Please see Security Advisories for the week ending July 17, 2020
- SAP Critical Security Update for RECON Vulnerability
- Microsoft Releases Security Update for Edge
- Mozilla Releases Security Updates for Thunderbird
- Malicious Cyber Actors Use of Network Tunneling and Spoofing to Obfuscate Geolocation
- Apple Releases Security Updates
- Cisco Releases Security Updates for Multiple Products
- Oracle Releases July 2020 Security Bulletin
- Apache releases security advisories for Apache Tomcat
- Google Releases Security Updates for Chrome v84
- Microsoft Releases July 2020 Security Updates
________________________________
SAP Critical Security Update for RECON Vulnerability
Situation
SAP released a security update to address a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. Which can allow an unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. Potentially vulnerable SAP business solutions include any SAP Java-based solution.
Problem
The vulnerability (CVE-2020-6287), dubbed RECON (Remotely Exploitable Code On NetWeaver), is rated with a maximum CVSS score of 10 out of 10. RECON can allow a remote and unauthenticated attacker, who has access to the targeted system, to exploit the vulnerability to create a new SAP admin user, allowing them to bypass access and authorization controls and gain full control of the SAP system. The RECON vulnerability is present by default with all SAP applications running on top of SAP NetWeaver AS Java 7.3 and any newer versions (up to SAP NetWeaver 7.5).
Implication
If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account (adm) allowing them to take control of the affected system. An attacker can also have the ability to read, write, modify, and delete any record, file, or report on the compromised system.
Need
SAP and the Cybersecurity and Infrastructure Security Agency (CISA) strongly recommend organizations immediately apply patches. And recommends organizations prioritize patching internet-facing systems first, and then internal systems.
Organizations that are unable to immediately patch should mitigate the vulnerability by disabling the LM Configuration Wizard service. If these options are unavailable or if the actions will take more than 24 hours to complete, it is strongly recommends closely monitoring your SAP NetWeaver AS for anomalous activity. The link below provides additional information and ways to mitigate.
For a brief overview:
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
For a detailed overview:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
________________________________
Microsoft Releases Security Update for Edge
Situation
Microsoft has found and patched a vulnerability in its Chromium based Edge browser which could allow an attacker to gain elevated privileges.
Problem
Microsoft has found that if an attacker exploits a vulnerability in Dynamic Link Library files where an attacker could drop DLL files and gain elevated permissions on the affected system
Implication
Unpatched systems run the risk of an attacker being able to elevate privileges using this exploit in Chromium based Edge browsers and gaining further access to the system.
Need
Microsoft recommends installing available updates for its windows platforms and Edge Browser.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/microsoft-releases-security-update-edge
For a detailed overview:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1341
________________________________
Mozilla Releases Security Updates for Thunderbird
Situation
Mozilla has discovered and patched numerous vulnerabilities in its open source email client Thunderbird.
Problem
Mozilla has found and patched several bugs in its most recent version of Thunderbird that an attacker can exploit to take control of unpatched systems.
Implication
Failure to patch systems could result in loss of control of affected systems.
Need
Mozilla advises patching to the most up to date version of Thunderbird, version 78.
For a brief overview:
For a detailed overview:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/
________________________________
Malicious Cyber Actors Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Situation
Malicious actors are using spoofing for geolocation and encapsulation network traffic to sneak what traffic they are sending or receiving, and from where, to prevent tracking them down or identifying malware on the network
Problem
Cyber attackers are making it harder to detect and locate them across the world, and on networks, by masking their location and encapsulating their traffic.
Implication
It’s harder to detect and scan for malicious traffic with encapsulation and harder to track down cyber criminals when they use geo spoofing and multiple traffic encapsulation.
Need
US-Cert has released an advisory with some detailed mitigation for this type of obfuscated attacks.
For a brief overview:
https://us-cert.cisa.gov/ncas/alerts/aa20-198a
________________________________
Apple Releases Security Updates
Situation
Apple has released security updates to address vulnerabilities in multiple products including: macOS Catalina, Mojave, and High Sierra, tvOS, watchOS, iOS, iPadOS, and Safari.
Problem
Apple has identified several security vulnerabilities for its products that a remote attacker can exploit and take control of affected systems. Unpatched systems could allow attackers to cause denial of service, execute malicious code, and gain control of compromised systems.
Implication
Failure to patch systems could result in loss of control of affected systems, possible compromise of systems, and network integrity.
Need
Apple advises patching to the latest version of Catalina 10.15.6, security update 2020-004 for Mojave, security update 2020-004 for High Sierra, iOS 13.6, iPadOS 13.6, watchOS 6.2.8, and Safari 13.1.2.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/apple-releases-security-updates
For a detailed overview:
https://support.apple.com/en-us/HT211289
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has discovered and patched numerous vulnerabilities: Cisco Prime License Manager (PLM) software, Cisco Data Center Network Manager software, Cisco SD-WAN management software, and for its small business routers RV110W, RV130, RV130W, and RV215W.
Problem
Cisco has found and patched 31 known vulnerabilities across its products and has issued patches. Unpatched systems are exposed to a multitude of vulnerabilities that could allow attackers to cause denial of service, perform information gathering attacks, and gain complete control of compromised systems.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Cisco advises patching the software and hardware to the most recent security updates. There are several security updates so please follow the Cisco technical link provided to ensure all necessary systems are patched.
For a brief overview:
For a detailed overview:
________________________________
Oracle Releases July 2020 Security Bulletin
Situation
Oracle has released critical patches for 433 vulnerabilities across a large amount of their products
Problem
Oracle has found and patched 433 known vulnerabilities across its products and has begun to issue patches. Exploiting even some of the vulnerabilities could allow attackers to launch denial of service attacks to the affected devices up to complete takeover of the devices.
Implication
Unpatched systems are vulnerable to multitudes of vulnerability’s that could allow attackers to cause denial of service, information gathering attacks, as well as possibility of complete takeover of systems
Need
Please visit Oracles Patch advisory and follow instructions to install updates from there to further secure your Oracle environment.
For a brief overview:
For a detailed overview:
https://www.oracle.com/security-alerts/cpujul2020.html
________________________________
Apache releases security advisories for Apache Tomcat
Situation
The Apache Software Foundation has released security advisories that address multiple vulnerabilities in Apache Tomcat.
Problem
Vulnerabilities have been found in Apache Tomcat that can lead to denial of service.
Implication
Unpatched systems are vulnerable to multitudes of vulnerability’s that could allow attackers to cause denial of service, as well as possibility of complete takeover of systems
Need
If you are running the affected Apache Tomcat versions, please update to the latest version. See the above CVE security advisories for more details.
For a detailed overview:
________________________________
Google Releases Security Updates for Chrome v84
Situation
Google will be rolling out security updates for Chrome v84 that will provide fixes, improvements, and security updates for Windows, Mac, and Linux.
Problem
38 security vulnerabilities were found in Chrome and have been fixed in this latest version.
Implication
These vulnerabilities range from the level “low” to “critical” and include vulnerabilities such as heap buffer overflows, improper implementations, and out of bounds memory access.
Need
Manually check if an update is available in Chrome or restart when you see the update icon in the top right corner.
For a detailed overview:
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
________________________________
Microsoft Releases July 2020 Security Updates
Situation
Microsoft has released the July 2020 Security updates for a large amount of Microsoft products.
Problem
A large number of vulnerabilities that go up to critical level are found and addressed by Microsoft in this monthly rollup.
Implication
These updates address a variety of different vulnerabilities such as remote code execution and privilege escalation.
Need
Apply the necessary security updates for all Microsoft products in use. Please review the detailed description below for details on affected products.
For a detailed overview:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul