A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

'2037386?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-0168: Invalid Bug ID

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.

**CVE-2022-32745.html:**

\===========================================================
== Subject:     Samba AD users can crash the server process with an
==              LDAP add or modify request.
==
== CVE ID#:     CVE-2022-32745
==
== Versions:    Samba 4.16, 4.15.2, 4.14.10, 4.13.14, and later
==
== Summary:     Samba AD users can cause the server to access
==              uninitialised data with an LDAP add or modify request,
==              usually resulting in a segmentation fault.
===========================================================

===========
Description
===========

Due to incorrect values used as the limit for a loop and as the
'count' parameter to memcpy(), the server, receiving a specially
crafted message, leaves an array of structures partially
uninitialised, or accesses an arbitrary element beyond the end of an
array.

Outcomes achievable by an attacker include segmentation faults and
corresponding loss of availability. Depending on the contents of the
uninitialised memory, confidentiality may also be affected.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (5.4)

==========
Workaround
==========

None.

=======
Credits
=======

Initial report, patches, and this advisory by Joseph Sutton of
Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================

CVE-2022-32745: Samba - Security Announcement Archive

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

**CVE-2022-32746.html:**

\===========================================================
== Subject:     Samba AD users can induce a use-after-free in the
==              server process with an LDAP add or modify request.
==
== CVE ID#:     CVE-2022-32746
==
== Versions:    All versions of Samba prior to 4.16.4
==
== Summary:     The AD DC database audit logging module can be made to
==              access LDAP message values that have been freed by a
==              preceding database module, resulting in a use-after-
==              free. This is only possible when modifying certain
==              privileged attributes, such as userAccountControl.
===========================================================

===========
Description
===========

Some database modules make a shallow copy of an LDAP add/delete
message so they can make modifications to its elements without
affecting the original message. Each element in a message points to an
array of values, and these arrays are shared between the original
message and the copy.

The issue arises when a database module adds new values to an existing
array. A call to realloc() increases the array's size to accommodate
new elements, but at the same time, frees the old array. This leaves
the original message element with a dangling pointer to a now-freed
array. When the database audit logging module subsequently logs the
details of the original message, it will access this freed data,
generally resulting in corrupted log output or a crash.

The code paths susceptible to this issue are reachable when certain
specific attributes, such as userAccountControl, are added or
modified. These attributes are not editable by default without having
a privilege assigned, such as Write Property.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (5.4)

==========
Workaround
==========

Disabling AD DC database audit logging prevents the use-after-free
from occurring, as that is the only component that will access the
original message.

=======
Credits
=======

Initial report, patches, and this advisory by Joseph Sutton and Andrew
Bartlett of Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================

CVE-2022-32746: Samba - Security Announcement Archive

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

**CVE-2022-32744.html:**

\===========================================================
== Subject:     Samba AD users can forge password change requests for
==              any user.
==
== CVE ID#:     CVE-2022-32744
==
== Versions:    Samba 4.3 and later
==
== Summary:     The KDC accepts kpasswd requests encrypted with any
==              key known to it. By encrypting forged kpasswd requests
==              with its own key, a user can change the passwords of
==              other users, enabling full domain takeover.
===========================================================

===========
Description
===========

Tickets received by the kpasswd service were decrypted without
specifying that only that service's own keys should be tried. By
setting the ticket's server name to a principal associated with their
own account, or by exploiting a fallback where known keys would be
tried until a suitable one was found, an attacker could have the
server accept tickets encrypted with any key, including their own.

A user could thus change the password of the Administrator account and
gain total control over the domain. Full loss of confidentiality and
integrity would be possible, as well as of availability by denying
users access to their accounts.

In addition, the kpasswd service would accept tickets encrypted by the
krbtgt key of an RODC, in spite of the fact that RODCs should not have
been able to authorise password changes.

==================
Patch Availability
==================

Patches addressing this issue have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8)

==========
Workaround
==========

kpasswd is not a critical protocol for the AD DC in most installations, it can
be disabled by setting "kpasswd port = 0" in the smb.conf.

=======
Credits
=======

Initial report, patches, and this advisory by Joseph Sutton of
Catalyst and the Samba Team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================

CVE-2022-32744: Samba - Security Announcement Archive

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

**CVE-2022-32742.html:**

\====================================================================
== Subject:     Server memory information leak via SMB1.
==
== CVE ID#:     CVE-2022-32742
==
== Versions:    All versions of Samba.
==
== Summary:     SMB1 Client with write access to a share can cause
==              server memory contents to be written into a file
==              or printer.
==
====================================================================

===========
Description
===========

Please note that only versions of Samba prior to 4.11.0 are vulnerable
to this bug by default. Samba versions 4.11.0 and above disable SMB1
by default, and will only be vulnerable if the administrator has
deliberately enabled SMB1 in the smb.conf file.

All versions of Samba with SMB1 enabled are vulnerable to a server
memory information leak bug over SMB1 if a client can write data to a
share. Some SMB1 write requests were not correctly range checked to
ensure the client had sent enough data to fulfill the write, allowing
server memory contents to be written into the file (or printer)
instead of client supplied data. The client cannot control the area of
the server memory that is written to the file (or printer).

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.16.4, 4.15.9 and 4.14.14 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==================
CVSSv3.1 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (4.3)

==========
Workaround
==========

This is an SMB1-only vulnerability. Since Samba release 4.11.0 SMB1
has been disabled by default. We do not recommend enabling SMB1 server
support. For Samba versions prior to 4.11.0 please disable SMB1 by
adding

server min protocol = SMB2\_02

to the \[global\] section of your smb.conf and restarting smbd.

=======
Credits
=======

This problem was reported by Luca Moro working with Trend Micro Zero
Day Initiative. Jeremy Allison of Google and the Samba Team provided
the fix.

CVE-2022-32742: Samba - Security Announcement Archive

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

**CVE-2022-2031.html:**

\===========================================================
== Subject:     Samba AD users can bypass certain restrictions
==              associated with changing passwords.
==
== CVE ID#:     CVE-2022-2031
==
== Versions:    All versions of Samba prior to 4.16.4
==
== Summary:     The KDC and the kpasswd service share a single account
==              and set of keys, allowing them to decrypt each other's
==              tickets. A user who has been requested to change their
==              password can exploit this to obtain and use tickets to
==              other services.
===========================================================

===========
Description
===========

The KDC and the kpasswd service share a single account and set of
keys. In certain cases, this makes the two services susceptible to
confusion.

When a user's password has expired, that user is requested to change
their password. Until doing so, the user is restricted to only
acquiring tickets to kpasswd.

However, a vulnerability meant that the kpasswd's principal, when
canonicalized, was set to that of the TGS (Ticket-Granting Service),
thus yielding TGTs from ordinary kpasswd requests. These TGTs could be
used to perform an Elevation of Privilege attack by obtaining service
tickets and using services in the forest. This vulnerability existed
in versions of Samba built with Heimdal Kerberos.

A separate vulnerability in Samba versions below 4.16, and in Samba
built with MIT Kerberos, led the KDC to accept kpasswd tickets as if
they were TGTs, with the same overall outcome.

On the reverse side of the issue, password changes could be effected
by presenting TGTs as if they were kpasswd tickets. TGTs having
potentially longer lifetimes than kpasswd tickets, the value of a
stolen cache containing a TGT was hence increased to an attacker, with
the possibility of indefinite control over an account by means of a
password change.

Finally, kpasswd service tickets would be accepted for changes to
one's own password, contrary to the requirement that tickets be
acquired with an initial KDC request in such cases.

As part of the mitigations, the lifetime of kpasswd tickets has been
restricted to a maximum of two minutes. The KDC will not longer accept
TGTs with two minutes or less left to live, to make sure it does not
accept kpasswd tickets.

==================
Patch Availability
==================

Patches addressing these issues have been posted to:

    https://www.samba.org/samba/security/

Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (5.4)

==========
Workaround
==========

kpasswd is not a critical protocol for the AD DC in most installations, it can
be disabled by setting "kpasswd port = 0" in the smb.conf.

=======
Credits
=======

Originally reported by Luke Howard.

Patches provided by Joseph Sutton and Andreas Schneider of the Samba
team.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================

CVE-2022-2031: Samba - Security Announcement Archive

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.

Original Release: August 4, 2022

****Overview****

Recently, a security vulnerability was discovered in the PrinterLogic Windows Client driver installation process. Vasion has completed remediation for this vulnerability via an updated Windows Client package.

****Vulnerability Description****

The PrinterLogic Windows Client on or before Version 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. A CVE will be published by Mitre shortly and added to this bulletin when available.

****Investigation and Remediation****

The vulnerability is remediated by updating the PrinterLogic Windows Client to Version 25.0.0.688 or later. Release notes for the new client are found here. Depending on your PrinterLogic platform, the following instructions apply:

*   For PrinterLogic SaaS, information about updating clients is found here.
*   For the PrinterLogic Virtual Appliance, a VA Application Update containing the new Windows client is available. For more information about application updates is available here. Once the update is complete, deploy the new client using the steps found here.
*   For PrinterLogic Web Stack, the latest client download is here.
*   If you prefer to push the new Windows client via third-party software, you’ll find the client installation package (MSI) here.

Original Release: April 5, 2022

****Overview****

A security vulnerability that affects VMware products was reported in CVE-2022-22965. The issue does not impact Vasion software.

****Description****

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment.

****Impact****

While some customers run their PrinterLogic Virtual Appliance on VMware hypervisors, the VA itself is not at risk. Information about remediations for VMware software is available here.

Original Release: Mar 24, 2022

****Overview****

Recently, an out-of-bounds vulnerability assigned to CVE-2021-44142 was disclosed in Samba versions prior to 4.13.17. This flaw involves an out-of-bounds heap read-write event in which remote attackers could execute arbitrary code as root on affected Samba installations that use the VFS module vfs\_fruit. The PrinterLogic Virtual Appliance (VA) is susceptible to this vulnerability and was remediated. This issue does not affect PrinterLogic SaaS.

****Vulnerability Description****

Samba is an implementation of SMB protocol that provides file and printer interoperability for Windows platforms over the network. It is a widely installed software package, and many Linux-based IoT and network devices include publicly open SMB services by default.

The specific flaw exists in EA metadata parsing when opening files in smbd, the Samba server daemon that provides file sharing and printing services to Windows clients. Access as a user with write access to a file’s extended attributes is required to exploit this vulnerability. A guest or unauthenticated user could do this if they are allowed write access to file extended attributes.

The problem in vfs\_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to settings other than the default values, the system is not affected by the security issue. The PrinterLogic VA Host has vfs\_fruit enabled and required remediation.

****Vasion Investigation and Remediation****

Vasion has removed the VA\_Fruit module from the PrinterLogic Virtual Appliance. Therefore, we recommend that PrinterLogic VA customers with host versions 1.0.735 and earlier update their VA Host, which includes the latest application release. This update includes other new functionality as well described in the release notes. The update and release notes can be found in our PrinterLogic VA Admin Guide here.

Original Release: Feb 7, 2022

****Overview****

In late January, Vasion became aware of a vulnerability that affects many Linux distributions. The company has completed remediations in its PrinterLogic SaaS and PrinterLogic Virtual Appliance (VA) platforms.

****Vulnerability Description****

Polkit (formerly known as PolicyKit) is a systemd SUID-root program and is installed by default in every major Linux distribution. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. 

In the version of Polkit that resulted in this vulnerability discovery, the pkexec application doesn’t handle the calling parameters count correctly and ends by trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in a way that induces pkexec to execute arbitrary code. This can result in a local privilege escalation and give unprivileged users administrative rights on the target machine.

A new version of Polkit was released that addresses this vulnerability. More information can be found in the CVE-2021-4034 detail document found here.

****Vasion Investigation and Remediation****

Vasion completed its investigation to determine how this vulnerability affects PrinterLogic SaaS and the PrinterLogic Virtual Appliance (VA). It was found that servers for both platforms contained the affected version of Polkit.  

Both PrinterLogic products have been patched with the latest version of Polkit recommended by Linux (0.105-20 Ubuntu 0.18.04.05 changed to 0.105-20 Ubuntu 0.18.04.06). 

Because PrinterLogic SaaS updates occur automatically, this remediation is already live.

PrinterLogic VA customers with host versions 1.0.730 and earlier will need to update their VA host, which includes the latest application release as well. The VA update and release notes can be found in our Admin Guide here.

Original Release: Jan 21, 2022

****Overview****

Recently, security vulnerabilities were discovered in PrinterLogic Web Stack versions 19.1.1.13 SP9 and below. PrinterLogic has completed corrective measures to remediate each vulnerability, and updates are available now for PrinterLogic Web Stack and the Virtual Appliance. Updates occurred automatically with PrinterLogic SaaS and are live worldwide. A summary of the vulnerabilities and corrective actions PrinterLogic has taken are below. Links to the respective CVEs will be added once they are available.

****Vulnerabilities (CVEs) and Remediation Summary****

*   **CVE-2021-42631:** Object Injection leading to RCE CVSS 8.1

– The affected endpoints were reorganized so they no longer use objects passed as parameters (removing the vulnerability). The vulnerable function “unserialize()” is no longer used.

– Affected Web Stack, the VA, and SaaS. Remediations completed.

*   **CVE-2021-42635:** Hardcoded APP\_KEY leading to RCE CVSS 8.1

– The Web Stack installers were adjusted to generate random keys on installation and on updates.

– In addition, we performed scans for other keys and credentials that may have been leaked, and any findings were also corrected.  Measures were furthermore put in place to prevent any leaked secrets from accidentally    being included in future releases.

– Affected Web Stack only. Remediations completed.

*   **CVE-2021-42638:** Misc command injections leading to RCE CVSS 8.1

– The affected areas were completely removed where possible (e.g., no longer supported features, printer models, etc.), and escaping/sanitation was corrected for items that could not be removed.

– Affected Web Stack only. Remediations completed.

*   **CVE-2021-42633:** SQLi may disclose audit logs CVSS 0

– The SQLi code was never used. The offending pages were removed.

– Affected Web Stack, the VA, and SaaS. Remediations completed.

*   **CVE-2021-42637:** Blind SSRF CVSS 4.0

– The test page causing this issue was removed.

– Affected Web Stack only. Remediations completed.

*   **CVE-2021-42639:** Misc reflected XSS CVSS 4.0

– All RCSS vulnerabilities were identified and removed or inputs were escaped or sanitized.

– Affected Web Stack, the VA, and SaaS. Remediations completed.

*   **CVE-2021-42640:** Driver assignment IDOR CVSS 3.8

– RBAC security was added to routes that were allowing access to sensitive objects/data.  

– Affected Web Stack, the VA, and SaaS. Remediations completed.

*   **CVE-2021-42641:** Username/email info disclosure CVSS 2.0

– RBAC security was added to routes that were allowing access to sensitive objects/data.  

– Affected Web Stack, the VA, and SaaS. Remediations completed.

*   **CVE-2021-42642:** Printer console username/password info disclosure CVSS 4.0

– RBAC security was added to routes that were allowing access to sensitive objects/data.  

– Affected Web Stack, the VA, and SaaS. Remediations completed.

****Affected PrinterLogic Software Versions:****

*   **PrinterLogic Web Stack**

– **Version 19.1.1.13 SP9 and earlier**, when operating with macOS or Linux endpoint client software. See new install and update links below.

*   **PrinterLogic Virtual Appliance**

– **Version 20.0.1304 and earlier,** when operating with macOS or Linux endpoint client software.

a. Application update is required. See links below.  

b. Host update not required if you have **VA Host v1.0.674 or later.** 

*   **PrinterLogic SaaS**

– Our SaaS platform does automatic updates. Remediations are now live worldwide. No customer action is needed.

****Updated Files and Documentation****

*   **PrinterLogic Web Stack**

– Link to file for new installs

– Link to file for updates

– Online documentation for these updates

– Only admin server updates are required; no client updates are needed.

*   **PrinterLogic Virtual Appliance**

– Online documentation and file(s) for these updates

– No client software updates are required.

Original Release: Dec 14, 2021

****Overview****

The Log4j vulnerability, documented in CVE-2021-44228, is a remote code execution vulnerability in Log4j. This framework is used for logging within many software solutions. The Log4j library is vulnerable to Remote Command Execution (RCE), which means a remote attacker can execute commands over the network on software that contains the vulnerable Log4j versions.

****Vasion Security Response****

Vasion is aware of the issue and has not found any evidence of exploitation or vulnerability with our products. Vasion products including PrinterLogic SaaS, PrinterLogic VA, and Vasion ST do not utilize, or have dependencies on, the affected Log4j libraries. Therefore, these products are not vulnerable to the referenced CVE-2021-44228.

Our security team will continue to monitor the situation. If our assessment changes, we will publish our findings and subsequent recommendations in this bulletin.

Original Release: Jul 13, 2021

****Overview****

PrintNightmare, documented in CVE-2021-34527, is a remote code execution vulnerability in the Windows Print Spooler. This vulnerability is exposed through specific inbound Remote Procedure Calls (RPC), which are used to add printers and related drivers. This can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.

****PrinterLogic Solution****

With PrinterLogic’s Managed Direct IP Printing solution, print jobs are always spooled locally using the local print spooler on the originating workstation. Since PrinterLogic does not use  RPC to access the Windows Print Spooler, a PrinterLogic Managed Direct IP print environment is entirely unaffected when the mitigation steps detailed in the CVE **(option 2)** are followed as recommended by Microsoft. This ensures that the attack vector is closed on all machines running the Windows Print Spooler, while allowing users to continue to safely print using PrinterLogic’s Managed Direct IP solution.

Microsoft has released a patch for this vulnerability. PrinterLogic highly recommends all customers install the July 2021 Out-of-band update on all Windows systems. For details, see KB5004945 and KB5004946.

****What about Point and Print?****

According to Microsoft documentation, Point and Print is a term that refers to the capability of allowing a user on a Windows 2000 and later client to create a connection to a remote printer without providing disks or other installation media. All necessary files and configuration information are automatically downloaded from the print server to the client.

This specifically applies to print queues installed from a Windows print server and does not impact a user’s ability to install print queues from the PrinterLogic Self-Service Portal.

As part of the July 2021 Out-of-band update, a registry setting is checked that will restrict the installation of new unsigned printer drivers to Administrators only. Since PrinterLogic only allows signed Type 3 drivers to be used, and since the PrinterLogic Client is solely responsible for managed print driver installation, this setting will not adversely affect PrinterLogic customers.

While this registry setting does not impact a PrinterLogic Managed Direct IP environment, in accordance with security best practices, PrinterLogic still recommends that all customers enable this registry setting as recommended by Microsoft:

Key: HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint

Value: RestrictDriverInstallationToAdministrators

Type: REG\_DWORD

Data: 1

For more information, please see KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates.

****Caveats****

Printers that are configured as shared printers or with Windows Print Server Links will cease to function properly if inbound remote printing is disabled on the Windows print server. PrinterLogic highly recommends that these printers be converted to Managed Direct IP print queues to avoid this and future Windows Print Spooler vulnerabilities.

****References****

Security Update Guide – Microsoft Security Response Center – CVE-2021-34527

VU#383432 – Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()

KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates

July 6, 2021—KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band

July 6, 2021—KB5004946 (OS Build 18363.1646) Out-of-band

Introduction to Point and Print – Windows drivers

Original Release: May 3, 2019 | Last Revised: May 9, 2019

**Description**

Using an exploit to forcibly update configuration data, the PrinterLogic Client can be directed to bypass HTTPS hardening or directed to another PrinterLogic Server. The PrinterLogic Client does not correctly verify the origin and integrity of updates. An attacker who successfully exploits these vulnerabilities could run arbitrary code in the context of the Local System Account.

**Solution**

**CVE-2018-5408**

This solution prevents Man-in-the-Middle (MITM) attacks where bad actors may attempt to spoof a trusted entity by tricking the PrinterLogic Server into connecting to a malicious host. To reduce any attempt at MITM attacks, you must configure your PrinterLogic Server to use the HTTPS protocol as described below:

1\. Follow the steps outlined here: HTTP and HTTPS Configuration Steps.

2\. Next, make sure your homeURL is updated to HTTPS. For more information, see Update the Client’s HomeURL.

3\. In addition, you need to apply the client update described below to secure your PrinterLogic environment.

**CVE-2018-5409, CVE-2019-9505**

This solution addresses vulnerabilities related to properly verifying the origin and integrity of the PrinterLogic Client code, as well as sanitizing special characters that could lead to unauthorized changes to configuration files. To address these issues, apply the latest PrinterLogic software update as described below:

1\. Download the update from: PrinterLogic Security Update.

2\. On the PrinterLogic Server, navigate to C:\\inetpub\\wwwroot\\public\\client\\setup.

3\. Make a backup copy of your existing PrinterLogic Client files before replacing them.

4\. Copy and replace the PrinterLogic Client installation files with the new files provided in the download.

5\. Navigate to your PrinterLogic Admin Console and enable the automatic update option to update your clients. If you want to push out the clients via GPO or using a software deployment tool, follow these instructions.

6\. To validate the update, check to see that the client for each workstation has been updated to the new version by navigating to **Tools** → **Reports** → **Workstations** from the PrinterLogic Admin Console. Click **Search** to run a report for workstations in your environment. Verify that the numbers in the Client Version column are **at least** as recent as the numbers shown below  
– Windows: **25.0.0.49** or higher– Mac: **25.1.0.274** or higher– Linux: **25.1.0.274** or higher

If you have questions about these solutions, contact PrinterLogic Product Support for assistance.

**References**

CVE-2018-5408, CVE-2018-5409, CVE-2019-9505

CVE-2022-32427: Security Bulletin | Printerlogic

Increasing complexity in IT continues to lead to breaches and compromises, highlighting the need for more holistic approaches to cyber protection.

**SCHAFFHAUSEN, Switzerland, Aug. 24, 2022** (GLOBE NEWSWIRE) — Today, Acronis, a global leader in cyber protection, unveiled its midyear cyber threats report, conducted by Acronis' Cyber Protection Operation Centers, to provide an in-depth review of the cyber threat trends the company's experts are tracking. The report details how ransomware continues to be the No. 1 threat to large and midsize businesses, including government organizations, and underlines how overcomplexity in IT and infrastructure leads to increased attacks. Nearly half of all reported breaches during the first half of 2022 involved stolen credentials, which enable phishing and ransomware campaigns. Findings underscore the need for more holistic approaches to cybersecurity.

To extract credentials and other sensitive information, cybercriminals use phishing and malicious emails as their preferred infection vectors. Nearly 1% of all emails contain malicious links or files, and more than one-quarter (26.5%) of all emails were delivered to the user's inbox (not blocked by Microsoft365) and then were removed by Acronis email security.

Moreover, the research reveals how cybercriminals also use malware and target unpatched software vulnerabilities to extract data and hold organizations hostage. Further complicating the cybersecurity threat landscape is the proliferation of attacks on nontraditional entry avenues. Attackers have made cryptocurrencies and decentralized finance systems a priority of late. Successful breaches using these various routes have resulted in the loss of billions of dollars and terabytes of exposed data.

These attacks are able to be launched due to overcomplexity in IT, a common problem throughout businesses as many tech leaders assume more vendors and programs lead to improved security when the inverse is actually true. Increased complexity exposes more surface area and gaps to potential attackers, keeping organizations vulnerable to potentially devastating damage.

"Today's cyber threats are constantly evolving and evading traditional security measures," said Candid Wüest, Acronis VP of Cyber Protection Research. "Organizations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities. Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions."

**Critical Data Points Reveal Complex Threat Landscape**  
As reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks. Cybercriminals increased their focus on Linux operating systems and managed service providers (MSPs) and their network of SMB customers. The threat landscape is shifting, and companies must keep pace.

Ransomware is worsening, even more so than we predicted.

Ransomware gangs, like Conti and Lapsus$, are inflicting serious damage.

The Conti gang demanded $10 million in ransom from the Costa Rican government and has published much of the 672 GB of data it stole.

Lapsus$ stole 1 TB of data and leaked credentials of over 70,000 NVIDIA users. The same gang also stole 30 GB worth of T-Mobile's source code.

The U.S. Department of State is concerned, offering up to $15 million for information about the leadership and co-conspirators of Conti.

The use of phishing, malicious emails and websites, and malware continues to grow.

Six hundred malicious email campaigns made their way across the internet in the first half of 2022.

58% of the emails were phishing attempts.

Another 28% of those emails featured malware.

The business world is increasingly distributed, and in Q2 2022, an average of 8.3% of endpoints tried to access malicious URLs.

More cybercriminals are focusing on cryptocurrencies and decentralized finance (DeFi) platforms. By exploiting flaws in smart contracts or stealing recovery phrases and passwords with malware or phishing attempts, hackers have wormed their way into crypto wallets and exchanges alike.

Cyberattacks have contributed to a loss of more than $60 billion in DeFi currency since 2012.

$44 billion of that vanished during the last 12 months.

Unpatched vulnerabilities of exposed services is another common infection vector — just ask Kaseya. To that end, companies like Microsoft, Google, and Adobe have emphasized software patches and transparency around publicly submitted vulnerabilities. These patches likely helped stem the tide of 79 new exploits each month. Unpatched vulnerabilities also tie into how overcomplexity is hurting businesses more than helping, as all these vulnerabilities serve as additional potential points of failure.

**Breaches Leave Financial, SLA Distress in Their Wake**  
Cybercriminals often demand ransoms or outright steal funds from their targets. But companies do not suffer challenges only to their bottom lines. Attacks often cause downtime and other service-level breaches, impacting a company's reputation and customer experience.

In 2021 alone, the FBI attributed a total loss of $2.4 billion to business email compromise (BEC).

Cyberattacks caused more than one-third (36%) of downtime in 2021.

The current cybersecurity threat landscape requires a multilayered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities all in one place. The integration of these various components gives companies a better chance of avoiding cyberattacks, mitigating the damage of successful attacks, and retaining data that might have been altered or stolen in the process.

You can download a copy of the full Acronis Midyear Cyberthreats Report 2022 and learn more here.

**About Acronis:**

Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. With flexible deployment models that fit the demands of service providers and IT professionals, Acronis provides superior cyber protection for data, applications, and systems with innovative next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions powered by AI. With advanced anti-malware powered by cutting-edge machine intelligence and blockchain-based data authentication technologies, Acronis protects any environment — from cloud to hybrid to on-premises — at a low and predictable cost.

Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees in 34 locations in 19 countries. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.

Acronis' Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023

From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they need an in-house Chief Information Security Officer (CISO) – someone who can assess risks and vulnerabilities, create and execute a comprehensive cybersecurity plan, ensure

From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they _need_ an in-house Chief Information Security Officer (CISO) – someone who can assess risks and vulnerabilities, create and execute a comprehensive cybersecurity plan, ensure compliance and safeguard business continuity. Yet unlike large enterprises, most don't have the budget to bring a full-time experienced CISO on board.

To bridge this gap, managed service providers (MSPs), managed security service providers (MSSPs), and consulting firms offer virtual CISO (vCISO), or 'CISO-as-a-service' services.

The model is simple: instead of hiring a full-time CISO, SMEs and SMBs pay a subscription or a retainer to gain access to expert cyber assistance in the form of a virtual CISO. Staffed by seasoned veteran executives, vCISOs offer C-level assistance in devising and implementing strategies to prevent breaches, reduce risk, and mitigate the consequences of attacks.

The challenge is scaling vCISO services cost-effectively. vCISO duties not only require a high-level of security and executive expertise, but they are also time-consuming. A vCISO needs to take the time to thoroughly assess the existing environment, evaluate all potential threats and areas of vulnerability, and come to an understanding of the risk profile of the organization. This labor-intensive process makes it difficult, if not impossible, for many MSPs, MSSPs and consultants to raise the volume of vCISO services they can effectively deliver.

In a new guide titled "_How MSPs, MSSPs, and Consultants Can Scale vCISO Services to Boost Revenue and Upselling Without Adding to Existing Resources_," vCISO platform solution Cynomi offers an explanation of why vCISO services are so difficult to scale and how service providers can overcome these barriers to achieve high margins at scale.

The white paper covers:

1.  Why exactly CISO services are in high demand
2.  What the CISO's role in the organization?
3.  Why hiring a CISO is do difficult and expensive
4.  How vCISO services can compensate for the CISO labor shortage
5.  Barriers to achieving long-term vCISO services success
6.  How to scale vCISO services
7.  Emerging AI-powered platforms that automate vCISO services

Unlike more academic papers, this white paper provides hands-on guidance to MSPs, MSSPs and consultants about how they can successfully scale up vCISO services – without adding personnel or expensive infrastructure. This facilitates boosting vCISO revenues and overall profitability, while making it feasible to upsell vCISO services to a wider range of their clientele.

Download the guide here

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Guide: How Service Providers can Deliver vCISO Services at Scale

MaxQueryDuration not honoured in Samba AD DC LDAP

'14694?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

Tag

#samba