Security Flaws & Fixes - W/E - 9/13/19
Adobe Fixes Vulnerabilities in Flash, Application Manager (09/11/2019)
Adobe released a security update for the Application Manager installer for Windows. This update resolves an insecure library loading vulnerability in the installer that could lead to arbitrary code execution. The vendor also issued updates for Flash Player for Windows, macOS, Linux and Chrome to alleviate potential arbitrary code execution.
Adobe released a security update for the Application Manager installer for Windows. This update resolves an insecure library loading vulnerability in the installer that could lead to arbitrary code execution. The vendor also issued updates for Flash Player for Windows, macOS, Linux and Chrome to alleviate potential arbitrary code execution.
BlueKeep Zero-Day Added to Metasploit Framework (09/09/2019)
Rapid7 has added the BlueKeep exploit to its Metasploit framework. The bug affects the Remote Desktop Protocol in Windows. In a post regarding this development, Rapid7's Brent Cook said, "By default, Metasploit's BlueKeep exploit only identifies the target operating system version and whether the target is likely to be vulnerable. The exploit does not currently support automatic targeting; it requires the user to manually specify target details before it will attempt further exploitation." With the public release of the exploit, both security researchers and cybercriminals now have access to it.
Rapid7 has added the BlueKeep exploit to its Metasploit framework. The bug affects the Remote Desktop Protocol in Windows. In a post regarding this development, Rapid7's Brent Cook said, "By default, Metasploit's BlueKeep exploit only identifies the target operating system version and whether the target is likely to be vulnerable. The exploit does not currently support automatic targeting; it requires the user to manually specify target details before it will attempt further exploitation." With the public release of the exploit, both security researchers and cybercriminals now have access to it.
Data Exposure Bugs Found in D-Link, Comba Telecom Routers (09/10/2019)
Researchers at Trustwave identified five credential leaking vulnerabilities: five in D-Link DSL-2875AL, a dual band wireless AC750 ADSL2+ modem; and three in Comba Telecom's WiFi routers. All the vulnerabilities involve insecure storage of credentials including three where cleartext credentials are available to any user with network access to the device. Comba Telecom, despite several notifications, was unresponsive to Trustwave's claims. D-Link told Trustwave it could not escalate the issues within the anticipated 90-day window for a patch and has since stopped responding to the researchers.
Researchers at Trustwave identified five credential leaking vulnerabilities: five in D-Link DSL-2875AL, a dual band wireless AC750 ADSL2+ modem; and three in Comba Telecom's WiFi routers. All the vulnerabilities involve insecure storage of credentials including three where cleartext credentials are available to any user with network access to the device. Comba Telecom, despite several notifications, was unresponsive to Trustwave's claims. D-Link told Trustwave it could not escalate the issues within the anticipated 90-day window for a patch and has since stopped responding to the researchers.
Delta Electronics Update Mitigates Vulnerabilities in TPEditor (09/10/2019)
Delta Electronics' TPEditor is vulnerable to several security issues, including a stack-based overflow. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, or may crash the application, according to an ICS-CERT advisory. Delta Electronics recommends affected users update to the latest version of Delta Industrial Automation TPEditor, Version 1.95.
Delta Electronics' TPEditor is vulnerable to several security issues, including a stack-based overflow. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, or may crash the application, according to an ICS-CERT advisory. Delta Electronics recommends affected users update to the latest version of Delta Industrial Automation TPEditor, Version 1.95.
Google Chrome Now in Version 77 (09/11/2019)
Google released Chrome 77, which contains over 50 security updates. The most critical issue resolved is a use-after-free vulnerability in media that was reported to Google by Qihoo 360.
Google released Chrome 77, which contains over 50 security updates. The most critical issue resolved is a use-after-free vulnerability in media that was reported to Google by Qihoo 360.
Intel's Easy Streaming Wizard Requires Update for Security Reasons (09/11/2019)
Intel posted an advisory regarding its Easy Streaming Wizard. It is recommended that users update to version 2.1.0731 due to an improper file permissions vulnerability.
Intel posted an advisory regarding its Easy Streaming Wizard. It is recommended that users update to version 2.1.0731 due to an improper file permissions vulnerability.
IoT Web Radios Open to Cyber Attacks Thanks to Weak Passwords (09/10/2019)
The Vulnerability Lab posted an advisory to warn Imperial Dabman Web radio devices of security issues within the products. The Internet of Things devices contain weak passwords, enabling local and remote attackers to compromise the Web radios' full embedded Linux BusyBox operating system. The vulnerability is located within an undocumented Telnet service (Telnetd) of the BusyBox and is turned permanently on.
The Vulnerability Lab posted an advisory to warn Imperial Dabman Web radio devices of security issues within the products. The Internet of Things devices contain weak passwords, enabling local and remote attackers to compromise the Web radios' full embedded Linux BusyBox operating system. The vulnerability is located within an undocumented Telnet service (Telnetd) of the BusyBox and is turned permanently on.
Latest Version of WordPress - 5.2.3 - Is Available (09/09/2019)
WordPress has been updated to version 5.2.3 and consists of various fixes. These include patches for seven security issues.
WordPress has been updated to version 5.2.3 and consists of various fixes. These include patches for seven security issues.
NetCAT: Another Side-Channel Attack Vulnerability Plagues Intel CPUs (09/11/2019)
Intel has warned of another side-channel attack method affecting its CPUs. The alert discusses a security vulnerability in some microprocessors with Data Direct I/O (DDIO) Technology and Remote Direct Memory Access (RDMA) that may allow partial information disclosure via adjacent access. Intel Xeon E5, E7 and SP families that support DDIO and RDMA are affected. This side-channel attack, dubbed "NetCAT," has been detailed in a white paper from a team of researchers in the Netherlands and Switzerland. At this time, the only mitigation is to disable the DDIO and RDMA, according to Intel.
Intel has warned of another side-channel attack method affecting its CPUs. The alert discusses a security vulnerability in some microprocessors with Data Direct I/O (DDIO) Technology and Remote Direct Memory Access (RDMA) that may allow partial information disclosure via adjacent access. Intel Xeon E5, E7 and SP families that support DDIO and RDMA are affected. This side-channel attack, dubbed "NetCAT," has been detailed in a white paper from a team of researchers in the Netherlands and Switzerland. At this time, the only mitigation is to disable the DDIO and RDMA, according to Intel.
SAP Addresses Vulnerabilities in Security Patch Day Release (09/11/2019)
SAP's September Security Patch Day release consists of 10 notes to mitigate vulnerabilities and issues within the vendor's product suites. One note addresses a code execution vulnerability in NetWeaver AS for Java. Three notes, all rated "Hot News" by SAP and meaning that they are highly critical fixes, are updates to previously released notes.
SAP's September Security Patch Day release consists of 10 notes to mitigate vulnerabilities and issues within the vendor's product suites. One note addresses a code execution vulnerability in NetWeaver AS for Java. Three notes, all rated "Hot News" by SAP and meaning that they are highly critical fixes, are updates to previously released notes.
September's Batch of Fixes from Microsoft Patches 80 Security Issues (09/10/2019)
Microsoft squashed about 80 vulnerabilities with its September release of security fixes for its products. The vendor remedied critical bugs in its Remote Desktop Protocol feature and two privilege escalation vulnerabilities in Windows. Another issue that Microsoft has fixed is a remote code execution in Windows that can occur if a .lnk file is present. Users are instructed to apply all updates immediately to mitigate risks and Microsoft recommends turning on automatic updates to keep products secure.
Microsoft squashed about 80 vulnerabilities with its September release of security fixes for its products. The vendor remedied critical bugs in its Remote Desktop Protocol feature and two privilege escalation vulnerabilities in Windows. Another issue that Microsoft has fixed is a remote code execution in Windows that can occur if a .lnk file is present. Users are instructed to apply all updates immediately to mitigate risks and Microsoft recommends turning on automatic updates to keep products secure.
Siemens Updates Multiple Industrial Control Systems Product Lines (09/10/2019)
Siemens released 10 advisories to address security vulnerabilities and other issues in its product lines. Among the vulnerabilities patched are a code upload bug in SIMATIC WinCC and SIMATIC PCS 7; a bug called "TCP SACK PANIC" in the kernel of the vendor's industrial products; and multiple issues in RUGGEDCOM Win.
Siemens released 10 advisories to address security vulnerabilities and other issues in its product lines. Among the vulnerabilities patched are a code upload bug in SIMATIC WinCC and SIMATIC PCS 7; a bug called "TCP SACK PANIC" in the kernel of the vendor's industrial products; and multiple issues in RUGGEDCOM Win.
Update for BD Pyxis Prevents Hackers from Accessing Medical Devices (09/09/2019)
BD Pyxis, a medication management platform, contains a vulnerability that could allow the Active Directory credentials of a previously authenticated user to gain access to the device. This could result in an attacker having the same level of privilege previously granted to a user prior to account expiration, and could allow access to patient data and medications. According to an ICS-CERT advisory, this issue has been mitigated in version 1.6.1.1.
BD Pyxis, a medication management platform, contains a vulnerability that could allow the Active Directory credentials of a previously authenticated user to gain access to the device. This could result in an attacker having the same level of privilege previously granted to a user prior to account expiration, and could allow access to patient data and medications. According to an ICS-CERT advisory, this issue has been mitigated in version 1.6.1.1.
Update Mitigates Code Execution, Other Issues in Red Lion Controls' Crimson (09/09/2019)
Multiple vulnerabilities in Red Lion Controls' Crimson, a Windows configuration software, could give an attacker the ability to execute code, crash the device, or view protected data. Red Lion Controls recommends users migrate to Crimson 3.1 release 3112.00 or later. The ICS-CERT posted an advisory detailing these issues.
Multiple vulnerabilities in Red Lion Controls' Crimson, a Windows configuration software, could give an attacker the ability to execute code, crash the device, or view protected data. Red Lion Controls recommends users migrate to Crimson 3.1 release 3112.00 or later. The ICS-CERT posted an advisory detailing these issues.
Updated Version of Exim Fixes Handshake Vulnerability (09/09/2019)
All Exim versions up to and including 4.92.1 do not properly handle peer distinguished names and Sever Name Indication during a TLS negotiation. This could allow a local or remote unauthenticated attacker to execute arbitrary code with root privileges. The vulnerability has been addressed in Exim 4.92.2. Users can consult the CERT Coordination Center advisory for further information.
All Exim versions up to and including 4.92.1 do not properly handle peer distinguished names and Sever Name Indication during a TLS negotiation. This could allow a local or remote unauthenticated attacker to execute arbitrary code with root privileges. The vulnerability has been addressed in Exim 4.92.2. Users can consult the CERT Coordination Center advisory for further information.
Vulnerabilities Unpatched in Mitsubishi Electric Europe's smartRTU and INEA ME-RTU (09/10/2019)
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a public report of vulnerabilities with proof-of-concept exploit code affecting Mitsubishi Electric Europe's smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal unit products. According to this report, there are multiple vulnerabilities that could be exploited to gain remote code execution with root privileges. CISA has notified Mitsubishi Electric Europe of the report and has asked for confirmation of the vulnerabilities and to identify mitigations.
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a public report of vulnerabilities with proof-of-concept exploit code affecting Mitsubishi Electric Europe's smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal unit products. According to this report, there are multiple vulnerabilities that could be exploited to gain remote code execution with root privileges. CISA has notified Mitsubishi Electric Europe of the report and has asked for confirmation of the vulnerabilities and to identify mitigations.