patch

now browsing by tag

 
 

#hacking | Windows SMB: Accidental bug disclosure prompts emergency security patch

Source: National Cyber Security – Produced By Gregory Evans


John Leyden

13 March 2020 at 12:45 UTC

Updated: 13 March 2020 at 12:49 UTC

Don’t Panic: Potentially wormable flaw only present in latest systems

Microsoft released an out-of-band security update to patch a remote code execution (RCE) vulnerability impacting Server Message Block (SMB) on Thursday, just two days after its regular Patch Tuesday releases.

The software vendor was obliged to rush out a fix after security partner inadvertently disclosed details of the flaw, which is of a type previously exploited by high-profile threats such as the WannaCry worm.

If left unaddressed, the vulnerability (CVE-2020-0796) in Microsoft SMB 3.1.1 (SMBv3) could be exploited by a remote attacker to plant malicious code on vulnerable systems.

Exploitation would involve sending a specially crafted, compressed data packets to a targeted SMBv3 server.

The flaw stems from bugs in how “Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests”, an advisory from Microsoft explains.

New flaws on the Block

SMB is a networking protocol that’s used for sharing access to file and printers. The same protocol that was vulnerable to the EternalBlue (CVE-2017-0144) exploit harnessed by the infamous the WannaCry ransomware.

The vulnerability exists in a new feature that was added to Windows 10 version 1903, so older versions of Windows do not support SMBv3.1.1 compression are immune from the security flaw.

Both Windows 10 clients and Windows Server, version 1903 and later, need patching

Preliminary scans by security experts suggest only 4% of publicly accessible SMB endpoints are vulnerable.

Server-side workarounds have been released for organizations running affected software but unable to rapidly roll out patches. This includes disabling compression for SMBv3 as well as blocking TCP port 445 at the perimeter firewall.

Accidental disclosure

Satnam Narang, principal security engineer at security tools vendor Tenable, commented: “The vulnerability was initially disclosed accidentally as part of the March Patch Tuesday release in another security vendor’s blog.

“Soon after the accidental disclosure, references to it were removed from the blog post.”

At the time of writing, no proof of concept exploit code for CVE-2020-0796 has been publicly released.

Narang added that how readily exploitable this vulnerability might prove to be currently remains unknown.

“This latest vulnerability evokes memories of EternalBlue, most notably CVE-2017-0144, a remote code execution vulnerability in SMBv1 that was used as part of the WannaCry ransomware attacks,” Narang explained.

“It’s certainly an apt comparison, so much so that researchers are referring to it as EternalDarkness. However, there is currently little information available about this new flaw and the time and effort needed to produce a workable exploit is unknown.”

RELATED Microsoft Exchange Server admins urged to treat crypto key flaw as ‘critical’

Source link

The post #hacking | Windows SMB: Accidental bug disclosure prompts emergency security patch appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Microsoft Patch Tuesday finds 115 vulnerabilities patched, 26 critical

Source: National Cyber Security – Produced By Gregory Evans

Micosoft’s
March 2020 Patch Tuesday released saw the company rollout patches for 115
vulnerabilities with 26 rated critical, however, in a rare event Adobe is
taking this month off publicizing no updates.

This is the second
month in a row that Microsoft has busy Patch
Tuesday
. In February the company patched 99 vulnerabilities, including one
zero day. One analyst piggy-backed on to today’s roll out to note that a
vulnerability included in February’s release, CVE-2020-0688, is being actively
exploited in the wild and even though a large number of new updates have been
issued, admins should prioritize taking care of his older CVE if they have not
done so already.

The critical
issues fixed by Microsoft this month include 58 elevation of privilege flaws
with Satnam Narang, principal research engineer at Tenable listing CVE-2020-0788,
CVE-2020-0877 and CVE-2020-0887 as the most severe. Microsoft agrees listing
them as most likely to be exploited.

“These are
elevation of privilege flaws in Win32k due to improper handling of objects in
memory. Elevation of Privilege vulnerabilities are leveraged by attackers
post-compromise, once they’ve managed to gain access to a system in order to
execute code on their target systems with elevated privileges,” he said.

Jay Goodman,
Automox’s strategic product marketing manager, cherry picked CVE-2020-0833,
CVE-2020-0824 and CVE-2020-0847 for added attention. The first two are remote
code execution vulnerabilities that could corrupt system memory giving an
attacker access in the role of the user.

“CVE-2020-0847
is also a remote code execution vulnerability, this time in VBScript. VBscript
is a scripting language used by Microsoft. It allows system admins to run
powerful scripts and tools for managing endpoints and will give the user
complete control over many aspects of the device,” he said.

CVE-2020-0847
is also a corrupt memory system issue with threat actors generally using
phishing or browser attacks to first gain entry.

In addition
to last month’s issue, Recorded Future’s Liska highlighted CVE-2020-8050,
CVE-2020-8051, CVE-2020-8052 and CVE-2020-8055. All are remote code execution
vulnerabilities in Microsoft Word that take advantage of how the software
handles objects in memory. A malicious actor would have to send and then
convince a victim to click on a malicious document to initiate an attack. However,
CVE-2020-8052 is even more dangerous and can be launched through an Outlook preview
page without the need to click on the document.

“As Recorded
Future has previously noted, Microsoft Office is among the most popular attack
vectors for cybercriminals. We expect one or more of these vulnerabilities will
be weaponized sooner rather than later,” he said.

Animesh Jain, from Qualys’ expert vulnerability management research team, pointed out that even some issues that Microsoft considers less likely to be exploited should still garner admin attention and concern. CVE-2020-0905 is a remote code execution vulnerability effecting effects the Dynamics Business Central client that falls into this category, but Jain said the fact that this is likely to reside on a critical server makes it important to patch.

Original Source link

The post #cybersecurity | hacker | Microsoft Patch Tuesday finds 115 vulnerabilities patched, 26 critical appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | New Windows Vulnerabilities Highlight Patch Management Challenges –

Source: National Cyber Security – Produced By Gregory Evans

Microsoft’s monthly “Patch Tuesday” is an important part of the cyber hygiene routine for anyone in IT (including home users). This month’s update proved to be a particularly critical one.

Early in January, the National Security Agency (NSA) alerted Microsoft to a major flaw in Windows 10 that could let hackers pose as legitimate software companies, service providers, websites, or others. “It’s the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment,” Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission, told CNN.

Fortunately, Microsoft acted quickly and issued a critical update — CVE-2020-0601 — on January 14.

Despite this quick action, businesses and government have a habit of missing, ignoring, or delaying important patches and updates. They do so at their peril. In 2019, the majority of cybersecurity breaches were a result of unapplied patches. However, the reasons for this oversight are complicated and often unintentional.

Patch management — IT’s nightmare

Getting a handle on patch management is an unending challenge for IT and security teams. Last year, 12,174 common vulnerabilities and exposures (CVEs) were reported — making patching an almost impossible task for any organisation. In fact, it takes the average organisation 38 days to patch a vulnerability. Even then, 25% of software vulnerabilities remain unpatched for more than a year.

One of the biggest obstacles to frequent patching is that security teams struggle to identify everything that needs to be fixed. Understaffed and struggling with alert fatigue, it can be hard to identify the systems that are yet to be updated, prioritise remediation, and apply patches quickly.

To add to their workload, IT and cybersecurity teams must also make certain that the appropriate security policies are in place to ensure that users regularly update their PCs and devices, and don’t delay the inevitable “Windows Update”. Risk also extends beyond the four walls of the business.

Third- and fourth-party cyber risk is a big threat to businesses. 59% of breaches have their origins in vulnerable and unpatched third-party systems. The trouble is that vendor risk assessment questionnaires only offer a point-in-time view into the security posture, including unpatched software of suppliers, partners, and sub-contractors. This leaves IT in the dark.

Windows 7 — a new risk

Microsoft has been focused on closing gaps in its Windows 10 OS. This left Windows 7 users walking into a new cybersecurity landmine on January 14, 2020. Microsoft ended support for the nine-year-old OS and will no longer issue security patches or updates.

This is particularly problematic, since almost 70% of organisations are still using Windows 7 in some capacity. It leaves them susceptible to a security issue, attack, or breach — unless they purchase extended support from Microsoft or upgrade to Windows 10.

Fixing the patch management challenge

Maintaining a frequent patching cadence is critical to mitigating cyber risk, but it doesn’t have to be a nightmare.

With the BitSight Security Ratings platform, your organisation can shine a spotlight on vulnerable, unpatched systems and out-of-date operating systems. It provides insight for both internal systems and across nth parties (partners, vendors, customers, etc.). Using these insights, IT teams can prioritise which patches are most critical and take steps to measurably reduce risk. In addition, security ratings make it easier to share actionable security information with other business functions.

This information allows teams to collaborate with each other on pressing security issues. It also helps reduce risk across your business ecosystem. Furthermore, because patching cadence is indicative of the likelihood of a breach, it has stepped into the spotlight as something the Board and C-suite is interested in. Security ratings mean this conversation becomes much easier. Information about vulnerabilities is provided in a straightforward and non-technical way that is easy for everyone to understand.

Organisations can also share security ratings with partners. This allows third parties to identify and rectify issues and blind spots in their systems and software — continuously and in real-time, without waiting on lengthy audits or assessments.

Time is of the essence

As the recent Windows 10 critical update shows, organisations must do everything they can to stay on top of their patching cadence and that of their vendors.

But there’s no need for organisations to be paralysed by the sheer volume of ongoing patches. Learn more about how BitSight can help.


https://www.bitsighttech.com/BitSight transforms how companies manage third and fourth party risk, underwrite cyber insurance policies, benchmark security performance, and assess aggregate risk with objective, verifiable and actionable Security Ratings.

Source link

The post #nationalcybersecuritymonth | New Windows Vulnerabilities Highlight Patch Management Challenges – appeared first on National Cyber Security.

View full post on National Cyber Security

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks

Source: National Cyber Security – Produced By Gregory Evans

chrome browser software update

Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days.

The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked ‘HIGH’ in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.

The brief description of the Chrome bugs, which impose a significant risk to your systems if left unpatched, are as follows:

  • Integer overflow in ICU — Reported by André Bargull on 2020-01-22
  • Out of bounds memory access in streams (CVE-2020-6407) — Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
  • Type confusion in V8 (CVE-2020-6418) — Reported by Clement Lecigne of Google’s Threat Analysis Group on 2020-02-18

The Integer Overflow vulnerability was disclosed by André Bargull privately to Google last month, earning him $5,000 in rewards, while the other two vulnerabilities — CVE-2020-6407 and CVE-2020-6418 — were identified by experts from the Google security team.

Google has said CVE-2020-6418, which stems from a type confusion error in its V8 JavaScript rendering engine, is being actively exploited, although technical information about the vulnerability is restricted at this time.

The search giant has not disclosed further details of the vulnerabilities so that it gives affected users enough time to install the Chrome update and prevent hackers from exploiting them.

A successful exploitation of the integer overflow or out-of-bounds write flaws could allow a remote attacker to compromise a vulnerable system by tricking the user into visiting a specially crafted web page that takes advantage of the exploit to execute arbitrary code on the target system.

It’s recommended that Windows, Linux, and macOS users download and install the latest version of Chrome by heading to Help > “About Chrome” from the settings menu.

The Original Source Of This Story: Source link

The post Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Patch Tuesday, February 2020 Edition — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.

A dozen of the vulnerabilities Microsoft patched today are rated “critical,” meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.

Last month, Microsoft released an advisory warning that attackers were exploiting a previously unknown flaw in IE. That vulnerability, assigned as CVE-2020-0674, has been patched with this month’s release. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.

Microsoft once again fixed a critical flaw in the way Windows handles shortcut (.lnk) files (CVE-2020-0729) that affects Windows 8 and 10 systems, as well as Windows Server 2008-2012. Allan Liska, intelligence analyst at Recorded Future, says Microsoft considers exploitation of the vulnerability unlikely, but that a similar vulnerability discovered last year, CVE-2019-1280, was being actively exploited by the Astaroth trojan as recently as September.

Another flaw fixed this month in Microsoft Exchange 2010 through 2019 may merit special attention. The bug could allow attackers to exploit the Exchange Server and execute arbitrary code just by sending a specially crafted email. This vulnerability (CVE-2020-0688) is rated “important” rather than “critical,” but Liska says it seems potentially dangerous, as Microsoft identifies this as a vulnerability that is likely to be exploited.

In addition, Redmond addressed a critical issue (CVE-2020-0618) in the way Microsoft SQL Server versions 2012-2016 handle page requests.

After a several-month respite from patches for its Flash Player browser plug-in, Adobe has once again blessed us with a security update for this program (fixes one critical flaw). Thankfully, Chrome and Firefox both now disable Flash by default, and Chrome and IE/Edge auto-update the program when new security updates are available. Adobe is slated to retire Flash Player later this year.

Other Adobe products for which the company shipped updates today include Experience Manager, Digital Editions, Framemaker and Acrobat/Reader (17 flaws). Security experts at Qualys note that on January 28th, Adobe also issued an out-of-band patch for Magento, labeled as Priority 2.

“While none of the vulnerabilities disclosed in Adobe’s release are known to be Actively Attacked today, all patches should be prioritized on systems with these products installed,” said Qualys’s Jimmy Graham.

Windows 7 users should be aware by now that while a fair number of flaws addressed this month by Microsoft affect Windows 7 systems, this operating system is no longer being supported with security updates (unless you’re an enterprise taking advantage of Microsoft’s paid extended security updates program, which is available to Windows 7 Professional and Windows 7 enterprise users).

If you rely on Windows 7 for day-to-day use, it’s probably time to think about upgrading to something newer. That might be a computer with Windows 10. Or maybe you have always wanted that shiny MacOS computer.

If cost is a primary motivator and the user you have in mind doesn’t do much with the system other than browsing the Web, perhaps a Chromebook or an older machine with a recent version of Linux is the answer (Ubuntu may be easiest for non-Linux natives). Whichever system you choose, it’s important to pick one that fits the owner’s needs and provides security updates on an ongoing basis.

Keep in mind that while staying up-to-date on Windows patches is a must, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re not losing your mind when the odd buggy patch causes problems booting the system.

So do yourself a favor and backup your files before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, keep an eye on the AskWoody blog from Woody Leonhard, who keeps a close eye on buggy Microsoft updates each month.



Tags: Alan Liska, CVE-2019-1280, CVE-2020-0618, CVE-2020-0674, CVE-2020-0688, Jimmy Graham, Microsoft Patch Tuesday February 2020, Qualys, Recorded Future

The source of this story comes from click here!

The post Microsoft Patch Tuesday, February 2020 Edition — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability

Source: National Cyber Security – Produced By Gregory Evans

NSA discloses a Windows security flaw that leaves more than 900 million devices vulnerable to spoofed digital certificates

The National Security Agency (NSA) isn’t exactly known for wanting to share information about vulnerabilities they discover. In fact, they kept the Microsoft bug known as Eternal Blue a secret for at least five years to exploit it as part of their digital espionage. (At least, you know, until it was eventually discovered and released by hackers).

But maybe they’ve had a change of heart. (If you truly
believe that, I have a bridge to sell you.)

The NSA, in an uncharacteristic show of transparency, recently announced a major public key infrastructure (PKI) security issue that exists in Microsoft Windows operating systems that’s left more than 900 million PCs and servers worldwide vulnerable to spoofing cyberattacks. This vulnerability is one of many vulnerabilities Microsoft released as part of their January 2020 security updates. Maybe they didn’t want a repeat of the last incident. Whatever the reason, we’re just glad they decided to disclose the potential exploit.

This risk of this vulnerability boils down to a weakness in
the application programming interface of Microsoft’s widely used operating
systems. But what exactly is this Windows 10 vulnerability? How does it affect
your organization? And what can you do to fix it?

Let’s hash it out.

What’s the Situation with This Windows 10 Vulnerability?

Windows 10 has been having a rough go of things these past several months in terms of vulnerabilities. In the latest Window 10 vulnerability news, the NSA discovered a vulnerability (CVE-2020-0601) that affects the cryptographic functionality of Microsoft Windows 32- and 64-bit Windows 10 operating systems and specific versions of Windows Server. Basically, the vulnerability exists within the Windows 10 cryptographic application programming interface — what’s also known as CryptoAPI (or what you may know as the good ol’ Crypt32.dll module) — and affects how it validates elliptic curve cryptography (ECC) certificates.

What it does, in a nutshell, is allow users to create websites and software that masquerade as the “real deals” through the use of spoofed digital certificates. A great example of how it works was created by a security researcher, Saleem Rashid, who tweeted images of NSA.com and Github.com getting “Rickrolled.” Essentially, what he did was cause both the Edge and Chrome browsers to spoof the HTTPS verified websites.

Although humorous, Rashid’s simulated attacks are a great
demonstration of how serious the security flaw is. By spoofing a digital
certificate to exploit the security flaw in CryptoAPI, it means that anyone can
pretend to be anyone — even official authorities.

CryptoAPI is a critical component of Microsoft Windows operating systems. It’s what allows developers to secure their software applications through cryptographic solutions. It’s also what validates the legitimacy of software and secure website connections through the use of X.509 digital certificates (SSL/TLS certificates, code signing certificates, email signing certificates, etc.). So, basically, the vulnerability’s a bug in the OS’s appliance for determining whether software applications and emails are secure, and whether secure website connections are legitimate.

So, what the vulnerability does is allow actors to bypass
the trust store by using malicious software that are signed by forged/spoofed ECC
certificates (doing so makes them look like they’re signed by a trusted
organization). This means that users would unknowingly download malicious or
compromised software because the digital signature would appear to be from a
legitimate source.

This vulnerability can cause other issues as well, according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA):

This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.”

Does This Mean ECC Is Not Secure?

No. This flaw in no way, shape, or form affects the
integrity of ECC certificates. It does, however, cast a negative light on
Windows’ cryptographic application programming interface by shining a spotlight
on the shortcomings of its validation process.

Let me reiterate: This is a flaw concerning Windows
CryptoAPI and does not affect the integrity of the ECC certificates themselves.

If you’re one of the few using ECC certificates (you know, since RSA is still
the more commonly used than ECC), this doesn’t impact the security of your certificates.

The patch from Microsoft addresses the vulnerability to
ensure that Windows CryptoAPI fully validates ECC certificates.

What This Windows 10 Vulnerability Means for Your Organization

Basically, this cryptographic validation security flaw
impacts both the SSL/TLS communication stream encryption and Windows
Authenticode file validation. Malicious actors who decide to exploit the CryptoAPI
vulnerability could use it to:

  • defeat trusted network connections to carry out man-in-the-middle (MitM) attacks and compromise confidential information;
  • deliver malicious executable code;
  • prevent browsers that rely on CryptoAPI from validating malicious certificates that are crafted to appear from an unauthorized hostname; and
  • appear as legitimate and trusted entities (through spoofing) to get users to engage with and download malicious content via email and phishing websites.

The NSA press release states:

NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”

Steps to Take to Mitigate This Bug

Wondering what you should do to mitigate the threat on your
network and devices? The NSA has a few recommendations:

Get to Patchin’ ASAP

The NSA recommends installing a newly-released patch from Microsoft for Windows 10 operating systems and Windows Server (versions 2016 and 2019) as soon as possible on all endpoints and systems. Like, right now. Get to it! As a best practice, you also can turn on automatic updates to ensure that you don’t miss key updates in the future.

According to Microsoft’s Security Update Guide:

After the applicable Windows update is applied, the system will generate Event ID 1 in the Event Viewer after each reboot under Windows Logs/Application when an attempt to exploit a known vulnerability ([CVE-2020-0601] cert validation) is detected.”

Here at The SSL Store, we’ve already rolled out the patch to ensure that all of our servers and endpoint devices are protected. (Thanks, Ross!) Rolling out these kinds of updates is something you don’t want to wait around to do because it leaves your operating systems — and everything else as a result — vulnerable to spoofing and phishing attacks using spoofed digital certificates.

Prioritize Your Patching Initiatives

But what if you’re a major enterprise that can’t just get it
done with a snap of the fingers? (Yeah, we know how you big businesses
sometimes like to do things.) In that case, they recommend prioritizing
patching your most critical endpoints and those that are most exposed to the
internet. Basically,
patch your
mission-critical systems and infrastructure, internet-facing systems, and
networked servers first.

Implement Network Prevention and Detection Measures

For those of you who route your traffic through proxy
devices, we have some good news. While your endpoints are getting patched, your
proxy devices can help you detect and isolate vulnerable endpoints. That’s
because you can use TLS inspection proxies to validate SSL/TLS certificates
from third parties and determine whether to trust or reject them.

You also can review logs and packet analysis to extract
additional data for analysis and check for malicious or suspicious properties.

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: https://www.thesslstore.com/blog/nsa-microsoft-releases-patch-to-fix-latest-windows-10-vulnerability/

Source link

The post #cybersecurity | #hackerspace |<p> NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | VERT Threat Alert: January 2020 Patch Tuesday Analysis

Source: National Cyber Security – Produced By Gregory Evans

Today’s VERT Alert addresses Microsoft’s January 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-866 on Wednesday, January 15th. 

In-The-Wild & Disclosed CVEs

CVE-2020-0601

While there are no in-the-wild and disclosed CVEs in the January patch drop, there is a lot of discussion around CVE-2020-0601. The vulnerability allows for Elliptic Curve Cryptography (ECC) spoofing due to the way these certificates are validated. This vulnerability was reported to Microsoft by the NSA and rumors in various publications indicate that certain government agencies and enterprises were given advance notice of this vulnerability.

Microsoft has rated this as a 1 (Exploitation More Likely) on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Windows Update Stack
1
CVE-2020-0638
Windows Hyper-V
1
CVE-2020-0617
Windows Subsystem for Linux
1
CVE-2020-0636
ASP.NET
2
CVE-2020-0602, CVE-2020-0603
Microsoft Windows
8
CVE-2020-0601, CVE-2020-0608, CVE-2020-0616, CVE-2020-0620, CVE-2020-0621, CVE-2020-0624, CVE-2020-0635, CVE-2020-0644
Apps
1
CVE-2020-0654
.NET Framework
3
CVE-2020-0605, CVE-2020-0606, CVE-2020-0646
Microsoft Graphics Component
4
CVE-2020-0607, CVE-2020-0622, CVE-2020-0642, CVE-2020-0643
Microsoft Scripting Engine
1
CVE-2020-0640
Common Log File System Driver
3
CVE-2020-0615, CVE-2020-0639, CVE-2020-0634
Microsoft Dynamics
1
CVE-2020-0656
Windows Media
1
CVE-2020-0641
Microsoft Windows Search Component
12
CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633
Microsoft Office
5
CVE-2020-0647, CVE-2020-0650, CVE-2020-0651, CVE-2020-0652, CVE-2020-0653
Windows RDP
5
CVE-2020-0609, CVE-2020-0610, CVE-2020-0611, CVE-2020-0612, CVE-2020-0637

 

Other Information

There were no new advisories released today. However, it is worth mentioning that today marks the final day of support for Windows 7, Windows Server 2008, and Windows Server 2008 R2. These platforms are now considered end of life and (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> VERT Threat Alert: January 2020 Patch Tuesday Analysis <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

Source: National Cyber Security – Produced By Gregory Evans

drupal website hacking

If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time.

Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system.

Considering that Drupal-powered websites are among the all-time favorite targets for hackers, the website administrators are highly recommended to install the latest release Drupal 7.69, 8.7.11, or 8.8.1 to prevent remote hackers from compromising web servers.

Critical Symlinks Vulnerability in Drupal

The only advisory with critical severity includes patches for multiple vulnerabilities in a third-party library, called ‘Archive_Tar,’ that Drupal Core uses for creating, listing, extracting, and adding files to tar archives.

The vulnerability resides in the way the affected library untar archives with symlinks, which, if exploited, could allow an attacker to overwrite sensitive files on a targeted server by uploading a maliciously crafted tar file.

Due to this, to be noted, the flaw only affects Drupal websites that are configured to process .tar, .tar.gz, .bz2, or .tlz files uploaded by untrusted users.

According to Drupal developers, a proof-of-concept exploit for this vulnerability already exists and considering the popularity of Drupal exploits among hackers, you may see hackers actively exploiting this flaw in the wild to target Drupal websites.

Moderately Critical Drupal Vulnerabilities

Besides this critical vulnerability, Drupal developers have also patched three “moderately critical” vulnerabilities in its Core software, brief details of which are as follows:

  • Denial of Service (DoS): The install.php file used by Drupal 8 Core contains a flaw that can be exploited by a remote, unauthenticated attacker to impair the availability of a targeted website by corrupting its cached data.
  • Security Restriction Bypass: The file upload function in Drupal 8 does not strip leading and trailing dot (‘.’) from filenames, which can be used by an attacker with file upload ability to overwrite arbitrary system files, such as .htaccess to bypass security protections.
  • Unauthorized Access: This vulnerability exists in Drupal’s default Media Library module when it doesn’t correctly restrict access to media items in certain configurations. Thus, it could allow a low-privileged user to gain unauthorized access to sensitive information that is otherwise out of his reach.

According to the developers, affected website administrators can mitigate the access media bypass vulnerability by unchecking the “Enable advanced UI” checkbox on /admin/config/media/media-library, though this mitigation is not available in 8.7.x.

Web Application Firewall

All the above “moderately critical” vulnerabilities have been patched with the release of Drupal versions 8.7.11 and 8.8.1, and at the time of writing, no proof-of-concept for these flaws have been made available.

Since a proof-of-concept exists for the critical Drupal vulnerability, users running vulnerable versions of Drupal are highly recommended to update their CMS to the latest Drupal core release as soon as possible.

The Original Source Of This Story: Source link

The post Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw appeared first on National Cyber Security.

View full post on National Cyber Security

Announcing updates to our Patch Rewards program in 2020

Source: National Cyber Security – Produced By Gregory Evans Posted by Jan Keller, Technical Program Manager, Security  At Google, we strive to make the internet safer and that includes recognizing and rewarding security improvements that are vital to the health of the entire web. In 2020, we are building on this commitment by launching a […] View full post on AmIHackerProof.com

December Patch Tuesday blunts WizardOpium attack chain – Naked Security

Source: National Cyber Security – Produced By Gregory Evans December 2019’s Patch Tuesday updates are out, and for the most part, it’s the usual undemanding Christmas load for admins to browse through. All told, there are 36 CVE-level vulnerabilities, seven of which are marked ‘critical’, 27 important, and one each for low and moderate. Predictably, […] View full post on AmIHackerProof.com