Microsoft’s July Update Patches 143 Flaws, Including Two Actively Exploited
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild.
Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser over the past month.
The two security shortcomings that have come under exploitation are below –
- CVE-2024-38080 (CVSS score: 7.8) – Windows Hyper-V Elevation of Privilege Vulnerability
- CVE-2024-38112 (CVSS score: 7.5) – Windows MSHTML Platform Spoofing Vulnerability
“Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment,” Microsoft said of CVE-2024-38112. “An attacker would have to send the victim a malicious file that the victim would have to execute.”
Check Point security researcher Haifei Li, who has been credited with discovering and reporting the flaw in May 2024, said that threat actors are leveraging specially-crafted Windows Internet Shortcut files (.URL) that, upon clicking, redirect victims to a malicious URL by invoking the retired Internet Explorer (IE) browser.
Source: The hacker news / Bleeping computer / Krebs on security / Dark reading / Securityweek / CISCO Talos intelligence group / Helpnet security / SANS internet storm center
Link: https://thehackernews.com/2024/07/microsofts-july-update-patches-143.html
Link: https://krebsonsecurity.com/2024/07/microsoft-patch-tuesday-july-2024-edition/
Link: https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/
Link: https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2024/
Link: https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.
“Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition,” the company said in an advisory. “Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.”
The flaw impacts all versions of Expedition prior to version 1.2.92, which remediates the problem. Synopsys Cybersecurity Research Center’s (CyRC) Brian Hysell has been credited with discovering and reporting the issue.
While there is no evidence that the vulnerability has been exploited in the wild, users are advised to update to the latest version to secure against potential threats.
As workarounds, Palo Alto Networks is recommending that network access to Expedition is restricted to authorized users, hosts, or networks.
Source: The hacker news / Securityweek
Link: https://thehackernews.com/2024/07/palo-alto-networks-patches-critical.html
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user.
Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.
“An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to 17.0.4, and 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances,” the company said in a Wednesday advisory.
It’s worth noting that the company patched a similar bug late last month (CVE-2024-5655, CVSS score: 9.6) that could also be weaponized to run pipelines as other users.
Source: The hacker news / Bleeping computer / Dark reading / Securityweek / GitLab security release
Link: https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html
Link: https://www.securityweek.com/gitlab-ships-update-for-critical-pipeline-execution-vulnerability/
Link: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users’ inboxes.
The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98.
“Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users,” according to a description shared on the U.S. National Vulnerability Database (NVD).
Source: The hacker news / Bleeping computer / Securityweek
Link: https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html
RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances.
“The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks,” InkBridge Networks CEO Alan DeKok, who is the creator of the FreeRADIUS Project, said in a statement.
“As a result, an attacker can modify these packets without detection. The attacker would be able to force any user to authenticate, and to give any authorization (VLAN, etc.) to that user.”
RADIUS, short for Remote Authentication Dial-In User Service, is a client/server protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.
Source: The hacker news / Bleeping computer / Carnegie Mellon university CERT / InkBridge networks FAQ
Link: https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html
Link: https://kb.cert.org/vuls/id/456537
Link: https://www.inkbridgenetworks.com/blastradius/faq
Impact of data breaches is fueling scam campaigns
Over the years, data breaches have played a pivotal role in facilitating various forms of cyber-attacks. Adversaries are leveraging on stolen data to execute more sophisticated and damaging attacks to materialize their malicious intents. The significance of data breaches extends far beyond the immediate loss of data with the implications for security, reputation and financial stability of individuals and organizations.
Source: CISCO Talos intelligence group
Link: https://blog.talosintelligence.com/data-breaches-fueling-scam-campaigns/