Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.

**Get to Know MicroStrategy**

Our company vision is intelligence everywhere. Our analytics platform delivers answers, and gets results. Our entire company is committed to your success.

**Pilot Enterprise Analytics**

Quickly deploy consumer-grade BI experiences for every role, on any device, with the platform that provides sub-second response at enterprise scale.

**Make your applications intelligent with Embedded Analytics**

Deliver in-context insights and analysis in any application and on any device. 

**Drive more value with MicroStrategy Cloud    **

Drive digital transformation and scale with confidence.

**Success Stories**

Hear stories from our customers and partners about how they use MicroStrategy to be a more Intelligent Enterprise.

**Featured Customer: Sainsbury's**

Learn how leading UK retailer Sainsbury’s democratized its data to empower every colleague from the store floor to the C-suite, powered by MicroStrategy.

**Featured Customer: Schwarz Group**

Explore how Schwarz IT enables brands like Lidl and Kaufland to drive global business impact with an enterprise analytics strategy, powered by MicroStrategy.

**Featured Customer: NICE**

Discover how AI-powered innovation and cloud-native technologies help NICE deliver the world’s leading cloud CX platform, with data and analytics visualization from MicroStrategy.

**Find Solutions with MicroStrategy**

Build consumer-grade intelligence applications, empower users with data discovery, and seamlessly push content to employees, partners, and customers in minutes.

01:30

**Overview of the MicroStrategy Platform**

Discover the power of MicroStrategy, the modern, open, enterprise BI platform that delivers intelligence everywhere. Watch this overrview to learn everything you need to know.

37753 views · April 01, 2021

31:41

**Data Storytelling with Dossiers**

Did you know you can easily build no-code analytics applications with MicroStrategy Dossiers? In this session from MicroStrategy World 2022, experts introduced the art of data storytelling.

960 views · February 02, 2022

08:57

**Overview of MicroStrategy Mobile**

Watch the MicroStrategy team review how to integrate context-rich analytics and collaborative workflows with powerful no-code mobile applications. Learn more about traditional mobile applications from the MicroStrategy platform.

3727 views · September 22, 2020

06:27

**Trusted Data for Excel, BI Tools, and Data Science Tools**

Leverage the power of the industry's strongest semantic graph. Watch this to learn how MicroStrategy will help you get the most out of Excel and other BI applications. The tools you love, with data you can trust.

4052 views · September 22, 2020

**HyperIntelligence**

Deploy analytics beyond the analyst by injecting insights and actions into the applications and websites your people use every day.

00:44

**Introduction to HyperIntelligence**

With HyperIntelligence, deliver instant insights into your everyday applications with no code to make informed decisions and take action faster.

26031 views · November 18, 2019

**Embedded Intelligence**

Learn about MicroStrategy's #1 rated platform for Embedded Analytics.

01:00

**Make your Applications Intelligent with Embedded Analytics**

MicroStrategy’s #1-rated Embedded Analytics platform provides faster in-context insights and analysis in any application and on any device. Extend analytics into portals and applications, allowing users to take advantage of actionable insights in their day-to-day workflows.

1007 views · October 14, 2021

11:35

**Overview of MicroStrategy Embedded Analytics**

MicroStrategy is the industry leader for application development and embedded analytics. Watch this video to learn more about the functionality related to customization and embedded analytics.

4023 views · May 29, 2020

**Cloud Intelligence**

The fastest, most efficient way to run your Intelligent Enterprise.

03:01

**What to Expect From Your Cloud Migration**

"Learn how you’ll collaborate with our MicroStrategy experts to ensure easy and efficient migration to the cloud—in a matter of weeks with no disruption to your users. "

681 views · June 22, 2021

43:31

**Top Trends: The Future of Cloud Computing**

Explore the top cloud trends on the horizon and learn to leverage robust application and infrastructure security to ensure integrity across a robust suite of analytics applications.

81 views · February 02, 2022

**Resources**

**Partners**

16:23

**Exasol: Turbocharging the BI Stack**

This session showcases how to accelerate time to insights and how to future-proof your MicroStrategy environment by adding Exasol to your data stack.

40 views · February 10, 2022

CVE-2020-22984: Business Intelligence & Analytics Solutions

**Get to Know MicroStrategy**

Our company vision is intelligence everywhere. Our analytics platform delivers answers, and gets results. Our entire company is committed to your success.

**Pilot Enterprise Analytics**

Quickly deploy consumer-grade BI experiences for every role, on any device, with the platform that provides sub-second response at enterprise scale.

**Make your applications intelligent with Embedded Analytics**

Deliver in-context insights and analysis in any application and on any device. 

**Drive more value with MicroStrategy Cloud    **

Drive digital transformation and scale with confidence.

**Success Stories**

Hear stories from our customers and partners about how they use MicroStrategy to be a more Intelligent Enterprise.

**Featured Customer: Sainsbury's**

Learn how leading UK retailer Sainsbury’s democratized its data to empower every colleague from the store floor to the C-suite, powered by MicroStrategy.

**Featured Customer: Schwarz**

Explore how Schwarz IT enables brands like Lidl and Kaufland to drive global business impact with an enterprise analytics strategy, powered by MicroStrategy.

**Featured Customer: NICE**

Discover how AI-powered innovation and cloud-native technologies help NICE deliver the world’s leading cloud CX platform, with data and analytics visualization from MicroStrategy.

**Find Solutions with MicroStrategy**

Build consumer-grade intelligence applications, empower users with data discovery, and seamlessly push content to employees, partners, and customers in minutes.

01:30

**Overview of the MicroStrategy Platform**

Discover the power of MicroStrategy, the modern, open, enterprise BI platform that delivers intelligence everywhere. Watch this overrview to learn everything you need to know.

36959 views · April 01, 2021

31:41

**Data Storytelling with Dossiers**

Did you know you can easily build no-code analytics applications with MicroStrategy Dossiers? In this session from MicroStrategy World 2022, experts introduced the art of data storytelling.

927 views · February 02, 2022

08:57

**Overview of MicroStrategy Mobile**

Watch the MicroStrategy team review how to integrate context-rich analytics and collaborative workflows with powerful no-code mobile applications. Learn more about traditional mobile applications from the MicroStrategy platform.

3703 views · September 22, 2020

06:27

**Trusted Data for Excel, BI Tools, and Data Science Tools**

Leverage the power of the industry's strongest semantic graph. Watch this to learn how MicroStrategy will help you get the most out of Excel and other BI applications. The tools you love, with data you can trust.

4007 views · September 22, 2020

**HyperIntelligence**

Deploy analytics beyond the analyst by injecting insights and actions into the applications and websites your people use every day.

00:44

**Introduction to HyperIntelligence**

With HyperIntelligence, deliver instant insights into your everyday applications with no code to make informed decisions and take action faster.

25983 views · November 18, 2019

**Embedded Intelligence**

Learn about MicroStrategy's #1 rated platform for Embedded Analytics.

01:00

**Make your Applications Intelligent with Embedded Analytics**

MicroStrategy’s #1-rated Embedded Analytics platform provides faster in-context insights and analysis in any application and on any device. Extend analytics into portals and applications, allowing users to take advantage of actionable insights in their day-to-day workflows.

925 views · October 14, 2021

11:35

**Overview of MicroStrategy Embedded Analytics**

MicroStrategy is the industry leader for application development and embedded analytics. Watch this video to learn more about the functionality related to customization and embedded analytics.

3944 views · May 29, 2020

**Cloud Intelligence**

The fastest, most efficient way to run your Intelligent Enterprise.

03:01

**What to Expect From Your Cloud Migration**

"Learn how you’ll collaborate with our MicroStrategy experts to ensure easy and efficient migration to the cloud—in a matter of weeks with no disruption to your users. "

666 views · June 22, 2021

43:31

**Top Trends: The Future of Cloud Computing**

Explore the top cloud trends on the horizon and learn to leverage robust application and infrastructure security to ensure integrity across a robust suite of analytics applications.

79 views · February 02, 2022

**Resources**

**Partners**

16:23

**Exasol: Turbocharging the BI Stack**

This session showcases how to accelerate time to insights and how to future-proof your MicroStrategy environment by adding Exasol to your data stack.

39 views · February 10, 2022

By Jon Munshaw. 
Welcome to this week’s edition of the Threat Source newsletter. 
Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

_By Jon Munshaw._ 

Welcome to this week’s edition of the Threat Source newsletter. 

Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of World Password Day that it would soon be making MFA compulsory for all users.  

But is it too little, too late? 

Don’t get me wrong, MFA is one of the best first lines of defense for preventing a cyber attack or any other type of network intrusion. It comes up in pretty much every Talos blog post and Talos Takes episode I record.  

However, if we keep pushing off the deadline for making this step mandatory, it only gives attackers more time to catch up to us. Adversaries have already figured out ways to intercept MFA codes that are sent via SMS message, as. I talked about with Wendy Nather last year. 

And on the latest Beers with Talos episode, Nate Pors from Talos Incident Response talked about “prompt bombing” users, essentially annoying them to the point that they click “yes” on an MFA prompt and let a bad guy in.  

By the time MFA becomes mandatory on major sites and for some of our most important accounts on the internet, what other types of attacks will threat actors come up with to get around it. Already, one-time codes are starting to become out-of-fashion in favor of FIDO or certificate-based PKI authentication. Rather than adopting what should have been standard practice several years ago, is it time to start thinking about what the future of MFA is? 

It might be best for us to all look forward to zero-trust as our security future. It’s something the federal government is already looking at, but it goes without saying that things don’t happen quickly within the government at any level.  

In the meantime, everyone should work toward making MFA mandatory as quickly as possible. Yes, it can be a pain, but it will save many future headaches. If you do have MFA already, rely on app push notifications rather than SMS-based authentication. And, as always, user education is important. It should go without saying but tell users that unless they know they initiated an MFA push, they should never click on it. Even if it’s 3 a.m. 

**The one big thing **

The MustangPanda threat actor is breaking with what many would think to be protocol, and recently started targeting Russian organizations. MustangPanda has long thought to be a Chinese state-sponsored actor. Thus far in Russia’s invasion of Ukraine, China has been slow to criticize Russia and hasn’t taken part in many of the Western-backed sanctions levied against Russia over the past few months. This seems to break MustangPanda’s attack pattern, but also illustrates that this longstanding actor isn’t going anywhere.  

> **Why do I care? **
> 
> Over the years, Mustang Panda has evolved their tactics and implants to target a wide range of entities spanning multiple governments in three continents, including the European Union, the U.S., Asia and pseudo allies such as Russia. By using summit- and conference-themed lures in Asia and Europe, this attacker aims to gain as much long-term access as possible to conduct espionage and information theft. 
> 
> **So now what? **We’ll keep following MustangPanda’s choice of targets, especially as a continued wave of big game hunting ransomware attacks continues. They’ve shown that pretty much no one is off limits. We have new Snort rules available to protect users against the download and execution of their signature PlugX malware, plus many other forms of protection against their attacks and known exploits.  

**Other news of note**

A critical vulnerability in F5’s BIG-IP software is being exploited actively in the wild, taking the security community by storm. BIG-IP is a line of appliances that act as load balancers, firewalls, and can inspect and encrypt data going in and out of networks. This particular vulnerability has a severity score of 9.8 out of 10, but what’s more notable is that there are more than 16,000 instances of this software discoverable online, and it’s used by some of the world’s largest companies. This software has a close proximity to network perimeters and often looks at the decrypted version of HTTPS-protected traffic, so if an attacker exploits this, it opens several avenues for further attacks.  (Talos blog, ZDNet, Ars Technica) 

Multiple Western governments publicly blamed Russian state-sponsored actors for launching a cyber attack against an American satellite communications company in the weeks leading up to Russia’s invasion of Ukraine. The E.U., U.K. and U.S. all released separate reports saying attackers hit the European networks belonging to Viasat, just as the invasion started on Feb. 24. A statement from the U.S. State Department said “The activity disabled very small aperture terminals in Ukraine and across Europe” that, “among other things, support wind turbines and provide Internet services to private citizens.” (State Department, NBC News) 

Microsoft released more than 70 vulnerabilities as part of its weekly security update. May’s Patch Tuesday includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. There’s also a vulnerability in the Magnitude Simba Amazon Redshift ODBC Driver that affects the Windows self-hosted integration runtime service. Adobe also issued five security bulletins on Tuesday, covering 18 vulnerabilities across Adobe CloudFusion, InDesign, Character Animator, Framemaker and other software. However, none of these issues have been actively exploited in the wild, according to Adobe. (Talos blog, Adobe) 

**Can’t get enough Talos? **

*   Celebrating 20 years of ClamAV
*   Bitter APT adds Bangladesh to their targets
*   Vulnerability Spotlight: Vulnerability in Alyac antivirus program could stop virus scanning, cause denial of service
*   Talos Incident Response added to German BSI Advanced Persistent Threat response list
*   Threat Roundup for April 29 - May 6

  

**Upcoming events where you can find Talos ****NorthSec 2022 (May 19 – 20, 2022)  
Montreal, Canada ****REcon (June 3 – 5, 2022)  
Montreal, Canada ****RSA 2022 (June 6 – 9, 2022)  
San Francisco, California ****Cisco Live U.S. (June 12 – 16, 2022)  
Las Vegas, Nevada ****Most prevalent malware files from Talos telemetry over the past week  **

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  **MD5:** 93fefc3e88ffb78abb36365fa5cf857c  **Typical Filename:** Wextract    
**Claimed Product:** Internet Explorer    
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg  

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91   **MD5:** 7bdbd180c081fa63ca94f9c22c457376  **Typical Filename:** c0dwjdi6a.dll    
**Claimed Product:** N/A   **Detection Name:** Trojan.GenericKD.33515991  

**SHA 256:** 1b94aaa71618d4ecba665130ae54ef38b17794157123675b24641dc85a379426    
**MD5:** a841c3d335907ba5ec4c2e070be1df53  **Typical Filename:** chip 1-click installer.exe    
**Claimed Product:** chip 1-click installer     
**Detection Name:** Win.Trojan.Generic::ptp.cam  

**SHA 256:** 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa   **MD5:** df11b3105df8d7c70e7b501e210e3cc3   **Typical Filename:** DOC001.exe   **Claimed Product:** N/A     
**Detection Name:** Win.Worm.Coinminer::1201  

**SHA 256:** e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c  **MD5:** a087b2e6ec57b08c0d0750c60f96a74c  **Typical Filename:** AAct.exe    
**Claimed Product:** N/A    **Detection Name:** PUA.Win.Tool.Kmsauto::1201

Threat Source newsletter (May 12, 2022) — Mandatory MFA adoption is great, but is it too late? 

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.

Drive

Anmelden

Drive

Name

os command injection 1 .png

os command injection 2.png

os command injection 2.txt

Keine Dateien in diesem Ordner.Melden Sie sich an, um diesem Ordner Dateien hinzuzufügen.

CVE-2022-29303: os command injection POC – Google Drive

Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

**Description**

The Organizr application allows to sending a very long password (10000000 characters) it's possible to cause a denial of service attack on the server. This may lead to the website becoming unavailable or unresponsive. Usually, this problem is caused by a vulnerable password hashing implementation. When a long password is sent, the password hashing process will result in CPU and memory exhaustion.

**Proof of Concept**

1.Sign up to the application, capture the request in burp suites, and send it to Repeater.

2.Copy the payload from this link:- https://drive.google.com/file/d/11AwLp8Ae1\_eJqGb44W9QJDtPmVw-1RSQ/view?usp=sharing and paste on password parameter and send go.

3.You will see that the application allows long passwords this can leads to Dos and can exploit as DDos

**Video PoC**

    https://drive.google.com/file/d/1V_ZoXRJGkF7XSGdXJ4yPKRtQoxeTDyFe/view?usp=sharing
    

**Impact**

This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

CVE-2022-1698: Allowing long password leads to denial of service in organizr

Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

**Description**

The Organizr application allows large characters to insert in the input field "Username" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

**Proof of Concept**

1.Sign up to the application, capture the request in burp suites, and send it to Repeater.

2.After the &username= parameter put the payload mentioned on this link:- https://drive.google.com/file/d/1PBd3aXwKOL8uinLG7FJsn-8ldQceW4Zb/view?usp=sharing

3.Now press go and you will see the JWT token also get generated as the same size as the user input.

**Video PoC**

    https://drive.google.com/file/d/1su5IYU3GwUBCMX6SP_Ur-u2uxXXPh6cT/view?usp=sharing
    

**Impact**

This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

CVE-2022-1699: Uncontrolled Resource Consumption in organizr

Ubuntu Security Notice 5417-1 - Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the MMC/SD subsystem in the Linux kernel did not properly handle read errors from SD cards in certain situations. An attacker could possibly use this to expose sensitive information.

    =========================================================================Ubuntu Security Notice USN-5417-1May 12, 2022linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13,linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle,linux-raspi vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 21.10- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.13: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.13: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.13: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.13: Linux hardware enablement (HWE) kernelDetails:Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,Lisa Aichele, and Thais Moreira Hamasaki discovered that the SpectreVariant 2 mitigations for AMD processors on Linux were insufficientin some situations. A local attacker could possibly use this to exposesensitive information. (CVE-2021-26401)It was discovered that the MMC/SD subsystem in the Linux kernel didnot properly handle read errors from SD cards in certain situations. Anattacker could possibly use this to expose sensitive information (kernelmemory). (CVE-2022-20008)It was discovered that the USB gadget subsystem in the Linux kernel did notproperly validate interface descriptor requests. An attacker could possiblyuse this to cause a denial of service (system crash). (CVE-2022-25258)It was discovered that the Remote NDIS (RNDIS) USB gadget implementation inthe Linux kernel did not properly validate the size of the RNDIS_MSG_SETcommand. An attacker could possibly use this to expose sensitiveinformation (kernel memory). (CVE-2022-25375)It was discovered that the ST21NFCA NFC driver in the Linux kernel did notproperly validate the size of certain data in EVT_TRANSACTION events. Aphysically proximate attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2022-26490)It was discovered that the USB SR9700 ethernet device driver for theLinux kernel did not properly validate the length of requests from thedevice. A physically proximate attacker could possibly use this to exposesensitive information (kernel memory). (CVE-2022-26966)It was discovered that the Xilinx USB2 device gadget driver in theLinux kernel did not properly validate endpoint indices from the host. Aphysically proximate attacker could possibly use this to cause a denialof service (system crash). (CVE-2022-27223)Miaoqian Lin discovered that the RDMA Transport (RTRS) clientimplementation in the Linux kernel contained a double-free when handlingcertain error conditions. An attacker could use this to cause a denialof service (system crash). (CVE-2022-29156)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 21.10:  linux-image-5.13.0-1022-kvm     5.13.0-1022.23  linux-image-5.13.0-1023-aws     5.13.0-1023.25  linux-image-5.13.0-1023-azure   5.13.0-1023.27  linux-image-5.13.0-1025-gcp     5.13.0-1025.30  linux-image-5.13.0-1026-raspi   5.13.0-1026.28  linux-image-5.13.0-1026-raspi-nolpae  5.13.0-1026.28  linux-image-5.13.0-1028-oracle  5.13.0-1028.33  linux-image-5.13.0-41-generic   5.13.0-41.46  linux-image-5.13.0-41-generic-64k  5.13.0-41.46  linux-image-5.13.0-41-generic-lpae  5.13.0-41.46  linux-image-5.13.0-41-lowlatency  5.13.0-41.46  linux-image-aws                 5.13.0.1023.24  linux-image-azure               5.13.0.1023.23  linux-image-gcp                 5.13.0.1025.23  linux-image-generic             5.13.0.41.50  linux-image-generic-64k         5.13.0.41.50  linux-image-generic-lpae        5.13.0.41.50  linux-image-gke                 5.13.0.1025.23  linux-image-kvm                 5.13.0.1022.22  linux-image-lowlatency          5.13.0.41.50  linux-image-oem-20.04           5.13.0.41.50  linux-image-oracle              5.13.0.1028.28  linux-image-raspi               5.13.0.1026.31  linux-image-raspi-nolpae        5.13.0.1026.31  linux-image-virtual             5.13.0.41.50Ubuntu 20.04 LTS:  linux-image-5.13.0-1023-aws     5.13.0-1023.25~20.04.1  linux-image-5.13.0-1023-azure   5.13.0-1023.27~20.04.1  linux-image-5.13.0-1025-gcp     5.13.0-1025.30~20.04.1  linux-image-5.13.0-41-generic   5.13.0-41.46~20.04.1  linux-image-5.13.0-41-generic-64k  5.13.0-41.46~20.04.1  linux-image-5.13.0-41-generic-lpae  5.13.0-41.46~20.04.1  linux-image-5.13.0-41-lowlatency  5.13.0-41.46~20.04.1  linux-image-aws                 5.13.0.1023.25~20.04.16  linux-image-azure               5.13.0.1023.27~20.04.12  linux-image-gcp                 5.13.0.1025.30~20.04.1  linux-image-generic-64k-hwe-20.04  5.13.0.41.46~20.04.26  linux-image-generic-hwe-20.04   5.13.0.41.46~20.04.26  linux-image-generic-lpae-hwe-20.04  5.13.0.41.46~20.04.26  linux-image-lowlatency-hwe-20.04  5.13.0.41.46~20.04.26  linux-image-virtual-hwe-20.04   5.13.0.41.46~20.04.26After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-5417-1  CVE-2021-26401, CVE-2022-20008, CVE-2022-25258, CVE-2022-25375,  CVE-2022-26490, CVE-2022-26966, CVE-2022-27223, CVE-2022-29156Package Information:  https://launchpad.net/ubuntu/+source/linux/5.13.0-41.46  https://launchpad.net/ubuntu/+source/linux-aws/5.13.0-1023.25  https://launchpad.net/ubuntu/+source/linux-azure/5.13.0-1023.27  https://launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1025.30  https://launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1022.23  https://launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1028.33  https://launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1026.28  https://launchpad.net/ubuntu/+source/linux-aws-5.13/5.13.0-1023.25~20.04.1  https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1023.27~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.13/5.13.0-1025.30~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.13/5.13.0-41.46~20.04.1

Tag

#google