Please see Security Advisories for the week ending February 11, 2022
CISA Adds 15 Known Exploited Vulnerabilities to its Catalog
Palo Alto Networks Security Advisories – February 2022
Citrix Releases Security Updates for Hypervisor
Mozilla Releases Security Updates for Firefox and Firefox ESR
Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)
Microsoft Releases February 2022 Security Updates
FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware
_______________________________
CISA Adds 15 Known Exploited Vulnerabilities to its Catalog
Situation
The Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its known exploited vulnerabilities catalog, based on evidence of threat actors actively exploiting these vulnerabilities. This type of vulnerability is frequently used as a attack vector for malicious cyber actors of all types and pose significant risk if left unpatched.
Problem
The vulnerabilities that were added to this report include a Microsoft remote code execution vulnerabilities, Apple OS X heap-based buffer overflow and authentication bypass vulnerabilities, Apache improper input validation vulnerabilities, D-Link DIR-645 router remote code execution vulnerability, Oracle WebLogic Server remote code execution, and more.
Implication
Failure to implement timely remediation of these cataloged vulnerabilities could leave an organizations exposed to potential cyberattacks.
Need
The CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.
For a brief overview:
CISA Vulnerabilities to Catalog:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
________________________________
Palo Alto Networks Security Advisories – February 9, 2022
Situation
Palo Alto Networks has published 7 new Security Advisories at https://security.paloaltonetworks.com on February 9, 2022.
Problem
Multiple vulnerabilities currently exist in GlobalProtect App, Cortex XSOAR, and PAN-OS, including privilege escalation, cross-site scripting, and insufficient credential protection.
Implication
Failing to take the relevant measures to mitigate these vulnerabilities may leave one vulnerable to compromise.
Need
Palo Alto encourages users and administrators to review the advisories and follow the recommended guidelines. For a technical overview:
https://security.paloaltonetworks.com/
________________________________
Citrix Releases Security Updates for Hypervisor
Situation
Citrix has released security updates to address vulnerabilities in Hypervisor.
Problem
An issue has been identified that may allow privileged code in a PV guest VM to cause the host to crash. This issue has the following identifier: CVE-2022-23034
Note that PV guests are supported in Citrix XenServer 7.1 LTSR but are not supported in Citrix Hypervisor 8.2 LTSR. Customers who have not deployed PV guests are not affected by CVE-2022-23034.
Implication
An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Need
CISA encourages users and administrators to review Citrix Security Update CTX337526 and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://support.citrix.com/article/CTX337526
________________________________
Mozilla Releases Security Updates for Firefox and Firefox ESR
Situation
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.
Problem
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.
This bug only affects Firefox on Windows. Other operating systems are unaffected.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 97 and Firefox ESR 91.6 and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/
________________________________
Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)
Situation
On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM).
Implication
Impacted organizations could experience:
- theft of sensitive data,
- financial fraud,
- disruption of mission-critical business processes,
- ransomware, and
- halt of all operations.
Need
CISA recommends operators of SAP systems review SAP’s February 2022 Security Updates page, the Onapsis Research Labs Threat Report: SAP ICMAD Vulnerabilities, and the Onapsis GitHub page for more information and apply necessary updates and mitigations.
For a brief overview:
For a more technical overview:
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
________________________________
Microsoft Releases February 2022 Security Updates
Situation
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
Implication
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review Microsoft’s February 2022 Security Update Summary and Deployment Information and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
________________________________
FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware
Situation
The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.
Problem
LockBit 2.0 compromises victim networks via purchased access, unpatched vulnerabilities, insider access, and zero day exploits.
Implication
Upon successful infilitration, LockBit 2.0 will exfiltrate data followed by the Lockbit malware. The actors then leave ransom notes demanding payment.
Need
Review the IOCs and the technical paper and apply the mitigations.
For more information: https://www.ic3.gov/Media/News/2022/220204.pdf