Headline
Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws
Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.
None of the issues patched by Google are known to have been exploited in attacks, but if the update is available to you, it’s a good idea to apply it as soon as possible.
Microsoft
Microsoft Patch Tuesday is an important one because it comes with a fix for a flaw already being used in attacks. The zero-day vulnerability, tracked as CVE-2022-37969, is a privilege escalation issue in the Windows Common Log File System Driver that could allow an adversary to take control of the machine.
The zero-day is among 63 vulnerabilities patched by Microsoft, including five rated as critical. These include CVE-2022-34722 and CVE-2022-34721, remote code execution (RCE) flaws in the Windows Internet Key Exchange Protocol (IKE) which both have a CVSS score of 9.8.
Later in September, Microsoft issued an out-of-band security update for a spoofing vulnerability in its Endpoint Configuration Manager tracked as CVE 2022 37972.
Encrypted messaging service WhatsApp has released an update to fix two vulnerabilities that could result in remote code execution. CVE-2022-36934 is an integer overflow issue in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, and Business for iOS prior to v2.22.16.12, which could result in remote code execution in a video call.
Meanwhile, CVE-2022-27492 is an integer underflow flaw in WhatsApp for Android prior to v2.22.16.2 and WhatsApp for iOS v2.22.15.9 that could have caused remote code execution for someone receiving a crafted video file, according to the WhatsApp security advisory.
WhatsApp patched these flaws about a month ago, so if you are running the current version, you should be safe.
HP
HP has fixed a serious issue in the support assistant tool that comes preinstalled on all of its laptops. The privilege escalation bug in HP Support Assistant is ranked as a high-severity issue and is tracked as CVE-2022-38395.
HP has released only limited details about the vulnerability on its support page, but it goes without saying that those with affected equipment should ensure they update now.
SAP
SAP’s September Patch Day saw the release of 16 new and updated patches, including three high-priority fixes for SAP Business One, SAP BusinessObjects, and SAP GRC.
The SAP Business One fix, which patches an Unquoted Service Path vulnerability, is the most critical of the three. Attackers could exploit the flaw “to execute an arbitrary binary file when the vulnerable service starts, which could allow it to escalate privileges to SYSTEM,” security firm Onapsis says.
A second fix for SAP BusinessObjects patches an information disclosure vulnerability. “Under certain conditions, the vulnerability allows an attacker to gain access to unencrypted sensitive information in the Central Management Console of SAP BusinessObjects Business Intelligence Platform,” says Onapsis in its blog.
The third High Priority Note affecting SAP GRC customers could allow an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad.
Cisco
Software giant Cisco has issued a patch to fix a high-severity security issue in the binding configuration of SD-WAN vManage software containers. Tracked as CVE-2022-20696, the flaw could allow an unauthenticated attacker who has access to the VPN0 logical network to access the messaging service ports on an affected system.
“A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload,” Cisco warned in an advisory.
Sophos
Security company Sophos has just fixed an RCE flaw in its firewall product that it says is already being used in attacks. Tracked as CVE-2022-3236, the code injection vulnerability was discovered in the User Portal and Webadmin of Sophos Firewall.
“Sophos has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region,” the firm said in a security advisory.
WP Gateway WordPress Plugin
A vulnerability in a WordPress plugin called AP Gateway is already being used in attacks. Tracked as CVE-2022-3180, the privilege escalation bug could allow attackers to add a malicious user with admin privileges to take over sites running the plugin.
“As this is an actively exploited zero-day vulnerability, and attackers are already aware of the mechanism required to exploit it, we are releasing this public service announcement to all of our users,” said Ram Gall, a Wordfence senior threat analyst, adding that certain details have been withheld intentionally to prevent further exploitation.
Related news
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.
The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed
Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to 18 flaws Microsoft addressed in its Chromium-based Edge browser since the release of Patch
Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.
It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.
Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.
More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. "
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and
WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and
Code injection vulnerability harnessed in attacks on south Asia
Vendor patches code injection vulnerability harnessed in attacks on south Asia
Categories: Exploits and vulnerabilities Categories: News Tags: WhatsApp Tags: CVE-2022-36934 Tags: CVE-2022-27492 Two RCE vulnerabilities were patched in WhatsApp. Both vulnerabilities were video related and could be used to compromise your device. (Read more...) The post Critical WhatsApp vulnerabilities patched: Check you've updated! appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Tags: WhatsApp Tags: CVE-2022-36934 Tags: CVE-2022-27492 Two RCE vulnerabilities were patched in WhatsApp. Both vulnerabilities were video related and could be used to compromise your device. (Read more...) The post Critical WhatsApp vulnerabilities patched: Check you've updated! appeared first on Malwarebytes Labs.
Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it
Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]
Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]
Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]
An integer overflow in WhatsApp could result in remote code execution in an established video call.
WordPress WPGateway plugin versions 3.5 and below suffer from an unauthenticated privilege escalation vulnerability.
Categories: News Tags: CVE-2022-37969 Tags: CVE-2022-23960 Tags: CVE-2022-35805 Tags: CVE-2022-34700 Tags: CVE-2022-34718 Tags: CVE-2022-34721 Tags: CVE-2022-34722 Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Cisco Tags: Google Tags: Samsung Tags: SAP Tags: VMWare The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks (Read more...) The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.
Categories: News Tags: CVE-2022-37969 Tags: CVE-2022-23960 Tags: CVE-2022-35805 Tags: CVE-2022-34700 Tags: CVE-2022-34718 Tags: CVE-2022-34721 Tags: CVE-2022-34722 Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Cisco Tags: Google Tags: Samsung Tags: SAP Tags: VMWare The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks (Read more...) The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.
Categories: News Tags: CVE-2022-37969 Tags: CVE-2022-23960 Tags: CVE-2022-35805 Tags: CVE-2022-34700 Tags: CVE-2022-34718 Tags: CVE-2022-34721 Tags: CVE-2022-34722 Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Cisco Tags: Google Tags: Samsung Tags: SAP Tags: VMWare The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks (Read more...) The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.
Categories: News Tags: WPGateway Tags: WordPress Tags: plugin Tags: vulnerability Tags: CVE We take a look at a vulnerability being exploited in the wild related to the WPGateway WordPress plugin. (Read more...) The post WPGateway WordPress plugin vulnerability could allow full site takeover appeared first on Malwarebytes Labs.
Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its
Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its
Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence
This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products.
This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products.
This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products.
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.
By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.” The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely...
By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.” The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely...
By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.” The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely...
A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.
Categories: Exploits and vulnerabilities Categories: News Tags: HP Support Assistant Tags: DLL hijacking Tags: SYSTEM privileges Tags: CVE-2022-38395 HP has issued a new version of its HP Support Assistant tool because of a high severity DLL hijacking vulnerability. (Read more...) The post Your HP Support Assistant needs an update! appeared first on Malwarebytes Labs.
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (