Skip to main content
All Posts By

bmhume

||

Linux Vulnerabilities of the Week: February 08, 2022

By NewsNo Comments

Linux Vulnerabilities of the Week: February 8, 2022

See this week's top Linux issues and keep your IT environment protected from the latest February 2022 Linux vulnerabilities.

1. SQL injection in Log4j 1.x when the application is configured to use JDBCAppender

Severity: Critical         CVSS Score: 9.8

This is a flaw in the Java logging library Apache Log4j in version 1.x, which makes JDBCAppender in Log4j 1.x vulnerable to SQL injection in untrusted data. A remote attacker can use this vulnerability to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23305

2. A heap-based buffer overflow vulnerability in AIDE (<0.17.4) affecting Red Hat Enterprise Linux 6, 7 and 8

Severity: Important    CVSS Score: 7.8

AIDE allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), crash the program, and possibly execute arbitrary code, because of a heap-based buffer overflow.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-45417

CVE Reference(s): CVE-2021-44790

3. An uncontrolled resource consumption flaw in Go (< 1.16.12)

Severity: Important    CVSS Score: 7.5

This is a flaw in Golang’s net/http library in the canonicalHeader() function. It allows an attacker who submits specially crafted requests to applications linked with net/http’s http2 functionality to cause excessive resource consumption that could lead to a denial of service or otherwise impact system performance and resources.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44716

4. Libreswan (4.2 through 4.5) flaw

Severity: Important    CVSS Score: 7.5

This is a flaw in Libreswan that remote attackers could exploit to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23094

5. Incorrect IdentityHashMap size checks during deserialization in Open JDK

Severity: Medium       CVSS Score: 5.3

This is an easily exploitable flaw in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) that allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DoS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-21294

February Patch Tuesday 2021

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

By Patch Management, Patch TuesdayNo Comments

February Patch Tuesday 2022 Fixes 51 Vulnerabilities

The second Patch Tuesday of 2022 has arrived — tackle the latest Microsoft updates and vulnerabilities for the month of February.

Microsoft Releases 51 fixes this month including 1 Public Aware threat

here are 50 Important fixes in this release and 1 Moderate.  Microsoft Windows and Windows Components, Azure Data Explorer, Kestrel Web Server, Microsoft Edge (Chromium-based), Windows Codecs Library, Microsoft Dynamics, Microsoft Dynamics GP, Microsoft Office and Office Components, Windows Hyper-V Server, SQL Server, Visual Studio Code, and Microsoft Teams.

Year 3 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month.

Robert Brown, Head of Customer Success for Syxsense said, “This is the first year we have a Microsoft release which has not consisted of a Critical severity vulnerability rated by the Vendor.  This is the reason it is essential to compare different severity systems instead of relying on a single source of truth, in this case the vendor rated severity.  There are still extremely important vulnerabilities to remediate this month, the lack of a Critical vulnerabilities does not allow you to relax just yet.”

 

Top February 2022 Patches and Vulnerabilities

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend our customers enter the CVE numbers below into your patch management solution and deploy as soon as possible.

1. CVE-2022-21989: Windows Kernel Elevation of Privilege Vulnerability

Windows does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

2. CVE-2022-21984: Windows DNS Server Remote Code Execution Vulnerability

This patch fixes a remote code execution bug in the Microsoft DNS server.  An attacker could completely take over your DNS and execute code with elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: Yes – The server is only affected if dynamic updates are enabled, but this is a relatively common configuration. 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21995: Windows Hyper-V Remote Code Execution Vulnerability

This patch fixes a guest-to-host escape in Hyper-V server and successful exploitation of this vulnerability may result in complete compromise of the system.

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.9
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Adjacent
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Title Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Highly Recommended
CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Yes No Yes
CVE-2022-21984 Windows DNS Server Remote Code Execution Vulnerability Important 8.8 Yes No No Yes
CVE-2022-22005 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No Yes
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability Important 8.3 No No Yes
CVE-2022-23256 Azure Data Explorer Spoofing Vulnerability Important 8.1 No No Yes
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 8.1 No No Yes
CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability Important 8.1 No No Yes
CVE-2022-21987 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Yes
CVE-2022-21995 Windows Hyper-V Remote Code Execution Vulnerability Important 7.9 No No Yes
CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22004 Microsoft Office ClickToRun Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22003 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22709 VP9 Video Extensions Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21981 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22000 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21994 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21992 Windows Mobile Device Management Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22718 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-22001 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No Yes
CVE-2022-21971 Windows Runtime Remote Code Execution Vulnerability Important 7.8 No No Yes
CVE-2022-23263 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 7.7 No No Yes
CVE-2022-21986 .NET Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21965 Microsoft Teams Denial of Service Vulnerability Important 7.5 No No
CVE-2022-21993 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Important 7.5 No No
CVE-2022-21957 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important 7.2 No No
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 7.1 No No
CVE-2022-21997 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No
CVE-2022-22717 Windows Print Spooler Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-23269 Microsoft Dynamics GP Spoofing Vulnerability Important 6.9 No No
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability Important 6.5 No No
CVE-2022-23262 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.3 No No
CVE-2022-23255 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important 5.9 No No
CVE-2022-22712 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No
CVE-2022-22716 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-23252 Microsoft Office Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22710 Windows Common Log File System Driver Denial of Service Vulnerability Important 5.5 No No
CVE-2022-21998 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21985 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-22002 Windows User Account Profile Picture Denial of Service Vulnerability Important 5.5 No No
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-23261 Microsoft Edge (Chromium-based) Tampering Vulnerability Moderate 5.3 No No
CVE-2022-23254 Microsoft Power BI Elevation of Privilege Vulnerability Important 4.9 No No
CVE-2022-21968 Microsoft SharePoint Server Security Feature Bypass Vulnerability Important 4.3 No No
||

Critical Bug Can Be Exploited to Gain Windows SYSTEM Privileges

By Blog, NewsNo Comments

Critical Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee has patched two severe vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges.

New Critical Vulnerability

McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM.

According to McAfee’s bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint Security, among other McAfee products. 

The Agent is the piece of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces policies and executes client-side tasks such as deployment and updating. 

The McAfee Agent is also the component that uploads events and provides additional data regarding each system’s status. Periodically collecting and sending event information to the McAfee ePO server, the Agent – which also installs and updates endpoint products – is a required install on any network system that needs to be managed.

How Syxsense Can Help

Syxsense has automated the entire process of patch management.

  • It automates testing of patches yet gets them deployed within three hours of receipt.
  • It automates patch deployment so the right patches make it to every endpoint.
  • It automates patch rollback in case of any issues or incompatibilities.
  • It automates the prioritization and sequencing of patches so those that represent the biggest threat are sent out first.

Syxsense also automates vulnerability scanning so that scans are done regularly to determine potential issues such as missing patches, open ports, and other vulnerabilities.

|||

Watch the Webcast: January Patch Tuesday 2022

By News, Patch Tuesday, VideoNo Comments

Watch the Webcast: January Patch Tuesday 2022

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's January Patch Tuesday updates.

Watch the January Patch Tuesday 2022 Webcast

New year, new Patch Tuesday — start 2022 ahead of the latest threats and vulnerabilities.

Industry experts discuss each of this month’s bulletins and show you strategies for tackling the most important updates.

Our team of IT management experts has deployed over 100 million patches. Sign up for our free webinar to receive the top patch strategies of the month.

View the Webcast

What You Need to Know: January Patch Tuesday 2022

|||

Ransomware Is Bad and Getting Worse

By BlogNo Comments

Ransomware Is Bad and Getting Worse

A ransomware expert cautions anyone who thinks the ongoing ransomware plague is bad that it is about to get much, much worse.

Changes for Ransomware In 2022

Roger Grimes, a ransomware expert at KnowBe4 cautions anyone who thinks the ongoing ransomware plague is bad that it is about to get much, much worse.

“The cybersecurity industry is not yet capable of implementing a robust defense to even slow the continued increase in cybercrime, much less actually lessen it,” he said.

He noted that ransomware gangs had graduated beyond mere ransom collection. Yes, they still rake in billions. But they are also stealing intellectual property, corporate data, and credentials. In addition, the use the data to threaten the victim’s employees and customers, publicly shame organizations, and use their insider information to conduct spear phishing.

In other words, these new tactics mean that backup won’t protect the victims. Yes, a backup may help a company avoid paying the ransom. But the cybercriminals can still leverage all these other avenues to cause real problems – and ultimately force payment.

According to Coveware, 81% of ransomware gangs threaten to leak exfiltrated data. As a result, more than 60% of victims now pay the ransom. The average ransomware payment is up to $280,000 and rising steadily, along with cyber insurance premiums.

And Grimes predicts things will worsen once again. He said the bad guys are maximizing revenue potential by selling stolen data, credentials, access, money, and also going after individuals within companies, as well as organizations as a whole. They have evolved hacking-for-hire schemes, they offer product lists for sale, and in general are acting like a high-end marketing department in exploring and developing innovative new sales channels.

Anyone suffering a ransomware attack, therefore, had better do a thorough forensic examination to see how the attack began, where it spread to laterally, any backdoors introduced, credentials hacked and more. A vulnerability scan should of course be done to determine any remaining vulnerabilities and all of them need to be fixed.

 

Combined Ransomware Attacks

Two-pronged attacks are becoming common tactics from cybercriminals. They might quietly do some crypto mining in a site and then launch ransomware. Or they can make a ransom demand and at the same time attack their website and take down current revenue channels. The resulting financial stress makes it easier to extort the money.

As we move forward, further automation and streamlining of attacks is likely to be observed. For example, a successful incursion using a bot may result in the automatic installation of malicious program, collection of some passwords, and a scan of the environment to gather key details. At that point, the attack is escalated to senior hackers who research the potential in the environment and determine the most lucrative strategy to exploit. This is similar to how IT is operating today, and how IT is evolving: Routine actions and labor-intensive actions are automated, and alerts and exceptions are passed on to IT personnel to decide what to do.

Just as automation has become the go-to tool for hackers and is being introduced into more and more areas of IT operations and maintenance, it is automation that can help fight the battle against rampant ransomware.

How Syxsense Can Help

Syxsense has automated the entire process of patch management.

  • It automates testing of patches yet gets them deployed within three hours of receipt.
  • It automates patch deployment so the right patches make it to every endpoint.
  • It automates patch rollback in case of any issues or incompatibilities.
  • It automates the prioritization and sequencing of patches so those that represent the biggest threat are sent out first.

Syxsense also automates vulnerability scanning so that scans are done regularly to determine potential issues such as missing patches, open ports, and other vulnerabilities.

||

January Patch Tuesday 2022 Fixes 96 Critical Issues

By News, Patch Management, Patch TuesdayNo Comments

January Patch Tuesday 2022 Fixes 96 Critical Issues

With 96 new bugs, Microsoft is kicking off the first Patch Tuesday of 2022 with a bang. There are 8 Critical and 88 Important fixes.

Microsoft Patch Tuesday Released with 96 Fixes

There are 8 Critical (one more than last month) and 88 Important fixes in this release. Updates were included for Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop. 

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. Next month you need to renew for a third ESU if you are still using Windows 7 or 2008 R2.

The first Patch Tuesday of the year has arrived with a bang, and just in time for many of our customers who are ending their change freeze following the New Year holidays.  We do not have any confirmed Weaponized threats to deal with this month so far, however we do have 6 confirmed Public Aware threats which could be weaponized at any minute.”

Syxsense Recommendations

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.

Top January 2022 Patches and Vulnerabilities

1. CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error within the HTTP Trailer Support feature in HTTP Protocol Stack (http.sys). A remote attacker can send a specially crafted HTTP request to the web server, trigger a buffer overflow and execute arbitrary code on the system. Microsoft recommends prioritizing the patching of affected devices because it is suspected to be wormable.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

2. CVE-2022-21849: Windows IKE Extension Remote Code Execution Vulnerability

The vulnerability exists due to insufficient validation of user-supplied input Windows IKE Extension. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack. In an environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated.

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

3. CVE-2022-21912: DirectX Graphics Kernel Remote Code Execution Vulnerability

The vulnerability allows a local user to execute arbitrary code on the target system, and successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The authenticated attacker could take advantage of a vulnerability in dxgkrnl.sys to execute an arbitrary pointer dereference in kernel mode. What makes this even worse is an attacker with non-admin credentials can potentially carry out an exploit using this vulnerability.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes

Syxscore Risk

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Yes

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Highest Priority
CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability Critical 9.8 No No Yes Yes
CVE-2022-21849 Windows IKE Extension Remote Code Execution Vulnerability Important 9.8 No No No Yes
CVE-2022-21846 Microsoft Exchange Server Remote Code Execution Vulnerability Critical 9 No No No Yes
CVE-2022-21855 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21969 Microsoft Exchange Server Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2022-21901 Windows Hyper-V Elevation of Privilege Vulnerability Important 9 No No No Yes
CVE-2022-21857 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No No Yes
CVE-2022-21840 Microsoft Office Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2022-21850 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21851 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21893 Remote Desktop Protocol Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2022-21920 Windows Kerberos Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2022-21837 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.3 No No No Yes
CVE-2022-21912 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21898 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2022-21833 Virtual Machine IDE Drive Elevation of Privilege Vulnerability Critical 7.8 No No No Yes
CVE-2022-21836 Windows Certificate Spoofing Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21874 Windows Security Center API Remote Code Execution Vulnerability Important 7.8 No Yes No Yes
CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability Important 7 No Yes No Yes
CVE-2022-21884 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21910 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21835 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21842 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21916 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21852 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21902 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21878 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21908 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21888 Windows Modern Execution Server Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2022-21885 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21914 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21895 Windows User Profile Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2022-21891 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Important 7.6 No No No
CVE-2022-21932 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important 7.6 No No No
CVE-2022-21911 .NET Framework Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21904 Windows GDI Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21880 Windows GDI+ Information Disclosure Vulnerability Important 7.5 No No No
CVE-2022-21843 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21883 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21848 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21889 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability Important 6.1 No Yes No
CVE-2022-21869 Clipboard User Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21865 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21871 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21870 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21859 Windows Accounts Control Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21860 Windows App Contracts API Server Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21862 Windows Application Model Core API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21868 Windows Devices Human Interface Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21896 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21872 Windows Event Tracing Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21903 Windows GDI Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21881 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21867 Windows Push Notifications Apps Elevation Of Privilege Vulnerability Important 7 No No
CVE-2022-21863 Windows State Repository API Server file Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21875 Windows Storage Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21866 Windows System Launcher Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21864 Windows UI Immersive Server API Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21834 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Important 7 No No
CVE-2022-21892 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21958 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21959 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21962 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.8 No No
CVE-2022-21918 DirectX Graphics Kernel File Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21915 Windows GDI+ Information Disclosure Vulnerability Important 6.5 No No
CVE-2022-21847 Windows Hyper-V Denial of Service Vulnerability Important 6.5 No No
CVE-2022-21963 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.4 No No
CVE-2022-21928 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 6.3 No No
CVE-2022-21970 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important 6.1 No No
CVE-2022-21964 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21877 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21876 Win32k Information Disclosure Vulnerability Important 5.5 No No
CVE-2022-21838 Windows Clean up Manager Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21906 Windows Defender Application Control Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21899 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important 5.5 No No
CVE-2022-21879 Windows Kernel Elevation of Privilege Vulnerability Important 5.5 No No
CVE-2022-21913 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Important 5.3 No No
CVE-2022-21925 Windows Backup Key Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21924 Workstation Service Remote Protocol Security Feature Bypass Vulnerability Important 5.3 No No
CVE-2022-21900 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21905 Windows Hyper-V Security Feature Bypass Vulnerability Important 4.6 No No
CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability Important 4.4 No No
CVE-2022-21921 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important 4.4 No No

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

||

Linux Vulnerabilities of the Week: January 10, 2022

By NewsNo Comments

Linux Vulnerabilities of the Week: January 10, 2022

See this week's top Linux issues and keep your IT environment protected from the latest January 2022 Linux vulnerabilities.

1. Mozilla iframe sandbox rules vulnerability

Severity: Critical         CVSS Score: 10.0

Due to incorrect application of iframe sandbox rules to XSLT stylesheets, an iframe can bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-38503

2. Possible buffer overflow in the mod_lua multipart parser affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 9.8

A buffer overflow flaw in httpd’s Lua module could allow an out-of-bounds write. The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44790

3. Remote code execution in Log4j 1.x affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker’s JNDI LDAP endpoint.

This issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached the end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, with low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

4. Read buffer overruns processing ASN.1 strings in OpenSSL

Severity: Important    CVSS Score: 7.4

It was found that OpenSSL assumed ASN.1 strings to be NUL terminated. An attacker may be able to force an application into calling OpenSSL function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial-of-Service attack, or possibly, memory disclosure.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3712

5. Python-lxml’s HTML flaw affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.1

There’s a flaw in python-lxml’s HTML Cleaner component, which is responsible for sanitizing HTML and JavaScript.

An attacker who can submit a crafted payload to a web service using python-lxml’s HTML Cleaner may be able to trigger script execution in clients such as web browsers.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires user interaction to be exploited, it can be exposed over any network, with a low complexity attack, and without privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-43818

||

Cloud-Based IT Security Will Dominate in 2022

By NewsNo Comments

Cloud-Based IT Security Will Dominate in 2022

IT professionals will need cloud-based security tools with built-in automation to stay on top of 2022 IT security needs. What's changing?

Cloud-Security Looking to Grow in 2022

The cloud has been gathering momentum for many years. And it is rapidly becoming an unstoppable force. According to the 2022 Technology Spending Intentions report by Enterprise Strategy Group (ESG), cloud spending will far outstrip on-premises spending in 2022.

The report states that two thirds of organizations will raise their budgets for public cloud applications in 2022. 3% will decrease such spending and the remainder said public spending would remain flat. Some of the major factors driving these investment trends include the improvement of the customer experience, making employees more productive, enhancing business processes, and enabling digital transformation.

Digital transformation, it turns out, goes hand in hand with the cloud. Companies have realized that being in the cloud gives them far more architectural flexibility. Those continuing to focus on on-premises technology typically find it more difficult to adopt the latest technologies, harder to transform, and more challenging to streamline processes.

That’s why ESG found that almost half of organizations now regard themselves as cloud-first i.e., when they look to add new technology, expand their operations, or upgrade an application or system, their first option is always to look at how that can be done in the cloud. They deploy any new applications in the public cloud unless someone can make a compelling case to deploy it using on-premises resources. This approach offers them an immediate benefit of transferring CAPEX costs to OPEX. At the same time, it grants them access to cloud technology where vendors take care of all upgrades, back-end systems, and troubleshooting.

Hence, we are seeing the number of traditional data centers and server rooms dwindle. Instead of buying the hardware upfront and paying for annual maintenance, the pendulum has swung to a consumption-based model in which infrastructure is obtained on a pay-per-use basis such as cloud subscriptions. Over the past two years, the number favoring the traditional data center model has dropped by 12%. In 2022, it will drop to 38%.

Beyond costs and access to the latest technology, the move to the cloud is also about a preference for iterative methodologies such as DevOps, agile software development, and adoption of low-code and no-code processes. Cloud-based systems make it far easier for organizations to switch to these modern methodologies. Further, the cloud brings an extra dimension to application development. According to ESG, 60% of organizations are engaged in the development of cloud-native applications.

The Cloud and Digital Transformation Go Hand in Hand

There is no doubt that most organizations see a strong need to digitally transform in order to stay competitive and expand. That’s why so many are gravitating to the cloud. They no longer wish to bog themselves down in internal IT plumbing and maintenance by running a sophisticated modern data center.

At the same time, they are learning that the move to the cloud can help them to enhance security while they digitally transform. The organizational perimeter has evolved over the past two years. There is no going back. No longer can IT shelter employees and systems behind a firewall protecting a physical building and a consolidated network. The genie is out of the bottle. Many work from home. Wi-Fi networks are in heavy use across the geographically distributed enterprise. Applications are now provided by a great many cloud vendors. The centralized security paradigm no longer functions.

How Syxsense Can Help

It takes cloud-based security tools with built-in automation to stay on top of current security needs. Syxsense offers automated, cloud-based patch management and vulnerability scanning tools.

As organizations transition to the cloud, they must ensure that they also transition to security tools such as Syxsense as a key part of their journey.

||

Why Hackers are Living the American Dream

By NewsNo Comments

Why Hackers are Living the American Dream

It appears that there is a new American Dream — hackers all over the world are enjoying riches by preying on U.S. businesses and consumers.

A New American Dream for Hackers

The American Dream has long been the ideal whereby anyone living in the country would enjoy equality of opportunity. Hard work would pay off in terms of achievement of aspirations and goals.

Before the USA even achieved independence, the promise of freedom lured many to the new world. But after the attainment of independence, the numbers began to rise dramatically.

Perhaps the greatest wave was around the end of the nineteenth and start of the twentieth centuries when approximately 23 million immigrants settled in the United States. Most came from Southern and Eastern Europe, as well as Scandinavia. They fled their homes due to political upheaval, religious persecution, and a lack of economic opportunities.

The USA represented the opposite – religious freedom, political stability, and plenty of opportunities to move up the economic ladder. To this day, people still flock to the country, hoping for a better life.

Attacks on the Rise

But now it appears that there is a new American Dream – hackers all over the world are enjoying riches by preying on U.S. businesses and consumers. According to security firm Surfshark, the U.S. ranks first worldwide in the number of data breach victims.

Hackers are targeting the nation for two reasons:

  1. The riches of the U.S. make it a high-priority target.
  2. Hackers are finding easy pickings among both the business and consumer markets.

The list shows the USA far ahead of other western nations. With 212.4 million reported and confirmed account breaches, it leaves the UK (16.89 million) and Germany (10.3 million) in the dust. However, there are a couple of anomalies on the list. Iran and India placed second and third, respectively. But overall, it is clear that hackers tend to target the nations with the deepest pockets – hence, the position of the U.S.

Over the past year, accounts breached across the world as a whole jumped by 3.4%. One in five people globally were hacked. Yet the number of affected accounts in the U.S. grew by a much higher rate. It surged by 22%, jumping from 174.4 million to 212.4 million. That trend serves to highlight the intention of hackers to encroach the highest value targets. The U.S. now totals almost a quarter of all accounts breached internationally.

Those hacked not only suffered financial damage courtesy of ransomware, and loss of data. They also had to deal with reputational damage due to private data being stolen or leaked.

Securing the Enterprise

With hackers clearly targeting American accounts, both business and personal, security protections need to be stepped up. This means:

  1. Implementing standard security practices and technologies such as firewalls, intrusion prevention/detection, anti-virus, anti-malware, ransomware protection, security information and event management (SIEM), endpoint protection, and more.
  2. Protecting data via backups and disaster recovery systems. The organization must have the ability to retrieve backup files in the event of a breach or recover rapidly from a disaster or other event.
  3. Patching all organizational endpoints, devices, and servers to eliminate weaknesses that can be exploited by hackers.

Syxsense takes care of number 3. It automates the entire patch management process, prioritizing and deploying patches across the enterprise.

Syxsense lets you easily manage unpatched vulnerabilities with the click of a button. It includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. It also incorporates vulnerability scanning to detect weaknesses that could lead to a ransomware attack if unmitigated.

||

Windows Out-of-Band Update Released to Fix Remote Desktop

By Patch ManagementNo Comments

Windows Out-of-Band Update Released to Fix Remote Desktop

Microsoft has released an emergency security update to fix a Remote Desktop vulnerability in Windows Server running Remote Desktop.

Microsoft Issues Emergency Update for Remote Desktop

Microsoft has released an emergency security update to fix a Remote Desktop vulnerability in Windows Server running Remote Desktop. There is a known issue that might prevent you from using Remote Desktop to reach the server.  In some circumstances, the server might stop responding. The screen might also appear black, and general performance and signing in might be slow.

Rob Brown, Head of Customer Success for Syxsense said, “This is not available via the usual Windows Update or Microsoft update channel / Windows Update for Business or Windows Server Update Service (WSUS), which can make resolving this vulnerability more difficult unless you are using a solution like Syxsense. Alternatively, you may download this patch manually via the Microsoft Catalogue.”

Windows Out-of-Band Updates

For instructions on how to install this update for your operating system, see the KB for your OS listed below:

As always we recommend full testing be performed prior to live deployment to your device, these are now available within the Syxsense Console.