Please see Security Advisories for the week ending June 19, 2020
- Critical 'Ripple20' Vulnerabilities Affecting Millions of Internet Connected Devices
- Microsoft Releases Security Updates for Windows
- Cisco WebEx Meetings, Cisco TelePresence and Cisco RV Series Routers Security Updates
- CERT NZ Releases Advisory on Ransomware Campaign
- Drupal Releases Security Updates
- Adobe Releases Security Updates for Multiple Products
- Google Chrome Security Updates for Desktop Browsers
________________________________
Critical 'Ripple20' Vulnerabilities Affecting Millions of Internet Connected Devices
Situation
Multiple TCP/IP vulnerability’s were found in a software library created by Treck, called Ripple20, and were found to affect millions of internet connected devices that could let remote attacks take over, turn off or destroy, or disable the devices by issuing commands to the devices.
Problem
Ripple 20 Vulnerabilities leave millions of internet connected devices open to attack. Multiple companies worldwide are working to push out patches for the 19 vulnerabilities.
Implication
Devices unpatched and unsecured from the network could be vulnerable to exploits that would allow remote or local attackers to exploit the vulnerabilities to take over the device force the device offline or perform unsafe actions by changing commands. As well as exposing sensitive information.
Need
Its recommended you visit your devices support pages and install any recommended security or software updates. As this is widespread, the process to patch may differ based on manufacturer.
For a detailed overview:
________________________________
Microsoft Releases Security Updates for Windows
Situation
Microsoft has released a Version update to the Windows 10 platform Version 1903. This new update addresses vulnerabilities that attackers could exploit and overwrite or modify protected files and gain elevated privileges.
Problem
Microsoft addressed an issue where an attacker could login to a system and run a specifically crafted application to modify system files and escalate their account privileges to admin/system.
Implication
Unpatched systems are vulnerable to a user running specific application to modify system protected files and escalate their users privileges to admin or system.
Need
Microsoft Recommends checking with your IT team before updating your system using windows update to install version 1909 to ensure proper compatibility prior to installation.
________________________________
Cisco WebEx Meetings, Cisco TelePresence and Cisco RV Series Routers Security Updates
Situation
Cisco has discovered and patched several security vulnerabilities in its Cisco Webex Meetings application, Cisco TelePresence Collaboration Endpoint & RoomOS software, and its Cisco small business RV series routers.
Problem
Cisco has identified numerous security vulnerabilities for its Cisco Webex Meetings application for macOS and Windows that a remote attacker can exploit to execute remote commands and take control of affected systems.
Cisco has identified security vulnerabilities for its Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software that could allow a remote attacker to modify the filesystem to cause a denial of service or gain privileged access to the root filesystem.
Cisco has identified several security vulnerabilities for its Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow a remote attacker to cause the device to crash or allow the attacker to execute malicious code.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Cisco advises patching to the latest version of Cisco Webex Meetings application. As well as updating to the latest version of the Cisco TelePresence Collaboration Endpoint & RoomOS software. And patching to the latest version of the Cisco small business RV series router software.
For a brief overview:
https://www.us-cert.gov/ncas/current-activity/2020/06/18/cisco-releases-multiple-security-updates
For a detailed overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
CERT NZ Releases Advisory on Ransomware Campaign
Situation
New Zealand Computer Emergency Response Team (Cert NZ) has released an advisory on a ransomware campaign leveraging remote access technologies.
Problem
Ransomware campaigns are targeting remote desktop services and VPN technologies using weak authentication and unpatched vulnerabilities to attack and encrypt user endpoints then demand payment for an unlock key. The newer ransomware tools are taking advantage of psexec and privilege escalation as well as cloaking the ransomware, so you may wind up making a backup with the ransomware on it so when you restore it is still infected to activate later and encrypt to make restoring from backup difficult.
Implication
Machines and systems affected or targeted by ransomware have a high risk of having their files stolen, encrypted, and ransomed. Failing to take preventative measures or validating backups not only for consistency but virus removal as well as other steps listed in the advisory could lead to paying a hefty ransom for the chance to get your data back or having to start from an older backup or from the start.
Need
Cert NZ recommends reviewing their advisory and begin implementing preventative and counter measures against ransomware.
For a brief overview:
For a detailed overview:
________________________________
Drupal Releases Security Updates
Situation
Drupal has released 2 new security advisories against its Drupal 7, 8.8, 8.9, and 9.0 platforms.
Problem
Drupal has found and released patches for its Drupal 7, 8.8, 8.9, and 9.0 platforms. There were 2 critical vulnerabilities listed where remote attackers could use the exploits to remotely compromise and take over the unpatched systems using cross site arguments or tricking administrators into visiting a malicious site allowing a directory to be created on the platform and the remote attacker could launch remote code execution.
Implication
Unpatched systems are vulnerable to the 2 exploits and leave the system open to remote attack and could compromise the system allowing remote takeover of the affected systems.
Need
Drupal has recommended updating to the latest version however versions Prior to 8.8 are considered end of life and do not receive security coverage so please update to 8.8.8 minimum.
For brief overview:
https://www.us-cert.gov/ncas/current-activity/2020/06/18/drupal-releases-security-updates
For a detailed overview:
https://www.drupal.org/sa-core-2020-005
https://www.drupal.org/sa-core-2020-004
________________________________
Adobe Releases Security Updates for Multiple Products
Situation
Adobe has released security updates across multiple software applications to prevent vulnerabilities which may allow a remote attacker to exploit unpatched software and gain remote access or control to the machine with the software installed.
Problem
Adobe has found and patched vulnerabilities in their software packages. These vulnerabilities could allow a remote attacker to exploit the software and gain remote access or control the affected machine or obtain leaked information from the application. The affected programs are Campaign Classic, After Effects, Illustrator, Premiere Pro, Premiere Rush, and Adobe Audition.
Implication
If this software remains unpatched it leaves vulnerabilities exposed where a remote attacker could exploit the software and obtain remote access or remote control over the machine affected or obtain information from the software.
Need
Adobe Recommends installing the latest patches for the affected software distributions.
For a brief overview:
________________________________
Google Chrome Security Updates for Desktop Browsers
Situation
Google Chrome has released a security update version 83.0.4103.106 for Windows, Mac, and Linux.
Problem
Vulnerability CVE-2020-6505 exists due to a use-after-free error within the speech component in Chrome. A remote attacker can create a specially crafted web page that triggers a use-after-free error and execute arbitrary code on the target system.
Vulnerability CVE-2020-6506 exists due to insufficient policy enforcement in WebView in Google Chrome. Which could allow a remote attacker to bypass implemented security restrictions.
Vulnerability CVE-2020-6507 exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page that could trigger out-of-bounds write and execute arbitrary code on the target system.
Implication
If an attacker is able to successfully exploit one of these vulnerabilities it may allow them to take control of the affected system.
Need
Google recommends users and administrators to update their Chrome browser to version 83.0.4103.106.
For a brief overview:
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
__________