has not specified when that will happen.

The Taiwanese supplier of IP cameras and video surveillance systems, GeoVision, has recently fixed three of its four main faults related to its card and fingerprint scanners. The detected flaws could theoretically allow attackers to hijack network traffic and perform man-in-the-middle attacks on their scanners.

The bugs were found by enterprise security firm Acronis last year during a regular safety audit at a large retailer in Singapore. According to Acronis’s report that has been shared with The Hacker News,  malicious actors can establish persistence on the network and spy on internal users or collect information without ever being identified.  “They can reuse your fingerprint data to enter your home and/or personal devices, and photos can be easily reused by malicious actors to perpetrate identity theft based on biometric data”, the company explained.

Out of thousands of devices that may be remotely hacked, the detected vulnerabilities impact at least six separate device families, with more than 2,500 vulnerable devices found online across Brazil, United States, Germany, Taiwan and Japan.

The first critical bug involves a previously undocumented root password which enables a system attacker to access the device through a backdoor using the default password (“admin”) and login to the compromised device remotely.  

The second critical bug concerns the usage of hardcoded shared cryptographic private keys for SSH authentication.

The third vulnerability allows the attackers to access system logs on the device without the need for authentication.

The last vulnerability has a CVSS ranking of 10, which makes it a critical bug. It is related to a buffer overflow flaw in the firmware that affects the fingerprint readers from GeoVision. This flaw basically enables attackers to execute unauthorized code on the devices. What is more disturbing is that no authentication is required beforehand.

Acronis have contacted SingCERT with their findings, as well as GeoVision in August last year and then again in September and December. Yet, GeoVision issued fixes to three of the faults (version 1.22) earlier this month, leaving the fourth critical vulnerability unpatched.

Taiwan’s Computer Emergency Response Team (TWCERT) also recognized the bugs and released three bug advisories — CVE-2020-3928, CVE-2020-3929, and CVE-2020-3930. TWCERT verified the firmware corrections and the availability of the latest update.

The fourth critical bug which has so far remained unpatched represents a serious risk to security because it may allow attackers to make use of a weak parameter to overwrite the memory  management responsible structures.

According to Acronis’s CISO Kevin Reed and Security Researcher Alex Koshelev, the attacker is free to install its malicious code in the firmware as soon as it gains full access to the device. After that happens, evicting him from the network is virtually impossible.

They also commented that it’s pretty surprising for certain companies not to hurry to patch crucial flaws. The presence of backdoors is also concerning in addition to the poor quality of the original source code. This demonstrates that IoT protection is unreliable, so each organization has to realize that utilizing such devices can lead them to long-term unpredictable risks.

Sony encourages everyone to find glitches on the PlayStation platform for cash bonuses of up to $50,000.

The company has actually been running a bug bounty program operated privately by selected researchers from some time. However, in a blog post from last week, Geoff Norton, the senior director of software engineering of Sony, announced that the bug bounty platform is now accessible to everyone, including  security researchers, gamers and everyone else.  

Sony has partnered with HackerOne, a company in the Silicon Valley that manages such bug fixing programs, to facilitate the move. The company invites users and testers to check the PlayStation 4 gaming console and the PlayStation Network digital media entertainment service. Based on the seriousness and accuracy of the detected issues, the bug bounty program offers many cash benefits. Payouts start at $100, with more lucrative payouts of $400, $1 000, and $3 000, for a high-ranking bugs found on the PlayStation Network. The higher payouts for the most serious vulnerabilities can reach up to $50,000.

Data posted on HackerOne’s website reveals that before its official launch, the bug bounty program has so far paid out  $173,900 to researchers who have reported different vulnerabilities. The awards, however, are paid out only to the first researcher to report a flaw that has not been previously reported, HackerOne explains.

Sony seeks to create a safer place to play

In his post, Norton wrote that the company believes that they will create a better and safer place to play thanks to the partnership with the security research community. He also added that, Sony is pleased to launch its public PlayStation bug bounty program because the security of their products is an important part of providing amazing experiences for their community.

Bug bounty programs, which operate to lift up digital security and fix flaws, are popular among technology firms. Earlier this year, Google announced that in 2019 it charged a total of $6.5 million to researchers who discovered crucial flaws in its apps, , with the largest reward worth a remarkable $201,000.

Do you want to participate in Sony’s bug bounty program? Check out the details on the HackerOne’s page.

Reason Labs researchers, the cybersecurity threat research team of Reason Cybersecurity, have recently announced details of a vulnerability that they have found in Windows’ Facebook Messenger app.

According to the disclosed information, a flaw in version 460.16 of Messenger could allow attackers to use the App to potentially execute malicious files on the devices that are already compromised in order to help malware to easily access them. The researchers shared that, the vulnerable Messenger version initiates a call from the C:\python27 route to load Windows Powershell. This path is usually created when Python version 2.7 is installed and is not available in most installations of Windows.

Such calls that seek to load potentially non-existent resources can easily be hijacked by malicious actors and used to covertly execute malware. In addition to that, given the low integrity position of this target directory, malicious programs could access the path without the need to gain administrator privileges.In order to test the possibility for exploitation, the Reason Labs research team set up and deployed a reverse shell in the Python directory, disguised as Powershell.exe. Then, they started the Messenger app, which activated the call and executed the reverse shell successfully, showing that malicious actors can take advantage of the vulnerability for persistent attacks.

Commonly, attackers that use persistence methods typically rely on registry keys, scheduled tasks and services to keep their device access active. This particular weakness, however, is known to be more difficult to exploit. The malicious actors need to carefully observe whether an application makes an unwanted call or they need to reach deep into the binary code of an application to find a function that makes an unwanted call.

In April, Reason Labs shared its findings with Facebook, which promptly fixed the flaw with the release of an update for Facebook Messenger for Windows users through the Microsoft store. In the most recent version which Reason’s team tested, namely Messenger 480.5, the vulnerability was patched. Users running the version with the flaw or older one are advised to quickly upgrade to the latest version to prevent potential exploitation of the vulnerability.

So far, there are no indications that the Messenger vulnerability has been exploited prior to the discovery of Reason Labs. Still, a weakness of this type in an app with more than 1.3 billion of active users a month such as Facebook Messenger could have had enormous reflection, had it been exploited. More so now when the current pandemic of coronavirus has brought a lot of restrictions on travel, lock-out and forced work-from -home arrangements where users rely heavily on online communication and collaboration through message applications and video conferencing devices.

In general, the existence of such flaws is extremely dangerous. Attackers can use these flaws to maintain long-term access to devices. Such continuous access may allow for other hacks, including implantation of ransomware, data theft, espionage and online frauds of different kinds. Organized cybercriminal groups often use persistent methods to carry out sophisticated hacks on financial institutions, government departments and other industrial installations.