Exposures, Exposed! Weekly Round-up July 8-14
Every week, “Exposures, Exposed!” cuts through the noise to bring you the latest critical cyber vulnerabilities. Our security gurus are on the case, uncovering the most important exposure incidents so you can stay informed and protected.
Here’s what we’ve got for you this week:
Microsoft Rushes Patch for Actively Exploited Zero-Days
Microsoft's July Patch Tuesday fixes a critical issue: four zero-day exploits actively used in attacks. Two target Windows Hyper-V (CVE-2024-38080) and the MSHTML engine (CVE-2024-38112), allowing privilege escalation or content spoofing. Experts urge immediate patching as the update also addresses five critical remote code execution (RCE) vulnerabilities and flaws in .NET, Visual Studio, and Arm processors.
While not actively exploited, vulnerabilities in Microsoft Office (CVE-2024-38021) and other areas (CVE-2024-35264, CVE-2024-37985) highlight the importance of applying updates promptly.
The Takeaway: Apply July's Microsoft Patch Tuesday updates immediately to address critical security vulnerabilities. Learn more here.
CISA, FBI Warn of Network Device Vulnerabilities
CISA and the FBI issued a joint alert on security flaws in network devices. The alert highlights vulnerabilities known as OS command injection, which can allow attackers to take control of devices. These vulnerabilities were found in Cisco, Palo Alto Networks, and Ivanti products.
The agencies recommend a "secure by design" approach for software development to prevent these issues. This includes validating user input, separating data from commands, and using secure coding practices. Software manufacturers are also urged to be transparent about security issues and prioritize proactive security measures.
The Takeaway: Businesses and device manufacturers should take steps to eliminate OS command injection vulnerabilities and adopt secure coding practices. Learn more here.
GitLab Rushes Patch for Critical Pipeline Flaw
GitLab scrambled to release security updates for a critical vulnerability (CVE-2024-6385) in its platform. This flaw allows attackers to potentially hijack user accounts and run malicious code. This comes just a month after patching a similar critical issue (CVE-2024-5655). The vulnerability affects GitLab versions 15.8 to 16.11.5, 17.0.0 to 17.0.3, and 17.1.0 to 17.1.1.
This incident underscores the ongoing battle against software vulnerabilities. Citrix recently patched a critical authentication flaw (CVE-2024-6235) in NetScaler products, while Broadcom addressed medium-severity vulnerabilities in VMware Cloud Director and Aria Automation (CVE-2024-22277 & CVE-2024-22280).
The Takeaway: GitLab users must update immediately. This incident highlights the importance of software updates and vendor focus on security. Learn more here.
New Zero-Click RCE Flaw Found in Microsoft Outlook
Morphisec researchers discovered a critical zero-click RCE vulnerability (CVE-2024-38021) impacting most Microsoft Outlook applications. Unlike a previous flaw (CVE-2024-30103) requiring login, this one exploits trusted senders without requiring user interaction.
While Microsoft rated it "Important," Morphisec urges them to reclassify it to "Critical" due to the potential for widespread attacks. Patching is available as part of July's Patch Tuesday updates.
The Takeaway: Update Microsoft Outlook and Office applications immediately. Implement email security measures and educate users about email security. Learn more here.
Critical Vulnerabilities Patched in SAP July Update
SAP addressed critical security flaws in its July patch update. The most severe issue (CVE-2024-39592) allows unauthorized access to data within SAP PDCE, a tool used for lifecycle cost estimation. Another critical flaw (CVE-2024-39597) could grant attackers unauthorized access to SAP Commerce sites with improper configuration.
Beyond these critical issues, SAP patched 15 medium-severity vulnerabilities across various products, including information disclosure, file upload, and authorization check flaws. While SAP hasn't confirmed these vulnerabilities being exploited, attackers are known to target unpatched SAP products.
The Takeaway: SAP users should prioritize updating their applications immediately to address critical security vulnerabilities. Learn more here.
Popular Git Service Hit with Critical Flaws
Security researchers identified critical vulnerabilities (CVE-2024-39930, CVE-2024-39931, CVE-2024-39932) in Gogs, a popular open-source Git service. These vulnerabilities carry a maximum severity score of 9.9 on the CVSSv3 scale, indicating potential for severe exploitation.
Attackers with valid accounts could exploit these flaws to execute malicious code on the server (CVE-2024-39930), delete internal Gogs files (CVE-2024-39931), or inject malicious arguments during code preview (CVE-2024-39932).
The Takeaway: Gogs users and administrators should disable the built-in SSH server and user registration for now. Update to the latest version as soon as a patch becomes available. Learn more here.
Citrix Patches Critical NetScaler Vulnerabilities
Citrix released security patches for critical and high-severity flaws in its NetScaler products. The most severe issue (CVE-2024-6235) allows unauthorized access to sensitive information. Other vulnerabilities could lead to denial-of-service attacks or privilege escalation.
These vulnerabilities impact NetScaler ADC, NetScaler Gateway, NetScaler Console, NetScaler Agent, and NetScaler SVM. Citrix recommends updating to the latest versions immediately.
The Takeaway: Update all affected Citrix products to address critical security vulnerabilities. Learn more here.
New Race Condition Bug Discovered in OpenSSH
A new security bug has been discovered in OpenSSH. This bug was found during a review of CVE-2024-6387, which was previously disclosed earlier this month.
The main difference between this new bug and CVE-2024-6387 lies in the race condition and remote code execution (RCE) potential, which are triggered in the privsep child process. This process operates with reduced privileges compared to the parent server process. As a result, the immediate impact of this new bug is lower. However, there could be differences in how these vulnerabilities are exploited in specific scenarios, potentially making one more attractive to attackers. If only one vulnerability is fixed, the other might become more significant.
The Takeaway: Administrators should immediately review and apply patches to mitigate these vulnerabilities in their OpenSSH servers. Learn more here.
That’s all for this week – have any exposures to add to our list? Let us know!
Discover 11 real-life attack paths and learn how to fortify your defenses against evolving threats. Dive into the minds of cyber attackers with our latest eBook 🚀