Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities

By Chetan Raghuprasad. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered “moderate.” The most…

[[ This is only the beginning! Please visit the blog for the complete entry ]]

TALOS
#vulnerability#web#mac#windows#microsoft#cisco#rce#ldap#auth

By Chetan Raghuprasad.

Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered “moderate.”

The most serious issue is CVE-2022-30136, a remote code execution vulnerability in the Windows Network File System (NFS) service, version NFSv4.1, with a severity score of near-maximum 9.8. An attacker can exploit the vulnerability over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to execute remote code. To mitigate this vulnerability, users are advised to disable the vulnerable version NFSV4.1 and restart the NFS server or reboot the machine.

Microsoft SharePoint server contains a remote code execution vulnerability, CVE-2022-30157, with a severity score of 8.8. To exploit this vulnerability, the attacker must be authenticated and have the correct privileges to create a page on the vulnerable SharePoint server. If a targeted victim clicks on a specific page, it could trigger code remotely on the target server. If the adversary also has access to the server with the sandboxed Code Service enabled, they could execute the code in the context of the web service account.

Two other high-severity vulnerabilities, CVE-2022-30153 and CVE-2022-30161, exist in the Windows Lightweight Directory Access Protocol (LDAP). These issues could lead to remote code execution. An attacker could exploit these vulnerabilities by tricking an authenticated victim on the targeted network to connect to a malicious LDAP server with an LDAP client on the victim’s machine. Then, they must send specially crafted replies to the client that exploits the vulnerability and permits the execution of the arbitrary code within the context of the victim’s LDAP client application.

Another high-severity vulnerability, CVE-2022-30141, in Windows Lightweight Directory Access Protocol (LDAP) is applicable for the users who have set a value higher than the default for MaxReceiveBuffer LDAP policy. The attacker requires preparation in the victim’s environment to exploit this vulnerability, but successful exploitation would result in the attacker’s code running in the context of the SYSTEM account.

Microsoft Kerberos has two high-severity vulnerabilities. One, CVE-2022-30165, is an elevation of privilege vulnerability that affects the Windows servers activated within the Windows Server configured with Remote Credential Guard (RCG) and Credential Security Service Provider (CredSSP) features. An unauthenticated attacker exploiting this vulnerability could elevate privileges and then spoof the Kerberos login process when a Remote Credential Guard (RCG) connection is made via Credential Security Service Provider (CredSSP) over the network.

The other, CVE-2022-30164, is a Kerberos AppContainer Security feature bypass vulnerability where a low-privilege attacker could execute a malicious script within an Application Container to request a service ticket and elevate the service privilege, leading to execute code or access resources at a higher integrity level than that of the Application Container execution environment.

Windows Hyper-V also contains a high-severity vulnerability, CVE-2022-30163, that could lead to remote code execution. An attacker needs to run a specially crafted application on a Hyper-V guest to exploit this vulnerability. A successful attack would allow the attacker to traverse the Hyper-V guest’s security boundary to execute arbitrary code on the Hyper-V host execution environment.

CVE-2022-30160 is another privilege escalation vulnerability that exists in the Windows Advanced Local Procedure Call (ALPC) where an attacker winning a race condition leads to a use-after-free condition in the ALPC of the Windows NT kernel.

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 59967, 59968, 59971 and 59972. There are also Snort 3 rules 300201 and 300202.

Related news

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches

Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239094 On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch Tuesdays, 38 vulnerabilities were released. This gives us 94 […]

Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.   But after spending a few days on the show floor and interacting with everyone, there are a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-30164

Kerberos AppContainer Security Feature Bypass Vulnerability.

CVE-2022-30163

Windows Hyper-V Remote Code Execution Vulnerability.

CVE-2022-30161

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153.

CVE-2022-30165

Windows Kerberos Elevation of Privilege Vulnerability.

CVE-2022-30153

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30161.

CVE-2022-30136

Windows Network File System Remote Code Execution Vulnerability.

CVE-2022-30141

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161.

CVE-2022-30160

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability.

CVE-2022-30157

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158.

Update now!  Microsoft patches Follina, and many other security updates

Patch Tuesday for June 2022 brought a fix for Follina and many other security vulnerabilities. Time to figure out what needs to be prioritized. The post Update now!  Microsoft patches Follina, and many other security updates appeared first on Malwarebytes Labs.

Microsoft Patch Tuesday, June 2022 Edition

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that's seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five other shortcomings were resolved in the Microsoft Edge browser. <!-

TALOS: Latest News

Something to Read When You Are On Call and Everyone Else is at the Office Party