Plus: SolarWinds is charged with fraud, New Orleans police face recognition has flaws, and new details about Okta’s October data breach emerge.

As the Israel-Hamas war continues, with Israeli troops moving into the Gaza Strip and encircling Gaza City, one piece of technology is having an outsized impact on how we see and understand the war. Messaging app Telegram, which has a history of lax moderation, has been used by Hamas to share gruesome images and videos. The information has then spread to other social networks and millions more eyeballs. Sources tell WIRED that Telegram has been weaponized to spread horrific propaganda.

Microsoft has had a hard few months when it comes to the company’s own security, with Chinese-backed hackers stealing its cryptographic signing key, continued issues with Microsoft Exchange Servers, and its customers being impacted by failings. The company has now unveiled a plan to deal with the ever-growing range of threats. It’s the Secure Future Initiative, which plans, among multiple elements, to use AI-driven tools, improve its software development, and shorten its response time to vulnerabilities.

Also this week, we’ve looked at the privacy practices of Bluesky, Mastodon, and Meta’s Threads as all of the social media platforms jostle for space in a world where X, formerly known as Twitter, continues to implode. And things aren’t exactly great with this next generation of social media. With November arriving, we now have a detailed breakdown of the security vulnerabilities and patches issued last month. Microsoft, Google, Apple, and enterprise firms Cisco, VMWare, and Citrix all fixed major security flaws in October.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The Flipper Zero is a versatile hacking tool designed for security researchers. The pocket-size pen-testing device can intercept and replay all kinds of wireless signals—including NFC, infrared, RFID, Bluetooth, and Wi-Fi. That means it's possible to read microchips and inspect signals being admitted from devices. Slightly more nefariously, we've found it can easily clone building-entry cards and read credit card details through people's clothes.

Over the last few weeks, the Flipper Zero, which costs around $170, has been gaining some traction for its ability to disrupt iPhones, particularly by sending them into denial of service (DoS) loops. As Ars Technica reported this week, the Flipper Zero, with some custom firmware, is able to send “a constant stream of messages” asking iPhones to connect via Bluetooth devices such as an Apple TV or AirPods. The barrage of notifications, which is sent by a nearby Flipper Zero, can overwhelm an iPhone and make it virtually unusable.

“My phone was getting these pop-ups every few minutes, and then my phone would reboot,” security researcher Jeroen van der Ham told Ars about a DoS attack he experienced while commuting in the Netherlands. He later replicated the attack in a lab environment, while other security researchers have also demonstrated the spamming ability in recent weeks. In van der Ham’s tests, the attack only worked on devices running iOS 17—and at the moment, the only way to prevent the attack is by turning off Bluetooth.

In 2019, hackers linked to Russia’s intelligence service broke into the network of software firm SolarWinds, planting a backdoor and ultimately finding their way into thousands of systems. This week, the US Securities and Exchange Commission charged Tim Brown, the CISO of SolarWinds, and the company with fraud and “internal control failures.” The SEC alleges that Brown and the company overstated SolarWinds’ cybersecurity practices while “understating or failing to disclose known risks.” The SEC claims that SolarWinds knew of “specific deficiencies” in the company’s security practices and made public claims that weren’t reflected in its own internal assessments.

“Rather than address these vulnerabilities, SolarWinds and Brown engaged in a campaign to paint a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information,” Gurbir S. Grewal, director of the SEC’s Division of Enforcement said in a statement. In response, Sudhakar Ramakrishna, the CEO of SolarWinds, said in a blog post that the allegations are part of a “misguided and improper enforcement action.”

For years, researchers have shown that face recognition systems, trained on millions of pictures of people, can misidentify women and people of color at disproportionate rates. The systems have led to wrongful arrests. A new investigation from Politico, focusing on a year’s worth of face recognition requests made by police in New Orleans, has found that the technology was almost exclusively used to try to identify Black people. The system also “failed to identify suspects a majority of the time,” the report says. Analysis of 15 requests for the use of face recognition technology found that only one of them was for a white suspect, and in nine cases the technology failed to find a match. Three of the six matches were also incorrect. “The data has pretty much proven that \[anti-face-recognition\] advocates were mostly correct,” one city councilor said.

Identity management company Okta has revealed more details about an intrusion into its systems, which it first disclosed on October 20. The company said the attackers, who had accessed its customer support system, accessed files belonging to 134 customers. (In these instances, customers are individual companies that subscribe to Okta’s services). “Some of these files were HAR files that contained session tokens which could in turn be used for session hijacking attacks,” the company disclosed in a blog post. These session tokens were used to “hijack” the Okta sessions of five separate companies. 1Password, BeyondTrust, and Cloudflare have all previously disclosed they detected suspicious activity, but it is not clear who the two remaining companies are.

This Cheap Hacking Device Can Crash Your iPhone With Pop-Ups

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

**What's New**

Updated logo

The logo for Ivanti Automation has been updated to reflect the latest design.

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

93334

Automation team based on Operating System Version Microsoft Windows 11 rule also includes Windows 10 computers.  
More information

93646

Dispatchers are stuck at random times.  
More information

93652

Building block created using 'Automation/API/BuildingBlocks/Create' is missing the Run Elevated info: <runelevated>yes</runelevated>.  
More information

94122

Runbook containing multiple projects are giving visual inconsistency.  
More information

94218

Netbios name resolve is not working anymore in task Install Windows Installer package with a resource located on fileshare (UNC).  
More information

94406

The previously used Root certificate information still resides in the Automation Agent MSI file.  
More information

Resolved an Automation Manager authentication bypass vulnerability

**Release Notes for previous versions of Ivanti Automation 2023**

Ivanti Automation 2023.3

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

92405

Projects still runs in prepare for image task, regardless if the project is enabled or disabled.  
More information

92597

The File Operations task fails when wildcards are used in the path.  
More information

93108

Option grab log file in perform unattended installation task does not work in Ivanti Automation.  
More information

93464

The Install Windows Installer Package task fails after upgrade to 10.22.0.0  
More information

93850

The spelling of the word 'following' is incorrect in the pop-up that appears when deleting a team that has a task in it.  
More information

Ivanti Automation 2023.2.0.1

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

93451

Runbook is not fully processed when a Project is used in the Runbook job in Ivanti Automation 2023.2.0.0  
More information

Resolved in release 2023.2(.0.0):

 

Problem ID

Title

90177

The View button for Resulting Tasks in scheduled recurring Jobs is not working.  
More information

92477

Task Install Windows Installer Package fails after upgrade to Ivanti Automation 2023.1 (10.22.0.0).  
More information

92587

After installing Ivanti Automation 2022.4: File Operations task to move folder content fails: Access to the path is denied.  
More information

92868

The Perform Unattended Installation task fails after updating Ivanti Automation.  
More information

92929

Task Apply Registry Settings using Expandable String Values adds additional backslashes in the data value.  
More information

93038

Module Conditions in a Project are not visible when viewed via the Job History.  
More information

Released in 2023.2(.0.0), but reverted:

 

Problem ID

Title

92405  
(reverted)

Projects still run in Prepare for Image task regardless if the project is enabled or disabled.  
More information  

Ivanti Automation 2023.1

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

92110

The PowerShell Core (Execute) task does not show the Console Output tab in the executed job details.  
More information

92144

After editing a configured Condition based on a registry value, the following error is shown: A string literal was not closed.  
More information

91747

After an Ivanti Automation upgrade is performed, the C:\\IA\_RecycleBin folder not auto-cleaned up.  
More information

91932

The order of jobs scheduled on multiple agents is incorrect in the Activity and Job History tabs.  
More information

91976

The Query Parameters task behaves differently, causing Execute Commands tasks to fail.  
More information

91966

When the Set Environment Variables task is used, the Variable name is changed to case-sensitive.  
More information

**Release Notes for Ivanti Automation 2022**

Ivanti Automation 2022.4

**What's New**

Tracing optimizations

Starting with Ivanti Automation 2022.4, you have more control over how much disk space tracing takes up. By implementing the MaxLogFileSizeMB, FreeDiskspacePercent, and FileLogThreshold registers, you can set up the maximum amount of megabytes a trace file can take up before rewriting itself, how much space needs to be available in order for the trace entries to be written in the trace file, and control what trace levels should be written.

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

91488

If the date/time information stored in the TelemetryLastSend registry key has an incorrect format, the Automation Dispatcher logs the following error in the Microsoft Windows Event Viewer: String was not recognized as a valid DateTime.  
More information

91321

Handles on agent.exe are not completely released after running Powershell tasks in Ivanti Automation.  
More information

91010

Missing Global option in the drop down menu within Topology > Teams settings in Ivanti Automation.  
More information

91513

The REST Request task fails with the following error: An error has occurred.  
More information

91138

The Deploy Automation Components task does not contain connection information when used to deploy the Ivanti Automation Console.  
More information

91477

When upgrading the Automation environment, the upgrade pack requests credentials to continue.  
More information

91079

Recurring schedule stops and is not reschedules as expected.  
More information

91362

The Apply Registry Settings task fails when the REG\_MULTI\_SZ registry entry is set with an empty Data field.  
More information

90574

When the use of Comments on Versioning is avoided when editing a Runbook, it causes the Ivanti Automation Console to freeze.  
More information

91170

Filtering the Job History in Ivanti Automation does not work since version 2022.3.  
More information

91011

The Perform Single File Operation task in Ivanti Automation does not accept \* to delete subfolders and content in subfolders.  
More information

91020

Tasks using Global Variables of type Credentials fail with the following error: 1326 The username or password is incorrect.  
More information

91212

When an Automation Resource Package is used in the Perform Unattended Installation task, the task fails with the following errors: Process failed to start or Timeout expired - Process terminated.  
More information

91476

Visual view in the Ivanti Automation Console seems not to be correct, order is not as it should be.  
More information  

Ivanti Automation 2022.3.1

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

90807

When using the Download Resource task to download an Ivanti Automation Resource Package, the task fails with the following error: Failed (completely or partly) to extract 'ResourcePackage' to 'C:\\<PATH>\\DestinationFolder.  
More information

90796

Changing the Windows Defender Firewall service startup type with Ivanti Automation fails.  
More information

90753

The AutoCreate button for RunBook and Project parameters only works in combination with AutoLink.  
More information

90767

After upgrading to Ivanti Automation 2022.3, the Perform Unattended Installation task fails to download linked resources.  
More information

90736

After upgrading to Ivanti Automation 2022.3, the Perform Unattended Installation task fails if the resource is located on FileShare.  
More information

90786

After upgrading to Ivanti Automation 2022.3, the Perform Unattended Installation task fails when using an Ivanti Automation Resource Package.  
More information

Ivanti Automation 2022.3

**What's New****Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

90055

When an automated installation using Chef tool is started, communication between the Agent and the Dispatcher fails and the resamad.xml file is not created.  
More information

90346

The Download Resource task fails when the destination path is set to C:\\.  
More information

90091

Intermittently, the Project Parameter value is cleared during Job activity.  
More information

90431

Ivanti Automation tasks with linked Resources fail with the following error: StartIndex cannot be less than zero.  
More information

90012

When an Automation Agent has a Primary Team set, the Download Resource task fails with the following error: Resource could not be downloaded in cache: <Resource.wis>. Original resource name: <FileName>.  
More information

90531

A module containing the task Perform File Operation: Action Edit/Create INI file and having the file path set to C:\\fails with the following error: Failed to rename, file or folder "C:\\placeholder.ini" does not exist.  
More information

When a string used to filter Job History or Audit Trail entries contains a single quote character ('), the filtering returns no records.  
More information

When the Automation Console is used to configure the maximum number of parallel jobs that an Agent can execute to 100, the agent will only execute 50 Jobs in parallel.  
More information

When Auto-Refresh is enabled and many entries are present, deadlocks occur in the Scheduling and Activity nodes.  
More information

When the Agent Alias feature is enabled, but no paths are configured, CheckForChanges errors are logged and no jobs are picked by the Agents.  
More information

The Evaluator is not functional for the Parameters (Query) and Microsoft System Center Configuration Manager (Query Server) tasks.  
More information

Ivanti Automation 2022.2.2

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

90037

The Perform Single File Operation task fails if the destination folder does not exist.  
More information

90091

Intermittently, the Project Parameter value is cleared during Job activity.  
More information

90012

When an Automation Agent has a Primary Team set, the Download Resource task fails with the following error: Resource could not be downloaded in cache: <Resource.wis>. Original resource name: <FileName>.  
More information

90130

The exit code in an Execute Command task is always 0.  
More information

90271

The Manage Service task does not work if the service name contains a space.  
More information

The Dispatcher is not updated after upgrading the Automation environment.  
More information

An Execute Command task configured with credentials and referencing a resource file fails.  
More information  

Unicode characters are incorrectly presented in job results in the Automation Console.  
More information  

Ivanti Automation 2022.2.1

**Known issues**

The list below contains known issues for this release:

 

Problem ID

Title

90037

The Perform Single File Operation task fails if the destination folder does not exist.  
More information

90091

Intermittently, the Project Parameter value is cleared during Job activity.  
More information

90012

When an Automation Agent has a Primary Team set, the Download Resource task fails with the following error: Resource could not be downloaded in cache: <Resource.wis>. Original resource name: <FileName>.  
More information

90130

The exit code in an Execute Command task is always 0.  
More information

90271

The Manage Service task does not work if the service name contains a space.  
More information

The Dispatcher is not updated after upgrading the Automation environment.  
More information

An Execute Command task configured with credentials and referencing a resource file fails.  
More information  

Unicode characters are incorrectly presented in job results in the Automation Console.  
More information  

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

89803

The Manage Service Properties task fails with the following error: Invalid access to memory location.  
More information

89821

An Execute Command task fails when Execute command using the Windows command interpreter is unchecked.  
More information

89818

The variable in the Execute Command task is case sensitive.  
More information

89819

The Copy - File/Folder action of a single file in the Perform File Operations task fails.  
More information

 

Stopping a service by using the Manage Service Properties task fails without returning an error.  
More information

Ivanti Automation 2022.2

**What's new**

Automation tasks migrated to a newer code base

For continued maintainability of the code, the following tasks have been migrated to a newer code base:

*   Files (Perform Operations);
    
*   Environment Variables (Set, Delete);
    
*   Service Properties (Manage);
    
*   Resource (Download);
    
*   Command (Execute).
    

**Known issues**

The list below contains known issues for this release:

 

Problem ID

Title

89803

The Manage Service Properties task fails with the following error: Invalid access to memory location.  
More information

89821

An Execute Command task fails when Execute command using the Windows command interpreter is unchecked.  
More information

89818

The variable in the Execute Command task is case sensitive.  
More information

89819

The Copy - File/Folder action of a single file in the Perform File Operations task fails.  
More information

 

Stopping a service by using the Manage Service Properties task fails to report the actual error message.  
More information

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

89428

Automation jobs scheduled via the Dispatcher to an empty team stay in the Scheduled state indefinitely.  
More information

88869

Automation jobs are incorrectly processed on Agents installed on non-persisted machines.  
More information  

89331

After upgrading to Ivanti Automation 2021.4, the Automation Console is not responding when scheduling runbooks.  
More information  

89381

Downloading resource fails with the following error: Resource could not be downloaded in cache: <Resource.wis>. Original resource name: <FileName>.  
More information

89376

Automation Agents show an increase in memory usage while no jobs are being executed.  
More information

89406

After selecting a new Automation Module or Project in Environment Manager, the following error is shown: Unable to connect to the selected Dispatcher service.  
More information

89113

The operation of checking if the LanmanWorkstation service is running fails on non-English operating systems.  
More information

88752

When choosing the option Change settings for multiple Agents in the Automation console, the Global <value> is visible and the Team <value> is not available.  
More information

89484

When selecting the Variables node in the Ivanti Automation Console, the following error is shown: clsVariable.Load\_Internal: 13 - Type mismatch.  
More information

89216

When a condition checking a parameter has to check a value containing 5 or more digits, the following error appears when opening the task and condition: Error in sharedEncryption.fstrLegecyDecrypt: 5 - Invalid procedure call or argument.  
More information

 

The license overview now displays license points correctly when old and new license types are combined.  
More information  

Ivanti Automation 2022.1

**What's new****New team membership rules**

Automatically add Agents to Teams with new file/folder and registry key detection rules. More information.

**Service triggers**

Start and stop Windows services based on trigger events. More information.

**Interactive job execution**

Use this task to create interactive multipart jobs, where the user sees a Windows notification and can choose to continue, skip, or abort job actions. More information.

**New Automation component deployment logs**

When deploying Ivanti Automation components, the Job History has a new **Log** tab that displays the MSI installation log. This can help troubleshoot deployment issues. In **Job History > Tasks**, double-click the task you want and then click the **Log** tab.

**The database revision level remains at 83**

There was no database revision level update for this release.

**Resolved issues**

The following issues were resolved in this release:

 

Problem ID

Title

87369

Agents will not pick up jobs after recreating a global variable that is used on a Teams or Agents level.  
More information

87675

Scheduled Jobs based on a CRON expression return the following error: Please enter a valid cron expression.  
More information

87561

Opening a scheduled job results in the error: Error in clsParamters.Load: 452 This key is already associated with an element of this collection.  
More information

87739

The drop-down list for the RunbookWho parameter in a runbook contains an additional entry.  
More information

88147

Using functions in an Automation task results in the error that the task contains illegal characters.  
More information

87960

Error in modWMC.MoveListItemTop:13 Type mismatch appears when changing the order of a Runbook job.  
More information

88048

The Date/Time information in some of the columns of the Automation Console is presented with an incorrect order of the day and month.  
More information

88229

World writable permissions on the resamad.log are marked as violations by third party security scanners.  
More information

88250

Windows 10 21H2 - v2009 (19044.1348) is not detected when using as condition OS Windows 10.  
More information

88292

Using PowerCLI to manage a VMWare vCenter environment via Ivanti Automation results in the error: Could not load file or assembly 'Newtonsoft.Json'.  
More information

88341

Could not load file or assembly server error on opening Ivanti Automation Management Portal.  
More information

87107

Error during the creation of a building block: ERROR in modBuildingBlocks.FillCustomSettings: 91 - Object variable or With block variable not set.  
More information

 

The Automation Console connection registry values are changed when using Windows Authentication even though the user was not prompted to save them.  
More information

 

No error is presented when Windows Authentication is used and the impersonation is done using the logged on user instead of configured user.  
More information

 

The Automation Agent fails to auto update when the download of the new msi file takes too long.  
More information

**Release Notes for Ivanti Automation 2021 and older**

Ivanti Automation 2021 Release Notes

Ivanti Automation 2020 Release Notes

CVE-2022-44569: Ivanti Automation 2023.4 Release Notes

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**NVIDIA GPU Display Driver**

**CVE ID**

**Description**

**Base Score**

**CWE and Vector**

CVE‑2023‑31027

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

8.2

CWE-427  
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVE‑2023‑31019

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.

7.8

CWE-284  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑31017

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

7.8

CWE: 552  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑31016

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

7.3

CWE-427  
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVE‑2023‑31020

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.

6.1

CWE-284  
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE‑2023‑31022

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

5.5

CWE: 476  
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE‑2023‑31023

NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.

5.5

CWE: 822  
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

**NVIDIA vGPU Software**

**CVE ID**

**Description**

**Base Score**

**CWE and Vector**

CVE‑2023‑31018

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.

6.5

CWE: 476  
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVE‑2023‑31026

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.

6.0

CWE: 476  
AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVE‑2023‑31021

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

5.5

CWE: 476  
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

**Security Updates for NVIDIA GPU Display Driver****CVE IDs Addressed in Each Windows Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R545, R535, R525

CVE‑2023‑31016, CVE‑2023‑31017, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

R470

CVE‑2023‑31017, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

**Security Updates for NVIDIA GPU Windows Display Driver**

The following table lists the NVIDIA software products affected, Windows driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce

Windows

R545

All driver versions prior to 546.01

546.01

Windows 10 and 11

R470

All driver versions prior to 474.64 for support of GeForce Kepler desktop

474.64

Windows 7 and 8._x_

R470

All driver versions prior to 474.64

474.64

Studio

Windows

R545

All driver versions prior to 546.01

546.01

NVIDIA RTX,  
Quadro,  
NVS

Windows

R545

All driver versions prior to 546.01

546.01

R535

All driver versions prior to 537.70

537.70

R525

All driver versions prior to 529.19

529.19

R470

All driver versions prior to 474.64

474.64

Tesla

Windows

R535

All driver versions prior to 537.70

537.70

R525

All driver versions prior to 529.19

529.19

R470

All driver versions prior to 474.64

474.64

**CVE IDs Addressed in Each Linux Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux driver branch.

**Linux Driver Branch**

**CVE IDs Addressed**

R545, R535, R525, R470

CVE‑2023‑31022

**Security Updates for NVIDIA GPU Linux Display Driver**

The following table lists the NVIDIA software products affected, Linux driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce

Linux

R545

All driver versions prior to 545.29.02

545.29.02

R535

All driver versions prior to 535.129.03

535.129.03

R525

All driver versions prior to 525.147.05

525.147.05

R470

All driver versions prior to 470.223.02

470.223.02

NVIDIA RTX, Quadro, NVS

Linux

R545

All driver versions prior to 545.29.02

545.29.02

R535

All driver versions prior to 535.129.03

535.129.03

R525

All driver versions prior to 525.147.05

525.147.05

R470

All driver versions prior to 470.223.02

470.223.02

Tesla

Linux

R535

All driver versions prior to 535.129.03

535.129.03

R525

All driver versions prior to 525.147.05

525.147.05

R470

All driver versions prior to 470.223.02

470.223.02

**Notes**

*   Your computer hardware vendor may provide you with Windows GPU display driver versions including 545.91, 537.70, 529.19 and 474.64, which also contain the security updates.
*   The tables above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, we recommend upgrading to the latest branch release.

**Security Updates for NVIDIA vGPU Software****CVE IDs Addressed in Each Windows vGPU Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows vGPU driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R535

CVE‑2023‑31016, CVE‑2023‑31017, CVE‑2023‑31018, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31021, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

R525

CVE‑2023‑31016, CVE‑2023‑31017, CVE‑2023‑31018, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

R470

CVE‑2023‑31017, CVE‑2023‑31018, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

**CVE IDs Addressed in Each Linux vGPU Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux vGPU driver branch.

**Linux Driver Branch**

**CVE IDs Addressed**

R535, R525, R470

CVE‑2023‑31018, CVE‑2023‑31022

**CVE IDs Addressed in Each vGPU Manager Driver Branch**

The following table lists the CVE IDs addressed by the update in each vGPU Manager driver branch.

**vGPU Manager Driver Branch**

**CVE IDs Addressed**

R535

CVE‑2023‑31018, CVE‑2023‑31021, CVE‑2023‑31022, CVE‑2023‑31026

R525

CVE‑2023‑31018, CVE‑2023‑31022, CVE‑2023‑31026

R470

CVE‑2023‑31018, CVE‑2023‑31022

**Affected Components, Affected Versions, and Updated Versions**

The following table lists NVIDIA vGPU software components affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**vGPU Software Component**

**Operating System**

**Affected Versions**

**Updated Version**

**vGPU Software**

**Driver**

**vGPU Software**

**Driver**

CVE‑2023‑31016  
CVE‑2023‑31017  
CVE‑2023‑31018  
CVE‑2023‑31019  
CVE‑2023‑31020  
CVE‑2023‑31022  
CVE‑2023‑31023  
CVE‑2023‑31027

Guest driver

Windows

All versions prior to and including 16.1

537.13

16.2

537.70

All versions prior to and including 15.3

529.11

15.4

529.19

All versions prior to and including 13.8

474.44

13.9

474.64

CVE‑2023‑31018  
CVE‑2023‑31022

Guest driver

Linux

All versions prior to and including 16.1

535.104.05

16.2

535.109.03

All versions prior to and including 15.3

525.125.06

15.4

525.147.05

All versions prior to and including 13.8

470.199.02

13.9

470.223.02

CVE‑2023‑31018  
CVE‑2023‑31021  
CVE‑2023‑31022  
CVE‑2023‑31026

Virtual GPU Manager

Citrix Hypervisor,  
VMware vSphere,

Red Hat Enterprise Linux KVM,

Ubuntu

All versions prior to and including 16.1

535.104.06

16.2

535.109.03

All versions prior to and including 15.3

525.125.03

15.4

525.147.01

All versions prior to and including 13.8

470.199.03

13.9

470.223.02

CVE‑2023‑31018  
CVE‑2023‑31021  
CVE‑2023‑31022

Virtual GPU Manager

Azure Stack HCI

All versions prior to and including 16.1

537.13

16.2

537.70

All versions prior to and including 15.3

529.06

15.4

529.19

**Notes**

*   The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, we recommend upgrading to the latest branch release.

**Security Updates for NVIDIA Cloud Gaming****CVE IDs Addressed in Each Windows Cloud Gaming Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows Cloud Gaming driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R545, R535

CVE‑2023‑31016, CVE‑2023‑31017, CVE‑2023‑31018, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31021, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

R525

CVE‑2023‑31016, CVE‑2023‑31017, CVE‑2023‑31018, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

R470

CVE‑2023‑31017, CVE‑2023‑31018, CVE‑2023‑31019, CVE‑2023‑31020, CVE‑2023‑31022, CVE‑2023‑31023, CVE‑2023‑31027

**CVE IDs Addressed in Each Linux Cloud Gaming Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux Cloud Gaming driver branch

**Linux Driver Branch**

**CVE IDs Addressed**

R545, R535, R525, R470

CVE‑2023‑31018, CVE‑2023‑31022

**CVE IDs Addressed in Each Cloud Gaming Manager Driver Branch**

The following table lists the CVE IDs addressed by the update in each Cloud Gaming Manager driver branch

**Gaming Manager Driver Branch**

**CVE IDs Addressed**

R545, R535

CVE‑2023‑31018, CVE‑2023‑31021, CVE‑2023‑31022, CVE‑2023‑31026

R525

CVE‑2023‑31018, CVE‑2023‑31022, CVE‑2023‑31026

R470

CVE‑2023‑31018, CVE‑2023‑31022

**Affected Components, Affected Versions, and Updated Versions**

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**Cloud Gaming Component**

**Operating System**

**Affected Versions**

**Updated Version**

**Cloud Gaming Software**

**Driver**

**Cloud Gaming Software**

**Driver**

CVE‑2023‑31016  
CVE‑2023‑31017  
CVE‑2023‑31018  
CVE‑2023‑31019  
CVE‑2023‑31020  
CVE‑2023‑31022  
CVE‑2023‑31023  
CVE‑2023‑31027

Guest driver

Windows

All versions prior to and including September 2023 release

537.42

October 2023 release

546.01

CVE‑2023‑31018  
CVE‑2023‑31022

Guest driver

Linux

All versions prior to and including September 2023 release

535.113.01

October 2023 release

545.29.02

CVE‑2023‑31018  
CVE‑2023‑31021  
CVE‑2023‑31022  
CVE‑2023‑31026

Virtual GPU Manager

Red Hat Enterprise Linux KVM,

VMware vSphere

All versions prior to and including September 2023 release

535.113.01

October 2023 release

545.29.02

**Acknowledgements**

NVIDIA thanks the following people for reporting the issues to us:

CVE‑2023‑31027: Patryk Nowakowski

CVE‑2023‑31017: Lockheed Martin Red Team

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.1

November 1, 2023

Updated Windows Studio Display Driver version to 546.01

1.0

October 31, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Frequently Asked Questions (FAQs)**

How do I determine which NVIDIA display driver version is currently installed on my PC?

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-31027: NVIDIA Support

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems.
"By exploiting the drivers, an attacker without privilege may erase/alter firmware, and/or elevate [operating system] privileges," Takahiro Haruyama, a

Endpoint Security / Malware

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems.

"By exploiting the drivers, an attacker without privilege may erase/alter firmware, and/or elevate \[operating system\] privileges," Takahiro Haruyama, a senior threat researcher at VMware Carbon Black, said.

The research expands on previous studies, such as ScrewedDrivers and POPKORN that utilized symbolic execution for automating the discovery of vulnerable drivers. It specifically focuses on drivers that contain firmware access through port I/O and memory-mapped I/O.

The names of some of the vulnerable drivers include AODDriver.sys, ComputerZ.sys, dellbios.sys, GEDevDrv.sys, GtcKmdfBs.sys, IoAccess.sys, kerneld.amd64, ngiodriver.sys, nvoclock.sys, PDFWKRNL.sys (CVE-2023-20598), RadHwMgr.sys, rtif.sys, rtport.sys, stdcdrv64.sys, and TdkLib64.sys (CVE-2023-35841).

Of the 34 drivers, six allow kernel memory access that can be abused to elevate privilege and defeat security solutions. Twelve of the drivers could be exploited to subvert security mechanisms like kernel address space layout randomization (KASLR).

Seven of the drivers, including Intel's stdcdrv64.sys, can be utilized to erase firmware in the SPI flash memory, rendering the system unbootable. Intel has since issued a fix for the problem.

VMware said it also identified WDF drivers such as WDTKernel.sys and H2OFFT64.sys that are not vulnerable in terms of access control, but can be trivially weaponized by privileged threat actors to pull off what's called a Bring Your Own Vulnerable Driver (BYOVD) attack.

The technique has been employed by various adversaries, including the North Korea-linked Lazarus Group, as a way to gain elevated privileges and disable security software running on compromised endpoints so as to evade detection.

"The current scope of the APIs/instructions targeted by the \[IDAPython script for automating static code analysis of x64 vulnerable drivers\] is narrow and only limited to firmware access," Haruyama said.

"However, it is easy to extend the code to cover other attack vectors (e.g. terminating arbitrary processes)."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.

CVE-2023-5408

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

Release date: November 1, 2023

Here's what's new in SolarWinds Hybrid Cloud Observability 2023.4.

SolarWinds Hybrid Cloud Observability runs on the SolarWinds Platform.

**Learn more**

*   See the Hybrid Cloud Observability 2023.4 system requirements.
*   For information about working with Hybrid Cloud Observability, see the Hybrid Cloud Observability Administrator Guides.

**New features and improvements in Hybrid Cloud Observability**

For information about new features and fixes in the SolarWinds Platform, see the SolarWinds Platform 2023.4 Release Notes.

**New Vulnerability Dashboard and Risk scorecard**

This release introduces a new vulnerability and risk dashboard, available for Hybrid Cloud Observability Advanced users. View vulnerability and risk severity, determined by imported CVE information from CVEs based on CVSS v3. Schedule CVE data imports, and match CVE information to individual nodes. See calculated risk scores for individual monitored nodes and an aggregated risk scored for your environment.

**Platform Connect supports more device types**

Platform Connect now supports sending information for more device types to SolarWinds Observability, including application and virtualization.

**Greater visibility for simplified SD-WAN monitoring**

Real-time Tunnel and WAN metrics like service provider, packet loss, latency, and jitter are now available for use in dashboard widgets and PerfStack for Meraki, VeloCloud, and Viptela SDWAN devices.

**Anomaly Based Alerts improvements**

Anomaly Based Alerts now includes a new visual representation of the normal operating range (NOR) of a device’s metrics. The entity detail page contains NOR charts for every observed metric present for the entity that is triggering an Anomaly-Based Alert.

You can now define anomaly-based alerts for virtualization entities. See the list of supported entities with their metrics below:

Orion.VIM.ClusterStatistics:

AvgCPULoad

AvgMemoryUsage

Orion.VIM.HostStatistics:

AvgCpuLoad

AvgMemUsage

AvgNetworkUtilization

Orion.VIM.VMStatistics:

AvgCPULoad

AvgIOPSRead

AvgIOPSTotal

AvgIOPSWrite

AvgMemoryUsage

AvgNetworkUsageRate

**AlertStack improvements**

AlertStack is now available under the “Alerts and Activities” menu.

The AlertStack cluster detail page now supports filtering of occurrences together with maps. Occurrences can be filtered based on the Status and Element Type. Accordingly, the map nodes reflect this filtering as well.

AlertStack now supports creation of incidents in SolarWinds Service Desk (SSD) for AlertStack clusters. This action can be done for clusters in open or suspended states only.

Return to top

**Fixes**

For information about new features and fixes in the SolarWinds Platform, see the SolarWinds Platform 2023.4 Release Notes.

 

Case number

Description

01189602, 01296329, 01268284

In deployments with additional polling engines (APEs), attempting to integrate the SolarWinds Platform with DPA would install the DPA Business Layer on the APE. This caused problems with the DPA integration, including:

*   Application relationships added on the Manage Client Application Relationships page were automatically removed.
    
*   Integration fails with the message There was an error when trying to enable the integration with the DPA server: Establishing federation with jSWIS failed.
    
*   Attempting to add a DPA server returns the message Cannot find a DPA server at this address or port. Check your DPA server details and network connection.
    

01231016

When custom properties used in alerts are created in a different SolarWinds Platform product, the associated column in the All Active Alerts page in EOC is not blank.

01354791

When you run a report that queries the SolarWinds log database, the results of the query are shown instead, not the message Query is not valid.

01288735

In a large, complex environment, network configuration management jobs and inventory jobs run as expected.

01358044

Network configuration management jobs no longer make unnecessary APE license checks, which were causing the jobs to run slowly.

00837847, 01358148, 01426785

Inventory collection was updated to prevent database blocks, which were affecting performance.

01352472

If you run a job that saves the results of a policy report to a file, and the file name includes a macro, the macro is parsed correctly and the report's content and formatting are accurate.

01336072

When SolarWinds high availability (HA) is deployed, a network configuration search performed after a failover includes all configs. The search is not limited to only the most recently downloaded configs.

01357688

A vulnerability that could expose a password has been fixed.

01350788

A misspelled word in INFO messages in the NCM.Collector.Jobs_[*].log file has been corrected.

01333319

The Config Details page shows the downloaded time based on the SolarWinds Platform time zone, not UTC time.

01288735, 01387785

When an inventory job retrieves a large Flash Size value, it records the value correctly and no longer returns the following error:

Arithmetic overflow error converting expression to data type int.

01395082

Real Time Change Notification works as expected when the IP address provided to it is not the primary IP address for the node.\*

01428683, 01330623, 01349629

In 2023.2, the default timeout value for SWJobEngineWorker2x64.exe was increased from 20 minutes to 2 hours. In deployments with a large number of jobs that did not finish before the 2-hour timeout, memory usage increased significantly. To prevent this issue, the default timeout value has been decreased to 20 minutes.

01295129, 01350421, 01428125

When the SolarWinds Platform is configured to use Windows authentication, running interface percentile traffic reports no longer returns an error.

01367640

If an interface name includes special characters, the special characters are no longer escaped on the Interfaces with High Percent Usage (no paging) resource. This behavior was preventing database maintenance from running as scheduled.

01355454

The load time for the Interface Availability widget has been significantly decreased.

01349629, 01362966

By default, network discovery enables all pollers on a device. So, if a topology poller is disabled on the List Resources or Manage Pollers page, it is enabled again when network discovery runs. A new advanced configuration option is available to enable you to override this default behavior. If do not want certain topology pollers to be enabled when network discovery runs:

1.  Open the Advanced Configuration options page by pasting the following into your browser URL field after the hostname or IP address:
    
    /Orion/Admin/AdvancedConfiguration/Global.aspx
    
2.  Under Topology, locate the PollersDiscoveryBlackList field.
    
3.  Enter a comma-separated list of topology pollers that should **not** be enabled when network discovery runs.
    

01348970, 01350142, 01361854, 01362953, 01420814, 01430172

Out-of-the-box Switch Stack alerts can be copied and edited, and they are triggered as expected.

01235174, 01401553

Universal Device Poller gauges load without errors and performance is improved.

01373033

If application data is corrupted, the Manage Applications and Service Ports page no longer attempts to list the applications. Corrupt data does not prevent the page from opening with the following message:

Unexpected Website Error  
Sequence contains no elements

Additionally, a daily maintenance task detects and removes any corrupt application data.

01323874

If a user without permission to view NetFlow data attempts to access a NetFlow page, permissions are evaluated and the Restricted page message is displayed before the page loads. The page is no longer loaded and then hidden, and attempts to refresh the page do not affect performance.

01321325

A change to the NetFlowInterfaceSources\_Metadata table in the SolarWinds Platform database prevents deadlocks in environments with a large number of VMware devices.

01400259, 01419304, 01420644

If a deployment includes more than one application template with the same name, the Configuration Wizard no longer fails with the following error:

Database configuration failed: Error while executing script- Subquery returned more than 1 value.

01360008, 01379355, 01390806, 01399847, 01400259

The SolarWinds Platform Web Console no longer becomes unresponsive or stops functioning due to missing keys in the cloud monitoring resource file.

01337117

On the Node Details Summary page, when you click Real Time Event Viewer and then click the Message column for an event, the Message Details popup opens as expected.

N/A

When you add a node with Microsoft SQL Server 2022 deployed, AppInsight for SQL is discovered.

01290468, 01305182, 01317562, 01320352, 01320666

During upgrades data from old tables is migrated successfully and the obsolete tables are removed. In a previous version, incomplete data migration could cause issues such as:

*   The Configuration Wizard failed with the message Invalid object name 'APM_ComponentStatus_Hourly.
    
*   The SolarWinds Platform database size decreased significantly.
    
*   The Application Component Details page did not consistently display messages.
    

01183556, 01337907, 01353375, 01389703

If the Configuration Wizard fails during an upgrade, attempting to rerun the wizard no longer fails with the message Error while executing script- There is already an object named 'CLM_CloudJobSettings' in the database.

01337806

When a problem occurs with the API poller, the following message was improved to provide more information about the cause of the problem:

Index was outside the bounds of the array.

01142194, 01357225, 01438644

When a node is deleted or unmanaged, Application Dependency Mapping (ADM) polling does not continue for that node. In previous versions, continuing to poll a deleted or unmanaged node for ADM data caused the ADM\_ProcessingQueue table to become very large.

01379396

Long status messages associated with an application monitor are displayed correctly after an upgrade.

00690113

Alerts on API Pollers that should be triggered when the response time exceeds a threshold are no longer triggered when the response time is below the threshold.

01142194

If ADM polling is disabled for the SolarWinds Platform, the node detail page does not display the Application Dependency Polling Enabled check box.

00990851, 01415486

If AppInsight for IIS runs for long periods, the APM\_IisBb\_Request\_Detail table no longer grows without limits, causing performance issues.

01372348, 01384875

The CreateApplication verb in SWIS for the AppInsight for SQL template now works when you are using a remote node and database. Issues with credentials and connection testing have been resolved.

01401922

The default poll no longer fails when more than one array is in a Nimble cluster.

00385337

The Vserver Status widget and the Vservers on this Cluster widget now show the same Vserver capacity data.

01382411

The Ethernet Ports Used Over Time now shows data for the selected time period instead of only the data for the current day.

01361966

When a wireless node is discovered with UDT port monitoring enabled and devices from the node are added to the Watchlist, the Watchlist widget no longer displays type conversion errors such as:

Conversion failed when converting the nvarchar value 'Vanguard_WLC' to data type int.

00814339

The Port Details widget now displays the MAC address, IP address, or Hostname for all devices.

00570890, 00582046, 00717223

The All User Log Ins widget displays data about the currently open endpoint, not the first endpoint that was opened.

01314714, 01333769, 01351695, 01365630, 01365850, 01382555, 01398156, 01412701, 01420009, 01426518, 01436135

The Port Details widget displays IP addresses even if the VLAN port is not monitored.\*

01308188, 01332779, 01380614, 01382170, 01396520, 01404094

When a node uses automatic private IP addressing (APIPA), the vendor and machine type are reported correctly.

01353982, 01401047

Database maintenance no longer fails with the following message:

SolarWinds.Data.DatabaseMaintenance.StandardTableHandlerDAL - Failed to execute procedure: VIM_dbm_Clusters_ComputeDiskDepletion System.Data.SqlClient.SqlException (0x80131904): Arithmetic overflow error converting expression to data type bigint.

Cursor is not open.

01429919

The bulk insert query no longer runs slowly and causes performance issues on the database.

01238012

The Calls by Region widgets display the correct data.

01348659, 01371344

IP SLA operations function correctly, and the ipsla.bussiness.layer log file no longer includes the message Violation of PRIMARY KEY constraint.

01238012, 01294332

The FTP server is no longer filled with failed files, and VoIP views displays call manager information correctly.

01394210

After a call manager is removed, any associated CDR files are no longer processed, which prevents putting an unnecessary load on the FTP server.

01373525, 01378655

Call managers are polled only by the assigned polling engine, not by all polling engines.

01203334

When CDR files for different call managers are stored in separate folders on the FTP server, CDR files for all call managers are processed. VNQM no longer ignores CDR files for all call managers except the last one added.

01269194, 01439830

Avaya RTCP data is collected and displayed as expected.\*

01329850

A large number of CDR or CMR files on the FTP server no longer cause an out of memory exception.\*

\*This fix was added after the RC release.

Return to top

**Installation or upgrade**

For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Get the installer.

For upgrades, go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).

For more information, see the SolarWinds Platform Product Installation and Upgrade Guide.

You must be on Orion Platform 2020.2.1 or later to upgrade to SolarWinds Hybrid Cloud Observability 2023.4. If you are on a version earlier than Orion Platform 2020.2.1, first upgrade to 2020.2.6 and then upgrade to 2023.4.

Return to top

**Before you upgrade!**

If you are upgrading from a previous version, be aware of the following considerations:

Upgrading from Orion Platform 2020.2.6 or older -

*   Before upgrading from Orion Platform 2020.2.6 and earlier to SolarWinds Hybrid Cloud Observability, check the SolarWinds Platform release notes for additional information.

Return to top

**Legal notices**

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2023-40062: SolarWinds Hybrid Cloud Observability 2023.4 Release Notes

VMware Workspace ONE UEM console contains an open redirect vulnerability.


A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.



Advisory ID: VMSA-2023-0025

CVSSv3 Range: 8.8

Issue Date: 2023-10-31

Updated On: 2023-10-31 (Initial Advisory)

CVE(s): CVE-2023-20886

Synopsis: VMware Workspace ONE UEM console updates address an open redirect vulnerability (CVE-2023-20886)

****1\. Impacted Products****

*   VMware Workspace ONE UEM console

****2\. Introduction****

An open redirect vulnerability in VMware Workspace ONE UEM console was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

****3\. Advisory Details****

VMware Workspace ONE UEM console contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.

A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

To remediate CVE-2023-20886 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.

VMware would like to thank D'Angelo Gonzalez of Crowdstrike for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Workspace ONE UEM

2306

Any

CVE-2023-20886

N/A

N/A

Unaffected

N/A

N/A

Workspace ONE UEM

2302

Any

CVE-2023-20886

8.8

important

23.2.0.10

None

None

Workspace ONE UEM

2212

Any

CVE-2023-20886

8.8

important

22.12.0.20

None

None

Workspace ONE UEM

2209

Any

CVE-2023-20886

8.8

important

22.9.0.29

None

None

Workspace ONE UEM

2206

Any

CVE-2023-20886

8.8

important

22.6.0.36

None

None

Workspace ONE UEM

2203

Any

CVE-2023-20886

8.8

important

22.3.0.48

None

None

****4\. References****

****5\. Change Log****

**2023-10-31: VMSA-2023-0025  
**Initial security advisory.

****6\. Contact****

CVE-2023-20886: VMSA-2023-0025

Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.

October has been a security flaw-fest, with Apple, Microsoft, and Google issuing patches for vulnerabilities that are being used in real-life attacks. There were also multiple enterprise fixes during the month, with Cisco, VMWare, and Citrix fixing serious security bugs.

Some of the patches are more urgent than others, so read on to find out what you need to know about the updates released in October.

Apple iOS and iPad OS

October was a busy month for Apple, with the iPhone maker issuing its second set of fixes as part of iOS 17.1 at the end of the month. The two dozen security fixes in iOS 17.1 include patches for serious flaws in the Kernel at the heart of the iOS operating system and WebKit, the engine that underpins the Safari browser.

Tracked as CVE-2023-42849, the Kernel issue fixed in iOS 17.1 could allow an attacker that has already achieved code execution to bypass memory mitigations, Apple said on its support page. The three WebKit flaws—tracked as CVE-2023-40447, CVE-2023-41976, and CVE-2023-42852—could lead to arbitrary code execution.

Apple has also issued iOS and iPad OS 16.7.2, fixing the same flaws for users of older devices or those who don’t want to upgrade right away. They came alongside macOS Sonoma 14.1, macOS Ventura 13.6, macOS Monterey 12.7.1, tvOS 17.1, WatchOS 10.1, and Safari 17.1.

Earlier this month, Apple released iOS 17.0.3 and iOS 16.7.1, fixing issues being used in real-life attacks. Tracked as CVE-2023-42824, the first is a Kernel bug that could allow an attacker with access to your device to elevate their privileges.

Apple also fixed CVE-2023-5217, a buffer overflow flaw that could allow an attacker to execute code. Affecting multiple browsers and platforms, the bug has already been patched in Google’s Chrome browser.

Microsoft

Microsoft’s Patch Tuesday has seen the tech giant fix over 100 flaws, including two zero-day vulnerabilities in Microsoft WordPad and Skype for Business.

CVE-2023-36563 is an information disclosure bug in the WordPad word processing program that could expose NTLM hashes and result in NTLM relay attacks. However, it requires user interaction: The attacker must send someone a malicious file and convince them to open it, Microsoft said.

CVE-2023-41763 is an elevation of privilege vulnerability in Skype for Business. “An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an http request made to an arbitrary address,” potentially disclosing IP addresses or port numbers, Microsoft said.

Microsoft also patched a flaw in Message Queuing tracked as CVE-2023-35349 with a CVSS critical score of 9.8, which could allow an unauthenticated attacker to remotely execute code.

October’s Patch Tuesday is a particularly urgent one, so it’s important to update as soon as you can.

Google Chrome

Google has released 20 security fixes for its Chrome browser, including one patch for a flaw rated as critical. Tracked as CVE-2023-5218, the bug is a use-after-free issue in Site Isolation. Another six fixes cover inappropriate implementation vulnerabilities marked as having medium impact, while CVE-2023-5476 is a use-after-free flaw in Blink History. Another issue, CVE-2023-5474, is a heap buffer overflow in PDF, according to Google’s blog.

A further four inappropriate implementation vulnerabilities are rated as having a low impact, with Google also fixing a low severity use-after-free bug in Cast tracked as CVE-2023-5473.

None of the flaws fixed in October have been exploited, but given how actively the browser is targeted, it makes sense to update as soon as you can.

Google Android

Google’s October Android update was a major one because it fixed 53 issues, including two vulnerabilities already being used in real-life attacks. The first is CVE-2023-4863, a heap buffer overflow bug in libwebp affecting the applications that use the library to encode and decode images in the WebP format. This vulnerability impacts many applications and could be used to install spyware, security firm Malwarebytes wrote in a blog.

There are indications that the bug “may be under limited, targeted exploitation,” Google said in an advisory.

CVE-2023-4211 is an issue in Arm components rated as having a high impact, which Google said is also being used in attacks. “A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” Malwarebytes said, adding that the vulnerability affects multiple versions of Arm Mali GPU drivers. These are used in multiple Android device models, including those made by Google, Samsung, Huawei, and Xiaomi.

Another scary flaw in the System tracked as CVE-2023-40129 is rated as critical. “The \[vulnerability\] could lead to remote code execution with no additional execution privileges needed,” Google said.

The update is available for Google’s Pixel and Samsung’s Galaxy series, so if you have an Android device, check your settings ASAP.

Cisco

Software giant Cisco has released patches to fix two already exploited flaws. Tracked as CVE-2023-20198 and with an eye-watering CVSS score of 10, the first is an issue in the web user interface feature of Cisco IOS XE software. It affects physical and virtual devices running Cisco IOS XE software that also have the HTTP or HTTPS Server feature enabled, researchers at Cisco Talos said in a blog.

“Successful exploitation of CVE-2023-20198 allows an attacker to gain privilege level 15 access to the device, which the attacker can then use to create a local user and log in with normal user access,” the researchers warned.

The attacker can use the new unauthorized local user account to exploit a second vulnerability, CVE-2023-20273, in another component of the WebUI feature. “This allows the adversary to inject commands with elevated root privileges, giving them the ability to run arbitrary commands on the device,” said Talos Intelligence, Cisco’s cybersecurity firm.

Cisco “strongly recommends that customers disable the HTTP Server feature on all internet-facing systems or restrict its access to trusted source addresses,” the firm wrote in an advisory.

VMWare

VMWare has patched two out-of-bounds write and information disclosure vulnerabilities in its vCenter Server. Tracked as CVE-2023-34048, the first is a vulnerability in the implementation of the DCERPC protocol that could lead to remote code execution. VMware has rated the flaw as critical with a CVSS base score of 9.8.

At the other end of the CVSS scale but still worth mentioning is CVE-2023-34056, a partial information disclosure bug with a score of 4.3. “A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data,” VMWare wrote in an advisory.

Citrix

Enterprise software firm Citrix has issued urgent fixes for vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Tracked as CVE-2023-4966 and with a CVSS score of 9.4, the first bug could allow an attacker to expose sensitive information.

CVE-2023-4967 is a denial of service issue with a CVSS score of 8.2. Exploits of CVE-2023-4966 on unmitigated appliances “have been observed,” Citrix said. “Cloud Software Group strongly urges customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions of NetScaler ADC and NetScaler Gateway as soon as possible.”

SAP

SAP’s October Security Patch Day saw the release of seven new security notes, all of which were rated as having a medium impact. Tracked as CVE-2023-42474, the worst flaw is a cross-site scripting vulnerability in SAP BusinessObjects Web Intelligence with a CVSS score of 6.8.

With only nine new and updated security notes, SAP’s October Patch Day “belongs to the calmest of the last five years,” security firm Onapsis said.

While SAP’s October flaw count was much smaller than its peers’, attackers are still out there, so you should still keep up to date and get patching as soon as you can.

Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws

Last week on Malwarebytes Labs: Stay safe! Malwarebytes Managed Detection and Response (MDR) simply and effectively closes your security resources gap,...

October 29, 2023 - Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating...

October 27, 2023 - Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations...

October 27, 2023 - Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: The important...

October 25, 2023 - VMWare has issued an update to address one out-of-bounds write and one information disclosure vulnerability in its server management software, vCenter Server. Since...

October 25, 2023 - Canadian health service provider TransForm has published an update about the cyberattack at its member hospitals. TransForm is a not-for-profit, shared service organization...

 A week in security (October 23 &#8211; October 29) 

VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities.

    VinChin Backup & Recovery is an all-in-one backup solution for virtual infrastructures supporting VMWare, KVM, Xen Server, Hyper-V, OpenStack and more. The product also supports AWS, Azure and other cloud providers as backup storage.VinChin has failed to acknowledge the various requests over a month period, we are thus disclosing the following vulnerabilities:CVE-2023-45499 - VinChin VMWare Backup 5.0 to 7.0During our research we discovered an HTTP API exposed by VinChin Backup. This API can be accessed using hard-coded credentials.CVE-2023-45498 - VinChin VMWare Backup 5.0 to 7.0While exploring the various functionalities exposed by the API a particular endpoint was found vulnerable to improper input sanitization. A specially crafted payload results in remote code execution allowing the attacker to execute code with the permissions of the web server.Timeline:2023-09-22: LeakIX makes initial contact2023-09-25: VinChin request details2023-09-25: LeakIX request Safe harbour2023-09-26: No reply, LeakIX requests update2023-09-27: No reply, LeakIX sends PoC2023-09-29: No reply, LeakIX requests feedback2023-10-05: No reply, LeakIX requests feedback2023-10-10: No reply, LeakIX requests feedback from alternative email2023-10-11: No reply, LeakIX requests feedback from another alternative email2023-10-16: No reply, CVE reserved and vendor notified2023-10-18: No reply, LeakIX sent 7 day disclosure warning2023-10-24: LeakIX sends early warning to providers hosting VinChin on their network.2023-10-26: No reply, Publishing this advisory

Tag

#vmware