**What is the version information for this release?**

Microsoft Edge Version

Date Released

Based on Chromium Version

104.0.1293.47

8/5/2022

104.0.5112.79/80/81

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20220802**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20220802)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-2604: Chromium: CVE-2022-2604 Use after free in Safe Browsing

CVE-2022-2603: Chromium: CVE-2022-2603 Use after free in Omnibox

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20220713**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20220713)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-35796: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20220614**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20220614)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-33649: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2022-33636: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[day\] \[month\] \[year\] \[list\]

Date: Thu, 4 Aug 2022 12:38:17 +0200
From: Filippo Bonazzi <fbonazzi@...e.de>
To: oss-security@...ts.openwall.com
Subject: gromox: potential local privilege escalation (CVE-2022-37030)

Hello list,

the following report describes a local privilege escalation vulnerability in
Gromox\[0\] versions 0.5 to 1.27. Any code references in this report are based on
version 1.27 in the upstream Git repository\[1\], and packaging references are
based on the 1.27 RPM distributed by upstream\[2\].

# Introduction

Gromox is the central groupware server component of grommunio\[3\]. It is capable
of serving as a replacement for Microsoft Exchange and compatibles.

Among its many features, Gromox provides a PAM module to authenticate non-Gromox
processes to an authentication backend such as MySQL or LDAP. The PAM module
allows runtime loading of plugins, and its configuration lives in
\`/etc/gromox/pam\` or \`/etc/gromox\`.

The interaction between this PAM module, its runtime loading of plugins and
their configuration causes the vulnerability described in this report.

# The Vulnerability

The RPM spec file packages the \`/etc/gromox\` directory with ownership
\`root:gromox\` and mode 775, i.e. the directory is writeable by the unprivileged
\`gromox\` group.

The directory contains, among others, the configuration file for the PAM module.
When the authentication hook of the PAM module is invoked, the module loads the
\`/etc/gromox/pam.cfg\` configuration file, which can contain a path and a list of
filenames to be used to load plugins. The plugins are regular .so shared objects,
which are then executed by the PAM module.

It is therefore possible for the \`gromox\` group to effectively have the PAM
stack run arbitrary code upon execution of the \`pam\_gromox.so\` module.

Assuming that the PAM stack is run as root, as it is likely, this results in the
unprivileged \`gromox\` group being able to execute arbitrary code as root.

# Proof of Concept Exploit

Attached is a proof of concept setup that has been tested on current openSUSE
distributions.
The only precondition for the exploit is that gromox is installed and a target
user is in the \`gromox\` group.

# Upstream Fix

Upstream released version 1.28 of Gromox\[4\] which removes configuration
directives for runtime loading of plugins. Plugins are now loaded from a fixed
list, and from root-controlled paths only. This removes the possibility for an
unprivileged user to control what will be executed by the Gromox PAM module.

# Timeline

2022-07-25: I contacted upstream with the vulnerability report and offered
             coordinated disclosure.
	    Upstream released version 1.28 on the same day, fixing the issue,
	    and did not request any embargo.
2022-07-26: I reviewed the new version and verified that the issue has been
             fixed.
2022-08-01: I obtained CVE-2022-37030 from Mitre to track this issue.

# References

\[0\] https://gromox.com/
\[1\] https://github.com/grommunio/gromox
\[2\] https://download.grommunio.com/community/openSUSE\_Tumbleweed/
\[3\] https://grommunio.com/
\[4\] https://github.com/grommunio/gromox/releases/tag/gromox-1.28

-- 
Filippo Bonazzi
Security Engineer                        suse.com
8257 4398 947A 2DBE F21D 76E6 937A 63F0 5B36 46D9

**Download attachment "**gromox-poc.zip**" of type "**application/zip**" (2488 bytes)**

**Download attachment "**signature.asc**" of type "**application/pgp-signature**" (489 bytes)**

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2022-37030: security - gromox: potential local privilege escalation (CVE-2022-37030)

At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.

Cybercriminals always look for blind spots in access management, be they misconfigurations, poor credentialing practices, unpatched security bugs, or other hidden doors to the corporate castle. Now, as organizations continue their modernizing drift to the cloud, bad actors are taking advantage of an emerging opportunity: access flaws and misconfigurations in how organizations use cloud providers' identity and access management (IAM) layers.

In a talk on Wednesday, Aug. 10 at Black Hat USA entitled "IAM The One Who Knocks," Igal Gofman, head of research for Ermetic, will offer a view into this emerging risk frontier. "Defenders need to understand that the new perimeter is not the network layer as it was before. Now it's really IAM — it's management layer that governs all," he tells Dark Reading.

**Complexity, Machine Identities = Insecurity**

The most common pitfall that security teams step into when implementing cloud IAM is not recognizing the sheer complexity of the environment, he notes. That includes understanding the ballooning amount of permissions and access that software-as-a-service (SaaS) apps have created.

"Adversaries continue to put their hands on tokens or credentials, either via phishing or some other approach," explains Gofman. "At one time, those didn't give much to the attacker beyond what was on a local machine. But now, those security tokens have much more access, because everyone in the last few years moved to the cloud, and have more access to cloud resources."

The complexity issue is particularly piquant when it comes to machine entities — which, unlike humans, are always working. In the cloud context, they're used to access cloud APIs using API keys; enable serverless applications; automate security roles (i.e., cloud access service brokers or CASBs); integrate SaaS apps and profiles with each other using service accounts; and more.

Given that the average company now uses hundreds of cloud-based apps and databases, this mass of machine identities presents a highly complex web of interwoven permissions and access that underpin organizations' infrastructures, which is difficult to gain visibility into and thus difficult to manage, Gofman says. That's why adversaries are seeking to exploit these identities more and more.

"We are seeing a rise in the use of non-human identities, which have access to different resources and different services internally," he notes. "These are services that speak with other services. They have permissions, and usually broader access than humans. The cloud providers are pushing their users to use those, because at the basic level they consider them to be more secure. But, there are some exploitation techniques that can be used to compromise environments using those non-human identities."

Machine entities with management permissions are particularly attractive for adversaries to use, he adds.

"This is one of the main vectors we see cybercriminals targeting, especially in Azure," he explains. "If you don't have an intimate understanding of how to manage them within the IAM, you're offering up a security hole."

**How to Boost IAM Security in the Cloud**

From a defensive standpoint, Gofman plans to discuss the many options that organizations have for getting their arms around the problem of implementing effective IAM in the cloud. For one, organizations should make use of cloud providers' logging capabilities to build a comprehensive view of who — and what — exists in the environment.

"These tools are not actually used extensively, but they're good options to better understand what's going on in your environment," he explains. "You can use logging to reduce the attack surface too, because you can see exactly what users are using, and what permissions they have. Admins can also compare stated policies to what is actually being used within a given infrastructure, too."

He also plans to break down and compare the different IAM services from the top three public cloud providers — Amazon Web Services, Google Cloud Platform, and Microsoft Azure — and their security approaches, all of which are slightly different. Multi-cloud IAM is an added wrinkle for corporations using different clouds from different providers, and Gofman notes that understanding the subtle differences between the tools they offer can go a long way to shoring up defenses.

Organizations can also use a variety of third-party, open source tools to gain better visibility across the infrastructure, he notes, adding that he and his co-presenter Noam Dahan, research lead at Ermetic, plan to demo one option.

"Cloud IAM is super-important," Gofman says. "We're going to speak about the dangers, the tools that can be used, and the importance of understanding better what permissions are used and what permission are not used, and how and where admins can identify blind spots."

Cyberattackers Increasingly Target Cloud IAM as a Weak Link

The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.

A high-severity local privilege-escalation (LPE) vulnerability in Kaspersky's VPN Secure Connection for Microsoft Windows has been discovered, which would allow an attacker to gain administrative privileges and take full control over a victim's computer.

Tracked as CVE-2022-27535, the bug carries a high-severity CVSS score of 7.8 out of 10, according to an advisory out today from Synopsys, which discovered the issue. It exists in the Support Tools part of the application, and would allow an authenticated attacker to trigger arbitrary file deletion in the system.

"it could lead to device malfunction or the removal of important system files required for correct system operation," according to a Kaspersky spokesperson. "To execute this attack, an intruder had to create a specific file and convince users to run 'Delete all service data and reports' or 'Save report on your computer" product features.'"

While remote code execution (RCE) bugs tend to hog the patching spotlight, LPE flaws deserve recognition as they're often linchpins within a wider attack flow. After cybercriminals gain initial access to a target via RCE or social engineering, LPEs are generally used by attackers to boost their privileges from a normal user profile to SYSTEM – i.e., the highest privilege level in the Windows environment.

With these kinds of local admin privileges, an attacker can then gain further access to the network, and ultimately a company's crown jewels.

"A fully compromised computer would allow an attacker access to websites, credentials, files, and other sensitive information that could be useful by itself, or useful in moving laterally inside a corporate network," Jonathan Knudsen, head of global research at Synopsys Cybersecurity Research Center, tells Dark Reading.

Kaspersky's VPN Secure Connection offers remote workers a supposedly secure way to tie back to a corporate network and resources, and Knudsen notes that the bug discovery points out an important truism: "All software has vulnerabilities, even security software. The key to releasing better, more secure software is using a development process where security is part of every phase."

He adds that Synopsys hasn't seen any exploitation of the bug, but "most likely attackers will take note of it as a possible technique." Users should upgrade to version 21.7.7.393 or later to patch their systems.

High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated.

**The Importance of Email Security**

Email remains the primary vehicle used by cybercriminals, with 90% of cyberattacks delivered via this attack vector. Email is also the most essential and widely used business communication tool.

Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have not only gone up, but the attacks delivered via email have also become more sophisticated.

The work-from-home shift experienced by most of the world has made employees and organizations more vulnerable to cyberattacks delivered by email than ever before. This makes business email an irresistible target for cybercriminals.

**Email Security Is at a Crossroads**

Protecting email, while reducing cost and complexity, is a business-critical objective for organizations of all sizes, working in virtually every industry, and in all areas of the world. Workers are more frequently than ever logging on remotely from home, from hotels, from coffee shops, and sometimes even using their own personal devices. Often distracted by their environment, even the most cautious user can inadvertently open a malicious email or click on a malicious link.

Some organizations are choosing to rely on platforms such as Microsoft 365 and Google Workspace to provide the base of their email security strategy, while others are choosing to rely on more specialized products such as a secure email gateway created by cybersecurity vendors. And while most cybersecurity vendors force customers to choose only their specialized solution in order to reap its benefits, it is completely possible for these vendors to modify their existing specialized solutions to work with well-known software vendor platforms to augment and enhance those platforms’ security to the extreme benefit of their customers.

**Meeting Today's Email Security Needs**

Today's agile organizations desire — and should require — simplicity and effective results from their security tools. And with continual pressure for security leaders to justify their investments in new security technology, email security solutions should be diverse, cost effective, and deliver a quick return. This is all coming at a time when complexity for virtually every security team is increasing. System noise is increasing, the business and compliance needs of organizations are growing more diverse and complicated, and the risk cyberattacks pose is continually on the rise.

Gateway-less email security solutions stand poised to meet these customer needs. These solutions augment the security of software platforms like Microsoft 365 and Google Workspace by reinspecting emails that have already passed through the platform's email gateway and been scanned by its email security tool. These gateway-less email security solutions use routing rules to inspect emails after they have been scanned by the platform's detection engine but before they are delivered to users' inboxes. This helps stop the threats that may have been missed by Microsoft 365, Google Workspace, or other software platform security tools.

Gateway-less email security solutions deliver world-class protection, keeping email communication secure while augmenting the protection of incumbent email providers.

**The Benefits of Gateway-less Email Security**

Gateway-less solutions are growing in popularity due to their ease of deployment, ability to augment rather than replace software platform security, and appeal to organizations of all sizes. Cybersecurity analysts are now recommending gateway-less solutions as a viable email security option.

Gateway-less email security solutions stand behind security solutions organization are already using, helping to reduce the cost and complexity of email security deployments, which can be especially beneficial for smaller organizations with less complex email environments. Gateway-less solutions run entirely in the cloud with little to no infrastructure cost and require little to no security policy customization. This benefits both smaller organizations with lean IT departments and less resources, as well as larger organizations that are looking to cut costs, reduce resource use, and allow critical IT staff to focus on other areas of the enterprise.

When evaluating gateway-less email security solutions, organizations should seek out products that:

*   Deploy in a matter of minutes
*   Block even the most sophisticated email attacks with AI-powered detection
*   Enhance and extend the security of software platforms like Microsoft 365 and Google Workspace
*   Optimize protections with a quality best-practice, out-of-the-box security policy
*   Simplify email security with effortless administration
*   Allow users to easily see what threats have been blocked and why
*   Can be adjusted with the click of a button to meet user and admin needs
*   Defend against social engineering attacks
*   Remediate malicious emails with a single click

**The Bottom Line**

As the work-from-home shift transitions into a much more acceptable, prevalent, and permanent hybrid working environment, some organizations are choosing to stay with a traditional email security gateway, while others are moving toward gateway-less email solutions that augment the security of software platforms like Microsoft 365 and Google Workspace. Organizations that do so should seek out a gateway-less email security partner with advanced detection capabilities, access to long-standing threat intelligence based on long-running market and industry experience, and the ablity to deliver best-in-class efficacy that is difficult to match via a tried-and true solution platform that can reduce complexity, reduce organization risk, and bring email and collaboration security under one roof through a single pane of glass.

**About the Author**

    

Thom Bailey leads the Strategy & Evangelism team at Mimecast, the authority in email security, targeted threat protection, and data governance. With over 20 years in product marketing and product management experience, Thom's passion has been one of understanding the intersection of IT operations and security.

How Email Security Is Evolving

By Deeba Ahmed
Open-Redirect vulnerabilities in American Express and Snapchat are being exploited to carry out phishing scams, researchers have revealed.…
This is a post from HackRead.com Read the original post: Unprotected Snapchat and Amex sites lead to credential harvesting

****Open-Redirect vulnerabilities in American Express and Snapchat are being exploited to carry out phishing scams, researchers have revealed.****

Scammers are exploiting open-redirect vulnerabilities in a new phishing campaign targeting **Microsoft 365** and Google Workspace users. These vulnerabilities are mainly impacting American Express and Snapchat domains.

Open redirect is a security vulnerability. It occurs when a website cannot validate user input, due to which threat actors can **manipulate the URLs** of reputed domains and redirect victims to malicious pages.

**Phishing Emails Using Open-Redirect Vulnerabilities**

According to a **report** from INKY, automated URL redirects used by **Snapchat** and American Express to attract users to their websites have been hijacked to steal credentials.

Attackers are sending phishing emails and include PII (personally identifiable information) in the URL to customize the malicious landing pages quickly and disguise them PII by converting it into Base 64.

Hence, the information turns into a sequence of random characters. INKY’s report further revealed that they observed threat actors hijacking unpatched redirect vulnerabilities on Snapchat and American Express domains between May and July.

**What Makes the Attack Effective?**

A trusted domain such as Snapchat serves as a temporary landing page, after which the visitor is redirected to a malicious URL. The original site’s link is the first domain in the altered link, which appears safe to unsuspecting users. Since legit websites/URLs used by **trusted brands** are used in the scam, the attack is effective.

> “For example, where “safe.com” is taken to represent an authentic domain and “malicious.com” – a credential-harvesting website, cybercriminals will insert safe.com/redirect?url=malicious.com to redirect victims to fake versions of Microsoft, FedEx, and DocuSign login sites that then siphon off their email and password details.”
> 
> INKY

In the Snapchat group, phishing emails used DocuSign, Microsoft, and FedEx lures, allowing the stealing of Microsoft credentials.

INKY engineers identified over 6,800 Snapchat phishing emails with the open-redirect vulnerability during the past two months. Conversely, American Express’s open-redirect vulnerability was detected in over 2,000 phishing emails in just two days in July.

Reportedly, American Express patched the vulnerability, but Snapchat hasn’t patched it even after a year has passed after the company was notified about the issue by **Open Bug Bounty**.

*   **“Get Your Free Omicron PCR test” is the latest Omicron phishing scam**
*   **Microsoft MSHTML flaw exploited in Gmail and Instagram phishing scam**
*   **Facebook Phishing Scam Using Messenger Chatbots to Steal Login Data**
*   **Spider-Man: No Way Home exploited to push phishing and malware scams**
*   **Unpatched Microsoft Exchange Servers abused in a new phishing campaign**

Tag

#microsoft