{"id":36785,"date":"2024-08-14T21:03:56","date_gmt":"2024-08-14T21:03:56","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=36785"},"modified":"2024-08-14T21:03:57","modified_gmt":"2024-08-14T21:03:57","slug":"microsoft-openvpn-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/","title":{"rendered":"Microsoft Discovers Critical OpenVPN Vulnerabilities"},"content":{"rendered":"\n<p>OpenVPN has long been a popular choice for creating secure point-to-point or site-to-site connections over the internet. Its open-source nature and robust encryption capabilities have made it a staple in many organizations&#8217; and individuals&#8217; security arsenals. However, a recent discovery by <a href=\"https:\/\/www.esecurityplanet.com\/trends\/crowdstrike-faulty-update-triggers-global-microsoft-outage\/\">Microsoft<\/a> researchers has unveiled a critical flaw in this widely trusted software.<\/p>\n\n\n\n<p>In March 2024, Microsoft reported the discovery to OpenVPN through <a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\/cvd?rtc=2\" target=\"_blank\" rel=\"noreferrer noopener\">Coordinated Vulnerability Disclosure (CVD)<\/a> via Microsoft Security Vulnerability Research (MSVR). Now, Microsoft researchers have uncovered multiple vulnerabilities within OpenVPN that could potentially be exploited to gain unauthorized access to systems. These vulnerabilities severely threaten the security of millions of users worldwide who rely on OpenVPN for their online privacy and data protection.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\">The Discovered Vulnerabilities<\/h2>\n\n\n\n<p>Microsoft&#8217;s research uncovered a series of critical vulnerabilities within OpenVPN. When exploited in combination, these flaws could grant attackers unfettered access to target systems.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Remote Code Execution (RCE):<\/strong> One of the most severe vulnerabilities discovered allows malicious actors to execute arbitrary code on a compromised system. This could enable them to install <a href=\"https:\/\/www.esecurityplanet.com\/threats\/malware\/\">malware<\/a>, steal data, or take complete control of the affected device.<\/li>\n\n\n\n<li><strong>Local Privilege Escalation (LPE):<\/strong> Another critical issue identified was a local privilege escalation vulnerability. While requiring initial access to a system, this flaw could be leveraged to elevate an attacker&#8217;s privileges, granting them extensive control over the machine.<\/li>\n<\/ul>\n\n\n\n<p><strong>Here are the four discovered vulnerabilities:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>CVE ID<\/th><th>OpenVPN component<\/th><th>Impact<\/th><th>Affected platform<\/th><\/tr><\/thead><tbody><tr><td>CVE-2024-1305<\/td><td>Windows TAP driver<\/td><td><a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-stop-ddos-attacks-tips-for-fighting-ddos-attacks\/\">Denial of service (DoS)<\/a>&nbsp;<\/td><td>Windows<\/td><\/tr><tr><td>CVE-2024-27459<\/td><td>openvpnserv<\/td><td>DoS, LPE<\/td><td>Windows<\/td><\/tr><tr><td>CVE-2024-24974<\/td><td>openvpnserv<\/td><td>Unauthorized access&nbsp;<\/td><td>Windows<\/td><\/tr><tr><td rowspan=\"2\">CVE-2024-27903<\/td><td rowspan=\"2\">openvpnserv<\/td><td>RCE<\/td><td>Windows<\/td><\/tr><tr><td>LPE, data manipulation<\/td><td>Android, iOS, macOS, BSD<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">1. CVE-2024-1305<\/h3>\n\n\n\n<p>Microsoft discovered a vulnerability in the &#8220;tap-windows6&#8221; project, which involves the development of the Terminal Access Point (TAP) adapter used by OpenVPN. The <em>device.c<\/em> file in the project&#8217;s <em>src<\/em> directory contains the code for the TAP device object and its initialization.<\/p>\n\n\n\n<p>In the <em>device.c<\/em> file, the <em>CreateTapDevice<\/em> method initializes a dispatch table object with callbacks for methods that manage various Input\/Output Controls (IOCTLs) for the device. One of these methods is <em>TapDeviceWrite<\/em>, which handles the write IOCTL.<\/p>\n\n\n\n<p>The <em>TapDeviceWrite<\/em> method performs several operations before ultimately calling <em>TapSharedSendPacket<\/em>. This method, in turn, invokes <em>NdisAllocateNetBufferAndNetBufferLists<\/em> twice. In one case, it calls this function with the <em>fullLength<\/em> parameter.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">2. CVE-2024-27459<\/h3>\n\n\n\n<p>The second vulnerability Microsoft discovered is in the communication mechanism between the <em>openvpn.exe<\/em> process and the <em>openvpnserv.exe<\/em> service \u2014 these components communicate through a named pipe.<\/p>\n\n\n\n<p>The <em>openvpnserv.exe<\/em> service continuously reads the message size from the <em>openvpn.exe<\/em> process in an infinite loop and processes the received message by calling the <em>HandleMessage<\/em> method. The <em>HandleMessage<\/em> method retrieves the size from the infinite loop and then casts the read bytes to the appropriate type based on this size.<\/p>\n\n\n\n<p>This communication mechanism is flawed because reading a user-specified number of bytes into an n-byte structure on the stack can result in a stack overflow <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-what-it-is-and-how-to-do-it-right\/\">vulnerability<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">3. CVE-2024-24974<\/h3>\n\n\n\n<p>The third vulnerability involves unauthorized access to an operating system resource. The <em>openvpnserv.exe <\/em>service creates a new openvpn.exe process in response to user requests it receives via the <em>\\\\openvpn\\\\service<\/em> named pipe. This vulnerability allows <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/secure-remote-access\/\">remote access<\/a> to the named service pipe, allowing an attacker to interact with and execute operations on the service remotely.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. CVE-2024-27903<\/h3>\n\n\n\n<p>Finally, Microsoft discovered a vulnerability in OpenVPN\u2019s plugin mechanism that allows plugins to be loaded from various paths on an endpoint device. Attackers can exploit this behavior to load <a href=\"https:\/\/www.esecurityplanet.com\/trends\/wordpress-plugins-security-issues\/\">malicious plugins<\/a> from these different locations.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\">How Attackers Can Exploit These Vulnerabilities<\/h2>\n\n\n\n<p>Microsoft stated that attackers could exploit at least three of the four discovered vulnerabilities to achieve RCE and LPE. These vulnerabilities can be combined to create a potent attack chain.<\/p>\n\n\n\n<p>However, several adjustments are necessary to exploit the full attack chain. Specifically, the malicious payloads designed to crash <em>openvpnserv.exe<\/em> and those that simulate <em>openvpnserv.exe<\/em> behavior after the crash must be loaded using the malicious plugin.<\/p>\n\n\n\n<p>Once LPE is achieved, attackers might use techniques such as Bring Your Own Vulnerable Driver (BYOVD) or exploit other known vulnerabilities to gain more control over the <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">endpoint<\/a>. This could involve disabling Protect Process Light (PPL) for critical processes like Microsoft Defender or bypassing and interfering with other essential system processes. Such actions enable attackers to evade security measures, manipulate core system functions, and solidify their control while remaining undetected.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Potential Impact<\/h3>\n\n\n\n<p>Successful exploitation of these vulnerabilities could lead to catastrophic data breaches. Sensitive personal information, financial data, and corporate secrets could fall into the wrong hands, resulting in identity theft, financial fraud, and reputational damage.<\/p>\n\n\n\n<p>Also, the aftermath of a data breach can be financially devastating. Organizations may face hefty costs associated with incident response, legal fees, and remediation efforts. Individuals might face costs for identity theft recovery and credit monitoring.<\/p>\n\n\n\n<p>Beyond <a href=\"https:\/\/www.esecurityplanet.com\/networks\/data-loss-prevention-best-practices\/\">data loss<\/a>, attackers can gain complete control over compromised systems, allowing them to install <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\">ransomware<\/a>, disrupt operations, or use the system as a launching pad for further attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\">The Patch<\/h2>\n\n\n\n<p>In response to the critical vulnerabilities discovered, OpenVPN swiftly released a <a href=\"https:\/\/forums-new.openvpn.net\/forum\/announcements\/69-release-openvpn-version-2-6-10.\" target=\"_blank\" rel=\"noreferrer noopener\">patch<\/a> to address these security flaws. OpenVPN versions earlier than 2.5.10 and 2.6.10 are susceptible to known vulnerabilities. Check if you&#8217;re running an affected version, and if so, promptly apply the necessary patch available for OpenVPN 2.6.10.<\/p>\n\n\n\n<p>To further minimize the risk of exploitation, consider these additional steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure that all devices in your network are updated with the latest patches from the OpenVPN website.<\/li>\n\n\n\n<li>Disconnect OpenVPN clients from the internet and keep them on a separate network segment.<\/li>\n\n\n\n<li>Restrict access to OpenVPN clients to authorized users only.<\/li>\n<\/ul>\n\n\n\n<p>You can further reduce risks by enforcing proper <a href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-vlan\/\">network segmentation<\/a>, requiring <a href=\"https:\/\/www.esecurityplanet.com\/trends\/passwordless-authentication-101\/\">strong usernames and passwords<\/a>, and limiting the number of users with write access.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\">Importance of Endpoint Security in Private &amp; Enterprise Sectors<\/h2>\n\n\n\n<p>Given OpenVPN&#8217;s widespread use across different vendors, industries, and sectors, the vulnerabilities identified can affect various devices and environments, making <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-management\/\">vulnerability management<\/a> hard. Exploiting these vulnerabilities demands user authentication, a thorough understanding of OpenVPN\u2019s internal mechanisms, and intermediate OS knowledge. However, successful exploitation could have severe consequences for both private and enterprise endpoints.<\/p>\n\n\n\n<p>An attacker could use a vulnerable version of OpenVPN to execute a multi-stage attack on a device, potentially gaining complete control over it. This level of control could lead to the theft of sensitive data, data tampering, or even the destruction of critical information, posing significant risks to both personal and business environments.<\/p>\n\n\n\n<p>Discovering these vulnerabilities highlights the crucial need for responsible disclosure and the importance of securing enterprise and endpoint systems. It also underscores the collective efforts required from the security community to safeguard devices across diverse platforms and enhance protections for everyone.<\/p>\n\n\n\n<p><strong>Learn how you can integrate your endpoint security with <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-network-security\/\">network security solutions<\/a> to improve protection and provide unified administration for full coverage against multiple threats.<\/strong><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6df8fa75bc-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6df8fa75bc\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6df8fa75bc\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6df8fa75bc\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6df8fa75bc\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6df8fa75bc\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6df8fa75bc\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft discovers critical OpenVPN vulnerabilities, including RCE and LPE flaws. Immediate patch required to protect systems from attacks.<\/p>\n","protected":false},"author":286,"featured_media":36786,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[16],"tags":[],"b2b_audience":[],"b2b_industry":[],"b2b_product":[],"class_list":["post-36785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trends"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft Discovers Critical OpenVPN Vulnerabilities<\/title>\n<meta name=\"description\" content=\"Microsoft discovers critical OpenVPN vulnerabilities, including RCE and LPE flaws. Immediate patch required to protect systems from attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Discovers Critical OpenVPN Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"Microsoft discovers critical OpenVPN vulnerabilities, including RCE and LPE flaws. Immediate patch required to protect systems from attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-14T21:03:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-14T21:03:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sunny Yadav\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sunny Yadav\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/\"},\"author\":{\"name\":\"Sunny Yadav\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/e0a1187060905629a5334c30c87841df\"},\"headline\":\"Microsoft Discovers Critical OpenVPN Vulnerabilities\",\"datePublished\":\"2024-08-14T21:03:56+00:00\",\"dateModified\":\"2024-08-14T21:03:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/\"},\"wordCount\":1139,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png\",\"articleSection\":[\"Trends\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/\",\"name\":\"Microsoft Discovers Critical OpenVPN Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png\",\"datePublished\":\"2024-08-14T21:03:56+00:00\",\"dateModified\":\"2024-08-14T21:03:57+00:00\",\"description\":\"Microsoft discovers critical OpenVPN vulnerabilities, including RCE and LPE flaws. Immediate patch required to protect systems from attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png\",\"width\":1400,\"height\":900,\"caption\":\"Image: Natalia\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Discovers Critical OpenVPN Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/e0a1187060905629a5334c30c87841df\",\"name\":\"Sunny Yadav\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/06\/Sunny_Photo-150x150.jpeg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/06\/Sunny_Photo-150x150.jpeg\",\"caption\":\"Sunny Yadav\"},\"description\":\"Sunny is a contributing writer for eSecurity Planet with a bachelor's degree in technology and years of experience writing for reputed cybersecurity publications. He mostly writes about cyberattacks, cryptography, data protection, and threats and vulnerabilities. Sunny also covers security policies and governance along with endpoint and mobile security. When he's not burning the midnight oil, you can find Sunny cleaning his house, shopping for things he doesn't need, or harassing his friends to read The Wheel of Time.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/sunny-yadav\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Discovers Critical OpenVPN Vulnerabilities","description":"Microsoft discovers critical OpenVPN vulnerabilities, including RCE and LPE flaws. Immediate patch required to protect systems from attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Discovers Critical OpenVPN Vulnerabilities","og_description":"Microsoft discovers critical OpenVPN vulnerabilities, including RCE and LPE flaws. Immediate patch required to protect systems from attacks.","og_url":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/","og_site_name":"eSecurity Planet","article_published_time":"2024-08-14T21:03:56+00:00","article_modified_time":"2024-08-14T21:03:57+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png","type":"image\/png"}],"author":"Sunny Yadav","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Sunny Yadav","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/"},"author":{"name":"Sunny Yadav","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/e0a1187060905629a5334c30c87841df"},"headline":"Microsoft Discovers Critical OpenVPN Vulnerabilities","datePublished":"2024-08-14T21:03:56+00:00","dateModified":"2024-08-14T21:03:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/"},"wordCount":1139,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png","articleSection":["Trends"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/","url":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/","name":"Microsoft Discovers Critical OpenVPN Vulnerabilities","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png","datePublished":"2024-08-14T21:03:56+00:00","dateModified":"2024-08-14T21:03:57+00:00","description":"Microsoft discovers critical OpenVPN vulnerabilities, including RCE and LPE flaws. Immediate patch required to protect systems from attacks.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/08\/esp_20240814-microsoft-openvpn-vulnerabilities.png","width":1400,"height":900,"caption":"Image: Natalia\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/trends\/microsoft-openvpn-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Microsoft Discovers Critical OpenVPN Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/e0a1187060905629a5334c30c87841df","name":"Sunny Yadav","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/06\/Sunny_Photo-150x150.jpeg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/06\/Sunny_Photo-150x150.jpeg","caption":"Sunny Yadav"},"description":"Sunny is a contributing writer for eSecurity Planet with a bachelor's degree in technology and years of experience writing for reputed cybersecurity publications. He mostly writes about cyberattacks, cryptography, data protection, and threats and vulnerabilities. Sunny also covers security policies and governance along with endpoint and mobile security. When he's not burning the midnight oil, you can find Sunny cleaning his house, shopping for things he doesn't need, or harassing his friends to read The Wheel of Time.","url":"https:\/\/www.esecurityplanet.com\/author\/sunny-yadav\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/36785"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/286"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=36785"}],"version-history":[{"count":1,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/36785\/revisions"}],"predecessor-version":[{"id":36787,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/36785\/revisions\/36787"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/36786"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=36785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=36785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=36785"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=36785"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=36785"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=36785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}