Skip to main content
Monthly Archives

October 2021

Watch the October Linux Webcast 2021

By VideoNo Comments

Watch the Webcast: October Linux Patching 2021

Watch this month's webcast to hear IT industry experts discuss strategies for tackling the biggest Linux updates.

View the Webcast

What You Need to Know: Linux Patching October 2021

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: October 25, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: October 25, 2021

See this week's top Linux issues and keep your IT environment protected from the latest October Linux vulnerabilities.

1. Buffer overflow in Golang (<1.16.9)

Severity: Critical         CVSS Score: 9.8

This is a validation flaw in Golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-38297

2. A buffer overflow in Ncurses (through v6.2-1)

Severity: Important    CVSS Score: 8.8

This is a heap-based buffer overflow in  _nc_captoinfo in captoinfo.c.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though it requires user interaction, it can be exposed over any network, with low complexity, and no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39537

3. Integer overflow in strongSwan (< 5.9.4 )

Severity: Important   CVSS Score: 7.5

The is a remote integer overflow in the in-memory certificate cache in strongSwan. The overflow happens upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries.

The attempts of code to select a less-often-used cache entry by generating random numbers don’t give results. Remote code execution might be a slight possibility.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41991

4. OpenJDK vulnerability affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 6.8

This is an easily exploitable flaw that allows a low-privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. To be successful, attacks require human interaction from a person other than the attacker.

While the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products and lead to unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as though this requires some privileges and user interaction to be exploited, it can be exposed over any network, with a low complexity attack. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-35567

5. Memory disclosure in PostgreSQL

Severity: Medium       CVSS Score: 6.5

This is a flaw in PostgreSQL. Using an INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although an attacker requires some privileges to exploit it, this can be exposed over any network, with a low complexity attack, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32028

Join Our October Linux Webcast

Explore the latest Linux updates for October 2021. We discuss the most urgent patches and priorities for the month.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: October 18, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: October 18, 2021

See this week's top Linux issues and keep your IT environment protected from the latest October Linux vulnerabilities.

1. Apache HTTP server vulnerability

Severity: Critical         CVSS Score: 9.8

This is a path transversal and remote code execution flaw in Apache HTTP Server 2.4.49 and 2.4.50, which a remote attacker could use to map URLs to files outside the directories configured by Alias-like directives. This flaw could also leak the source of interpreted files like CGI scripts.

If files outside of the mentioned directories are not protected by the usual default configuration “require all denied”, the attacker’s requests can succeed. If CGI scripts are also enabled for these aliased paths, this could result in remote code execution.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42013

2. SVM nested virtualization issue in KVM in the Linux kernel (<5.14-rc7)

Severity: Important    CVSS Score: 8.8

This is a flaw in the KVM’s AMD code for supporting SVM nested virtualization. It occurs when processing the virtual machine control block provided by the L1 guest to spawn/handle a nested guest (L2).

Due to improper validation of the “int_ctl” field, a malicious L1 can enable Advanced Virtual Interrupt Controller support for the L2 guest. As a result, the L2 guest would be able to read/write physical pages of the host, leading to a crash of the entire system, leak of sensitive data, or potential guest-to-host escape.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device, it has low complexity, requires no privileges, and no user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-3653

3. A possible directory traversal in squashfs-tools affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 8.1

This is a directory traversal flaw in squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5. During extraction, a file can use a symbolic link, and a regular file with an identical name to escape the destination directory. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory.

The highest threat from this vulnerability is to integrity and system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although it requires user interaction, it can be exposed over any network, with an attack of low complexity and with no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41072

4. Possible data corruption or loss in the Linux kernel (< 5.13.4)

Severity: Important    CVSS Score: 7.8

In drivers/char/virtio_console.c in the Linux kernel, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device, it can be exposed with a low complexity attack, with low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-38160

5. Insufficiently restricted permissions in Containerd (< 1.4.11)

Severity: Important    CVSS Score: 7.8

It is a flaw in Containerd where container root directories and some plugins had insufficiently restricted permissions. Unprivileged Linux users can exploit this vulnerability to traverse directory contents and execute programs.

This vulnerability has been fixed in Containerd 1.4.11 and Containerd 1.5.7. Users should update to one of these versions when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device it can be exposed with a low complexity attack, with low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41103

Join Our October Linux Webcast

Explore the latest Linux updates for October 2021. We discuss the most urgent patches and priorities for the month.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Top 10 Most Exploited Vulnerabilities

By BlogNo Comments

Top 10 Most Exploited Vulnerabilities

CISA partnered with other national agencies to produce a list of the most exploited vulnerabilities. What's at the top of the charts?

Top of the Vulnerability Charts

Music services such as Spotify, iHeartRadio, and Apple Music often release top 10 lists of their most popular songs in various categories. Justin Bieber, Ed Sheeran, and The Weeknd are currently battling for top position in various charts.

But no one wants to be number on this chart: The US Cybersecurity and Infrastructure Security Agency’s (CISA) list of the most exploited vulnerabilities. CISA partnered with other national agencies to produce what could be considered a global alert of the worst vulnerabilities: the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) were all involved in the list’s compilation.

What made the list?

One item on the list of Common Vulnerabilities and Exposures (CVEs) dates back as far as 2017. Known by the catchy moniker CVE-2017-11882, it is caused by a stack buffer overflow in Microsoft Office. It can be used by malicious actors for remote code execution (RCE). The alert noted that such vulnerabilities represented easy targets for cybercriminals if they remain unpatched. They make the hacker’s job easy as they represent a well-travelled channel into the enterprise, and don’t require innovation on the part of the criminals.

It’s akin to a bank or casino having money in a consumer-level safe and having no armed guards around – there is no need for brilliant, if warped, minds to devise complex Mission Impossible-like schemes to breach the defenses to get at the loot.

Many of the CVEs concern the cloud, remote work, and VPNs. It turns out that VPNs suffered badly from attacks over the past year or so.

“Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options challenging the ability of organization to conduct rigorous patch management,” said the alert.

Golden Oldies

The latest vulnerability chart topper may grab a lot of attention. But like music lovers everywhere, hackers always return to the golden oldies – tried and true exploits that have been around for years that no one in IT has bothered to patch

As well as the Microsoft Office exploit noted above, other golden oldies on the list include:

  • CVE-2019-19781 about Citrix NetScaler from 2019 that has been used to compromise an Australian defense database.
  • CVE-2019-11510 relates to Pulse Secure Connect and can result in arbitrary file disclosure and leaks of admin credentials. This one has been used in attacks via VPNs and by nation-state actors.
  • CVE-2020-0688 for Microsoft Exchange dates back to early 2020 that left server data unencrypted and open to attack.
  • CVE-2020-15505 lets unprivileged attackers remotely execute code in MobileIron. It is almost a year old.
  • CVE-2019-3396 for Atlassian Confluence is another remote code execution bug reaching its one-year anniversary.

Other CVEs on the list come from vendors such as Fortinet, F5, Drupal, Telerik, Microsoft (SharePoint, Windows, and Netlogon), Accellion, and VMware. Some have the highest possible threat level yet remain unhandled and unpatched in many enterprises.

CISA Advice: Patch Your Systems

The advice from CISA is clear:

“Malicious cyber actors will most likely continue to use older known vulnerabilities, such as CVE-2017-11882 affecting Microsoft Office, as long as they remain effective and systems remain unpatched. Adversaries’ use of known vulnerabilities complicates attribution, reduces costs, and minimizes risk because they are not investing in developing a zero-day exploit for their exclusive use, which they risk losing if it becomes known.”

Later the security alert added:

“Cyber actors continue to exploit publicly known — and often dated — software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities … by applying the available patches to their systems and implementing a centralized patch management system.”

Syxsense simplifies and automates the task of patching systems. It enables the enterprise to rapidly deploy patches to safeguard their systems.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Are You Too Busy to Deploy Patches?

By BlogNo Comments

Are You Too Busy to Deploy Patches?

Why do so many security patches remain undeployed months, even years, after their publication? See what often holds IT departments back.

Why Patches are Left Undeployed

It can seem baffling how so many urgent security patches remain undeployed months, and sometimes years, after their publication. Even famously vicious vulnerabilities covered endlessly in the news media somehow fail to register in many IT departments as an item that should move to the top of the to-do list.

But a new study by HP Wolf Security has come up with one possible reason: With the pandemic forcing operations to be largely remote, there has been pressure to skip all the necessary security precautions to maintain operations and achieve business continuity.

In some scenarios, it makes sense. If tight security made it difficult for personnel to operate remotely, then in some cases, it may have been necessary to relax a few safeguards for the sake of productivity. But we have had 18 months to resolve such apparent conflicts.

Opening the Castle Gates

This could be likened to opening the castle gates during a time of war to let urgent food supplies inside to feed the starving populace. Necessary, yes. But if the barbarians suddenly attack, those gates should be firmly shut. Yet in the world of COVID-19, more than a few gates have been left unattended. Well-known vulnerabilities addressed by patches have been ignored in too many instances.

The HP Wolf study provided some interesting statistics:

  • 91% felt pressured to compromise security to maintain business continuity during the pandemic.
  • 83% said working from home has created a ticking time bomb for corporate security incidents with blurred lines between home and work life that made enforcement impossible.
  • 80% of IT teams experienced upset from home users concerning security policies.
  • 76% said security had taken a backseat.
  • 37% of office workers believe security policies are too restrictive.
  • 48% of younger workers (in the 18 to 24 bracket) feel that website restrictions or VPN requirements are a hindrance.
  • 54% of younger workers were more concerned with meeting deadlines than potential security breaches.
  • 39% of this group were either unsure of or unaware of existing security policies.
  • 31% of younger workers have attempted to circumvent security controls to manage their workloads.

Ransomware and Unpatched Systems are the Top Threats

The survey also highlighted that ransomware is regarded as the most immediate and most severe potential threat. With more people working at home, 84% felt it posed a high-level threat, just ahead of unpatched vulnerabilities at 83%. Next up were firmware attacks against laptops and PCs, data leakage, main in the middle attacks, IoT threats, and targeted attacks.

Syxsense may not be able to help an organization that has been locked out of its systems by a ransomware attack. But anyone suffering such an incident is confessing that they failed to take care of basic actions and implement security best practices in order to prevent attacks.

That’s exactly what Syxsense does —it lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features.

In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. It also incorporates vulnerability scanning to detect weaknesses that could lead to a ransomware attack if unmitigated.

Start Your Free Trial of Syxsense

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Watch the Webcast: October Patch Tuesday 2021

By Patch Tuesday, VideoNo Comments

Watch the Webcast: October Patch Tuesday 2021

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's Patch Tuesday updates.

Watch the October Patch Tuesday 2021 Webcast

Watch our webcast to hear industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: October Patch Tuesday 2021

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Top Linux Vulnerabilities for October 2021

By NewsNo Comments

Top Linux Vulnerabilities for October 2021

Explore the top Linux vulnerabilities for October 2021 and find out the best solution for managing these threats.

1. Missing input validation in domain names in Node.js

Severity: Critical         CVSS Score: 9.8

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22931

2. Missing request length checks in LibX11 affecting Red Hat Enterprise Linux 8

Severity: Critical    CVSS Score: 9.8

This is a missing validation flaw in libX11 before 1.7.1. The libX11 XLookupColor request (intended for server-side colour lookup) contains a flaw allowing a client to send colour-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets).

This flaw allows a remote attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31535

3. SM2 Decryption Buffer Overflow in OpenSSL

Severity: Critical    CVSS Score: 9.8

This is a miscalculation of buffer size in OpenSSL’s SM2 decryption function, allowing up to 62 arbitrary bytes to be written outside of the buffer.

This vulnerability allows a remote attacker to crash an application supporting SM2 signature or encryption algorithm, or, possibly, execute arbitrary code with the permissions of the user running that application.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3711

4. WebKitGTK vulnerability affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 8.8

This is a use-after-free issue in WebKitGTK. Processing maliciously crafted web content may lead to arbitrary code execution.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as though its exploitation requires user interaction, it can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-30858

5. Lack of certain index validation in GoGo Protobuf (< 1.3.2)

Severity: Important    CVSS Score: 8.6

This flaw allows a remote attacker to send crafted protobuf messages, causing a denial of service. The highest threat from this vulnerability is to availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3121

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

October Patch Tuesday 2021 Fixes 71 Flaws and Weaponized Threat

By Patch Management, Patch TuesdayNo Comments

October Patch Tuesday 2021 Fixes 71 Flaws and Weaponized Threat

October Patch Tuesday 2021 is officially here. See the latest Microsoft updates, vulnerabilities, and critical patches of the month.

Microsoft Releases October 2021 Patch Tuesday Fixes

There are 3 Critical, 67 Important and a single Low fix in this October Patch Tuesday. Fixes include Microsoft Windows and Windows components, Microsoft Edge, Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS, and the Windows 11 has its first every security patch.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month, with one currently Weaponized.

  1. Windows 7 – 19 Important vulnerabilities fixed
  2. Windows 2008 R2 – 20 Important vulnerabilities fixed

Robert Brown, Head of Customer Success for Syxsense said, “This may be the first time ever that Microsoft released updates for four end user based operating systems (Windows 7, 8.1, 10 & now 11. Over the next couple of months, we could see an increase in the number of vulnerabilities fixed breaching 100 once again. Should that be the case, careful selection of the most important vulnerabilities to resolve will be extremely important.”

Top October 2021 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible. 

1. CVE-2021-40449: Win32k Elevation of Privilege Vulnerability

A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges. They can achieve this due to a boundary error within the Win32k driver in Microsoft Windows kernel.

This vulnerability was discovered by Kaspersky, therefore one may assume this may be used in the next ransomware attack if not resolved quickly.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2021-41335: Windows Kernel Elevation of Privilege Vulnerability

The vulnerability allows a local user to escalate privileges on the system because Windows does not properly impose security restrictions in Windows Kernel.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2021-36970: Windows Print Spooler Spoofing Vulnerability

A remote attacker can spoof page content because the Windows Print Spooler incorrectly processes user supplied data. This vulnerability is more likely to be targeted by hackers because of the recent report of printing issues which are ongoing.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the vendor severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

 

CVE Reference Description Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Syxsense Recommended
CVE-2021-40449 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes Yes
CVE-2021-41335 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-40469 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No Yes No Yes
CVE-2021-41338 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability Important 5.5 No Yes No Yes
CVE-2021-38672 Windows Hyper-V Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2021-40461 Windows Hyper-V Remote Code Execution Vulnerability Critical 8 No No No Yes
CVE-2021-40486 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-26427 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2021-36970 Windows Print Spooler Spoofing Vulnerability Important 8.8 No No No Yes
CVE-2021-41344 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-40487 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.1 No No No Yes
CVE-2021-41348 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-40464 Windows Nearby Sharing Elevation of Privilege Vulnerability Important 8 No No No Yes
CVE-2021-40470 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40471 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40473 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40474 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40479 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40485 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40480 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40478 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40488 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40489 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-26441 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41345 Storage Spaces Controller Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40450 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41347 Windows AppX Deployment Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40443 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40466 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40467 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-40477 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2021-41340 Windows Graphics Component Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-41331 Windows Media Audio Decoder Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40462 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40465 Windows Text Shaping Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2021-40463 Windows NAT Denial of Service Vulnerability Important 7.7 No No No
CVE-2021-40484 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-34453 Microsoft Exchange Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-41352 SCOM Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-40476 Windows AppContainer Elevation Of Privilege Vulnerability Important 7.5 No No No
CVE-2021-36953 Windows TCP/IP Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-40457 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important 7.4 No No No
CVE-2021-40481 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2021-41334 Windows Desktop Bridge Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-26442 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-41342 Windows MSHTML Platform Remote Code Execution Vulnerability Important 6.8 No No No
CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability Important 6.5 No No No
CVE-2021-41332 Windows Print Spooler Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-40460 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability Important 6.5 No No No
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-40472 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40454 Rich Text Edit Control Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40468 Windows Bind Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40475 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38663 Windows exFAT File System Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-38662 Windows Fast FAT File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-41343 Windows Fast FAT File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-40455 Windows Installer Spoofing Vulnerability Important 5.5 No No No
CVE-2021-41336 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-41361 Active Directory Federation Server Spoofing Vulnerability Important 5.4 No No No
CVE-2021-41353 Microsoft Dynamics 365 Sales Spoofing Vulnerability Important 5.4 No No No
CVE-2021-41346 Console Window Host Security Feature Bypass Vulnerability Important 5.3 No No No
CVE-2021-40482 Microsoft SharePoint Server Information Disclosure Vulnerability Important 5.3 No No No
CVE-2021-40456 Windows AD FS Security Feature Bypass Vulnerability Important 5.3 No No No
CVE-2021-41337 Active Directory Security Feature Bypass Vulnerability Important 4.9 No No No
CVE-2021-41339 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 4.7 No No No
CVE-2021-41363 Intune Management Extension Security Feature Bypass Vulnerability Important 4.2 No No No
CVE-2021-41354 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 4.1 No No No
CVE-2021-40483 Microsoft SharePoint Server Spoofing Vulnerability Low 7.6 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: October 4, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: October 4, 2021

See this week's top Linux issues and keep your IT environment protected from the latest October Linux vulnerabilities.

1. Apache HTTP Server (2.4.48 and earlier) vulnerability

Severity: Critical     CVSS Score: 9.8

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party/external modules may.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39275

2. Missing input validation in domain names in Node.js

Severity: Critical         CVSS Score: 9.8

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector:             Network
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         None
  • Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-22931

3. Kubernetes vulnerability

Severity: Important    CVSS Score: 8.1

Exploiting this flaw, an authorized user can create a container with subpath volume mounts to access files and directories outside of the volume, including on the host node’s filesystem.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25741

4. aTFTP vulnerability (through 0.7.4)

Severity: Important    CVSS Score: 7.5

There is a buffer overflow in tftpd_file.c in aTFTP because buffer-size handling does not properly consider the combination of data, OACK, and other options.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41054

Join Our October Linux Webcast

Explore the latest Linux updates for October 2021. We discuss the most urgent patches and priorities for the month.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo