Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol. October’s security update features 11 critical vulnerabilities, with the remainder being “important.”
One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.
An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.

CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month — a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. CVE-2022-37976 and CVE-2022-37979 are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively.
The Windows’ point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated “critical” severity:

CVE-2022-22035 CVE-2022-24504 CVE-2022-30198 CVE-2022-33634 CVE-2022-38000 CVE-2022-38047 CVE-2022-41081

CVE-2022-38000 is the most serious among the group with a severity rating of 9. An attacker could successfully exploit this issue to launch remote code at the remote server. Microsoft Office and Word also contain critical remote code execution vulnerabilities. These are usually popular targets for adversaries, as they are one of the most popular pieces of software in the world and can be exploited just by tricking a user into opening a specially crafted document:

CVE-2022-38048 CVE-2022-38049 CVE-2022-41031

Microsoft has also included 12 vulnerabilities in Google Chromium, the open-source web browser that is the basis for Microsoft’s Edge browser. Google has already disclosed and fixed these issues, so users do not need to take any additional steps to implement patches:

CVE-2022-3304 CVE-2022-3307 CVE-2022-3308 CVE-2022-3310 CVE-2022-3311 CVE-2022-3313 CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3370 CVE-2022-3373 CVE-2022-41035

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60693 - 60696, 60698 - 60701, 60706, 60701 - 60705, 60708 and 60709. There are also Snort 3 SIDs 300290 - 300296, 300297 and 300298.

TALOS
#vulnerability#web#windows#google#microsoft#cisco#kubernetes#rce#auth#chrome

**

**

By Jon Munshaw and Vanja Svajcer.

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol.

October’s security update features 11 critical vulnerabilities, with the remainder being “important.”

One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.

An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.

CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month — a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster.

CVE-2022-37976 and CVE-2022-37979 are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively.

The Windows’ point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated “critical” severity:

  • CVE-2022-22035
  • CVE-2022-24504
  • CVE-2022-30198
  • CVE-2022-33634
  • CVE-2022-38000
  • CVE-2022-38047
  • CVE-2022-41081

CVE-2022-38000 is the most serious among the group with a severity rating of 9. An attacker could successfully exploit this issue to launch remote code at the remote server.

Microsoft Office and Word also contain critical remote code execution vulnerabilities. These are usually popular targets for adversaries, as they are one of the most popular pieces of software in the world and can be exploited just by tricking a user into opening a specially crafted document:

  • CVE-2022-38048
  • CVE-2022-38049
  • CVE-2022-41031

Microsoft has also included 12 vulnerabilities in Google Chromium, the open-source web browser that is the basis for Microsoft’s Edge browser. Google has already disclosed and fixed these issues, so users do not need to take any additional steps to implement patches:

  • CVE-2022-3304
  • CVE-2022-3307
  • CVE-2022-3308
  • CVE-2022-3310
  • CVE-2022-3311
  • CVE-2022-3313
  • CVE-2022-3315
  • CVE-2022-3316
  • CVE-2022-3317
  • CVE-2022-3370
  • CVE-2022-3373
  • CVE-2022-41035

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60693 - 60696, 60698 - 60701, 60706, 60701 - 60705, 60708 and 60709. There are also Snort 3 SIDs 300290 - 300296, 300297 and 300298.

Related news

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

CVE-2023-0036: en/security-disclosure/2023/2023-01.md · OpenHarmony/security - Gitee.com

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

CVE-2022-3317

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chrome security severity: Low)

CVE-2022-3307

Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

CVE-2022-3315

Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Low)

CVE-2022-3308

Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: Medium)

CVE-2022-3304: Stable Channel Update for Desktop

Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

CVE-2022-3370

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-3373: Stable Channel Update for Desktop

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. All vulnerabilities: 105Urgent: 2Critical: 1High: 29Medium: 71Low: 2 Let’s take a look at the most interesting vulnerabilities: Two […]

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Threat Source newsletter (Oct. 13, 2022) — Cybersecurity Awareness Month is all fun and memes until someone gets hurt

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  October is National Cybersecurity Awareness Month. Which, if you’ve been on social media at all the past 13 days or read any cybersecurity news website, you surely know already.  As it does every year, I saw Cybersecurity Awareness Month kick off with a lot of snark and memes of people joking about what it even means to be “aware” of cybersecurity and why we even have this month at all. And I get why it’s easy to poke fun at, it is at its core a marketing-driven campaign, and hardcore security experts and researchers have notoriously pushed back against this being a marketing-driven field.  I’m not saying there should be Cybersecurity Awareness Month mascots brought to life on the floor of Black Hat, but it is probably time to pump the brakes on the skepticism and snark. After all, this week should be about broadening the security community, not trying to exclude others from it. I came to Talos ...

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server

Microsoft Patch Tuesday, October 2022 Edition

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month's Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.

Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.

CVE-2022-30198

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.

CVE-2022-41031

Microsoft Word Remote Code Execution Vulnerability.

CVE-2022-37979

Windows Hyper-V Elevation of Privilege Vulnerability.

CVE-2022-38049

Microsoft Office Graphics Remote Code Execution Vulnerability.

CVE-2022-41035

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

CVE-2022-33634

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.

CVE-2022-38048

Microsoft Office Remote Code Execution Vulnerability.

CVE-2022-37976

Active Directory Certificate Services Elevation of Privilege Vulnerability.

CVE-2022-24504

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.

CVE-2022-22035

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.

CVE-2022-41038

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38053, CVE-2022-41036, CVE-2022-41037.

CVE-2022-38000

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081.

CVE-2022-38047

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081.

CVE-2022-37968

Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study

By Waqas According to researchers, Google Chrome, Mozilla Firefox, and Microsoft Edge browser contained the most vulnerabilities in 2022. This is a post from HackRead.com Read the original post: Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study

Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study

By Waqas According to researchers, Google Chrome, Mozilla Firefox, and Microsoft Edge browser contained the most vulnerabilities in 2022. This is a post from HackRead.com Read the original post: Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study

Google Quashes 5 High-Severity Bugs With Chrome 106 Update

External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.

Google Quashes 5 High-Severity Bugs With Chrome 106 Update

External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.

TALOS: Latest News

New PXA Stealer targets government and education sectors for sensitive information