Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2023-36020

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-36006

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

CVE-2023-35629

Microsoft Outlook for Mac Spoofing Vulnerability

CVE-2023-35619

Microsoft Defender Denial of Service Vulnerability

CVE-2023-36010

Microsoft Word Information Disclosure Vulnerability

CVE-2023-36009

The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace.
IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and

Cyber Espionage / Malware

The Russian nation-state threat actor known as **APT28** has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace.

IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and TA422.

"The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers," security researchers Golo Mühr, Claire Zaboeva, and Joe Fasulo said.

"ITG05's infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign."

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

Targets of the campaign include Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia, and Romania.

The campaign involves the use of decoys that are designed to primarily single out European entities with a "direct influence on the allocation of humanitarian aid," leveraging documents associated with the United Nations, the Bank of Israel, the U.S. Congressional Research Service, the European Parliament, a Ukrainian think tank, and an Azerbaijan-Belarus Intergovernmental Commission.

Some of the attacks have been found to employ RAR archives exploiting the WinRAR flaw called CVE-2023-38831 to propagate HeadLace, a backdoor that was first disclosed by the computer Emergency Response Team of Ukraine (CERT-UA) in attacks aimed at critical infrastructure in the country.

It's worth noting that Zscaler revealed a similar campaign named Steal-It in late September 2023 that enticed targets with adult-themed content to trick them into parting with sensitive information.

The disclosure comes a week after Microsoft, Palo Alto Networks Unit 42, and Proofpoint detailed the threat actor's exploitation of a critical security flaw of Microsoft Outlook (CVE-2023-23397, CVSS score: 9.8) to gain unauthorized access to victims' accounts within Exchange servers.

The reliance on official documents as lures, therefore, marks a deviation from previously observed activity, "indicative of ITG05's increased emphasis on a unique target audience whose interests would prompt interaction with material impacting emerging policy creation."

"It is highly likely the compromise of any echelon of global foreign policy centers may aid officials' interests with advanced insight into critical dynamics surrounding the International Community's (IC) approach to competing priorities for security and humanitarian assistance," the researchers said.

The development comes as CERT-UA linked the threat actor known as UAC-0050 to a massive email-based phishing attack against Ukraine and Poland using Remcos RAT and Meduza Stealer.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

Ubuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-6549-1December 11, 2023linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke,linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia,linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:It was discovered that the USB subsystem in the Linux kernel contained arace condition while handling device descriptors in certain situations,leading to a out-of-bounds read vulnerability. A local attacker couldpossibly use this to cause a denial of service (system crash).(CVE-2023-37453)Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel did not properly initialize a policy data structure, leadingto an out-of-bounds vulnerability. A local privileged attacker could usethis to cause a denial of service (system crash) or possibly exposesensitive information (kernel memory). (CVE-2023-3773)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate some attributes passed from userspace. A localattacker could use this to cause a denial of service (system crash) orpossibly expose sensitive information (kernel memory). (CVE-2023-39189)Sunjoo Park discovered that the netfilter subsystem in the Linux kernel didnot properly validate u32 packets content, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39192)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate SCTP data, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39193)Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem inthe Linux kernel did not properly handle state filters, leading to an out-of-bounds read vulnerability. A privileged local attacker could use this tocause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-39194)It was discovered that a race condition existed in QXL virtual GPU driverin the Linux kernel, leading to a use after free vulnerability. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2023-39198)Kyle Zeng discovered that the IPv4 implementation in the Linux kernel didnot properly handle socket buffers (skb) when performing IP routing incertain circumstances, leading to a null pointer dereference vulnerability.A privileged attacker could use this to cause a denial of service (systemcrash). (CVE-2023-42754)Jason Wang discovered that the virtio ring implementation in the Linuxkernel did not properly handle iov buffers in some situations. A localattacker in a guest VM could use this to cause a denial of service (hostsystem crash). (CVE-2023-5158)Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly handle queue initialization failures in certainsituations, leading to a use-after-free vulnerability. A remote attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-5178)Budimir Markovic discovered that the perf subsystem in the Linux kernel didnot properly handle event groups, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-5717)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1042-nvidia  5.15.0-1042.42   linux-image-5.15.0-1042-nvidia-lowlatency  5.15.0-1042.42   linux-image-5.15.0-1044-ibm     5.15.0-1044.47   linux-image-5.15.0-1044-raspi   5.15.0-1044.47   linux-image-5.15.0-1048-gcp     5.15.0-1048.56   linux-image-5.15.0-1048-gke     5.15.0-1048.53   linux-image-5.15.0-1048-kvm     5.15.0-1048.53   linux-image-5.15.0-1049-oracle  5.15.0-1049.55   linux-image-5.15.0-1051-aws     5.15.0-1051.56   linux-image-5.15.0-1053-azure   5.15.0-1053.61   linux-image-5.15.0-1053-azure-fde  5.15.0-1053.61.1   linux-image-5.15.0-91-generic   5.15.0-91.101   linux-image-5.15.0-91-generic-64k  5.15.0-91.101   linux-image-5.15.0-91-generic-lpae  5.15.0-91.101   linux-image-aws-lts-22.04       5.15.0.1051.50   linux-image-azure-fde-lts-22.04  5.15.0.1053.61.31   linux-image-azure-lts-22.04     5.15.0.1053.49   linux-image-gcp-lts-22.04       5.15.0.1048.44   linux-image-generic             5.15.0.91.88   linux-image-generic-64k         5.15.0.91.88   linux-image-generic-lpae        5.15.0.91.88   linux-image-gke                 5.15.0.1048.47   linux-image-gke-5.15            5.15.0.1048.47   linux-image-ibm                 5.15.0.1044.40   linux-image-kvm                 5.15.0.1048.44   linux-image-nvidia              5.15.0.1042.42   linux-image-nvidia-lowlatency   5.15.0.1042.42   linux-image-oracle              5.15.0.1049.44   linux-image-oracle-lts-22.04    5.15.0.1049.44   linux-image-raspi               5.15.0.1044.42   linux-image-raspi-nolpae        5.15.0.1044.42   linux-image-virtual             5.15.0.91.88Ubuntu 20.04 LTS:   linux-image-5.15.0-1044-ibm     5.15.0-1044.47~20.04.1   linux-image-5.15.0-1049-oracle  5.15.0-1049.55~20.04.1   linux-image-5.15.0-1051-aws     5.15.0-1051.56~20.04.1   linux-image-5.15.0-1053-azure   5.15.0-1053.61~20.04.1   linux-image-5.15.0-1053-azure-fde  5.15.0-1053.61~20.04.1.1   linux-image-5.15.0-91-generic   5.15.0-91.101~20.04.1   linux-image-5.15.0-91-generic-64k  5.15.0-91.101~20.04.1   linux-image-5.15.0-91-generic-lpae  5.15.0-91.101~20.04.1   linux-image-aws                 5.15.0.1051.56~20.04.39   linux-image-azure               5.15.0.1053.61~20.04.42   linux-image-azure-cvm           5.15.0.1053.61~20.04.42   linux-image-azure-fde           5.15.0.1053.61~20.04.1.31   linux-image-generic-64k-hwe-20.04  5.15.0.91.101~20.04.48   linux-image-generic-hwe-20.04   5.15.0.91.101~20.04.48   linux-image-generic-lpae-hwe-20.04  5.15.0.91.101~20.04.48   linux-image-ibm                 5.15.0.1044.47~20.04.16   linux-image-oem-20.04           5.15.0.91.101~20.04.48   linux-image-oem-20.04b          5.15.0.91.101~20.04.48   linux-image-oem-20.04c          5.15.0.91.101~20.04.48   linux-image-oem-20.04d          5.15.0.91.101~20.04.48   linux-image-oracle              5.15.0.1049.55~20.04.1   linux-image-virtual-hwe-20.04   5.15.0.91.101~20.04.48After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6549-1   CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,   CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,   CVE-2023-5158, CVE-2023-5178, CVE-2023-5717Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-91.101   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1051.56   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1053.61   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1053.61.1   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1048.56   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1048.53   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1044.47   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1048.53   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1042.42   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1049.55   https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1044.47   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1051.56~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1053.61~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1053.61~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-91.101~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1044.47~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1049.55~20.04.1

Ubuntu Security Notice USN-6549-1

Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6548-1December 11, 2023linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm,linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systemsDetails:It was discovered that Spectre-BHB mitigations were missing for Ampereprocessors. A local attacker could potentially use this to expose sensitiveinformation. (CVE-2023-3006)It was discovered that the USB subsystem in the Linux kernel contained arace condition while handling device descriptors in certain situations,leading to a out-of-bounds read vulnerability. A local attacker couldpossibly use this to cause a denial of service (system crash).(CVE-2023-37453)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate some attributes passed from userspace. A localattacker could use this to cause a denial of service (system crash) orpossibly expose sensitive information (kernel memory). (CVE-2023-39189)Sunjoo Park discovered that the netfilter subsystem in the Linux kernel didnot properly validate u32 packets content, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39192)Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate SCTP data, leading to an out-of-bounds readvulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-39193)Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem inthe Linux kernel did not properly handle state filters, leading to an out-of-bounds read vulnerability. A privileged local attacker could use this tocause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-39194)Kyle Zeng discovered that the IPv4 implementation in the Linux kernel didnot properly handle socket buffers (skb) when performing IP routing incertain circumstances, leading to a null pointer dereference vulnerability.A privileged attacker could use this to cause a denial of service (systemcrash). (CVE-2023-42754)Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly handle queue initialization failures in certainsituations, leading to a use-after-free vulnerability. A remote attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-5178)Budimir Markovic discovered that the perf subsystem in the Linux kernel didnot properly handle event groups, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-5717)It was discovered that the TLS subsystem in the Linux kernel did notproperly perform cryptographic operations in some situations, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-6176)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1035-xilinx-zynqmp  5.4.0-1035.39   linux-image-5.4.0-1063-ibm      5.4.0-1063.68   linux-image-5.4.0-1076-bluefield  5.4.0-1076.82   linux-image-5.4.0-1104-kvm      5.4.0-1104.111   linux-image-5.4.0-1116-aws      5.4.0-1116.126   linux-image-5.4.0-1120-gcp      5.4.0-1120.129   linux-image-5.4.0-1121-azure    5.4.0-1121.128   linux-image-5.4.0-169-generic   5.4.0-169.187   linux-image-5.4.0-169-generic-lpae  5.4.0-169.187   linux-image-5.4.0-169-lowlatency  5.4.0-169.187   linux-image-aws-lts-20.04       5.4.0.1116.113   linux-image-azure-lts-20.04     5.4.0.1121.114   linux-image-bluefield           5.4.0.1076.71   linux-image-gcp-lts-20.04       5.4.0.1120.122   linux-image-generic             5.4.0.169.167   linux-image-generic-lpae        5.4.0.169.167   linux-image-ibm-lts-20.04       5.4.0.1063.92   linux-image-kvm                 5.4.0.1104.100   linux-image-lowlatency          5.4.0.169.167   linux-image-oem                 5.4.0.169.167   linux-image-oem-osp1            5.4.0.169.167   linux-image-virtual             5.4.0.169.167   linux-image-xilinx-zynqmp       5.4.0.1035.35Ubuntu 18.04 LTS (Available with Ubuntu Pro):   linux-image-5.4.0-1063-ibm      5.4.0-1063.68~18.04.1   linux-image-5.4.0-1116-aws      5.4.0-1116.126~18.04.1   linux-image-5.4.0-1120-gcp      5.4.0-1120.129~18.04.1   linux-image-5.4.0-1121-azure    5.4.0-1121.128~18.04.1   linux-image-5.4.0-169-generic   5.4.0-169.187~18.04.1   linux-image-5.4.0-169-lowlatency  5.4.0-169.187~18.04.1   linux-image-aws                 5.4.0.1116.94   linux-image-azure               5.4.0.1121.94   linux-image-gcp                 5.4.0.1120.96   linux-image-generic-hwe-18.04   5.4.0.169.187~18.04.137   linux-image-ibm                 5.4.0.1063.73   linux-image-lowlatency-hwe-18.04  5.4.0.169.187~18.04.137   linux-image-oem                 5.4.0.169.187~18.04.137   linux-image-oem-osp1            5.4.0.169.187~18.04.137   linux-image-snapdragon-hwe-18.04  5.4.0.169.187~18.04.137   linux-image-virtual-hwe-18.04   5.4.0.169.187~18.04.137After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6548-1   CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,   CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,   CVE-2023-5717, CVE-2023-6176Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-169.187   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1116.126   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1121.128   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1076.82   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1120.129   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1063.68   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1104.111   https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1035.39

Ubuntu Security Notice USN-6548-1

View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION:
Vendor: Schneider Electric
Equipment: Easy UPS Online Monitoring Software
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file deletion with system privileges.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports that the following versions of Easy UPS Online Monitoring Software are affected:
Easy UPS Online Monitoring Software (Windows 10, 11, Windows
3.2 Vulnerability Overview
3.2.1 Path Traversal CWE-22
A path traversal vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.
CVE-2023-6407 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Multiple
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER
06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 working with Trend Micro Zero Day Initiative and Tenable Network Security reported this vulnerability to CISA.
4. MITIGATIONS
Version 2.6-GA-01-23248 of Easy UPS Online Monitoring Software includes a fix for the vulnerabilities for Microsoft supported versions of Windows 10, 11, Windows Server 2016, 2019 & 2022 and is available for download.
The Easy UPS Online Monitoring Software has been discontinued coinciding with the discontinuation of the Easy UPS Online SNMP Cards (APV9601, APVS9601) managed by this software.
Schneider Electric recommends that users currently using Easy UPS Online Monitoring Software to manage Easy UPS Online (SRV/SRVS) should transition to PowerChute Serial Shutdown for serial/USB shutdown and monitoring; and to PowerChute Network Shutdown for network shutdown and monitoring. For more information about PowerChute software please see the following:
https://www.apc.com/pcss
https://www.apc.com/pcns
Schneider Electric strongly recommends users follow cybersecurity industry best practices, including: 
Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
Place all controllers in locked cabinets and never leave them in the "Program" mode.
Never connect programming software to any network other than the network intended for that device.
Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information on cybersecurity industry best practices, refer to the Schneider Electric recommended cybersecurity best practices document.
For more information on this vulnerability and the associated mitigations, see Schneider Electric vulnerability disclosure SEVD-2023-346-03.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.
5. UPDATE HISTORY
December 12, 2023: Initial Publication

Tag

#microsoft