Beyond Information Security

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft’s latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days.

12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week.

Also separately addressed in Microsoft Edge at the start of the month is an actively exploited flaw in Chromium-based browsers (CVE-2022-3723) that was plugged by Google as part of an out-of-band update late last month.

“The big news is that two older zero-day CVEs affecting Exchange Server, made public at the end of September, have finally been fixed,” Greg Wiseman, product manager at Rapid7, said in a statement shared with The Hacker News.

Source: The hacker news / Bleeping computer / Krebs on security / Securityweek / CISCO Talos intelligence group / SANS internet storm center / Microsoft Security Response Center blog

Link: https://thehackernews.com/2022/11/install-latest-windows-update-asap.html

Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-proxynotshell-exchange-zero-days-exploited-in-attacks/

Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2022-patch-tuesday-fixes-6-exploited-zero-days-68-flaws/

Link: https://krebsonsecurity.com/2022/11/patch-tuesday-november-2022-election-edition/

Link: https://www.securityweek.com/microsoft-patches-motw-zero-day-exploited-malware-delivery

Link: https://blog.talosintelligence.com/microsoft-patch-tuesday-for-november-2022/

Link: https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230

Link: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions.

Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system.

CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application.

Source: The hacker news / Bleeping computer / Securityweek / VMware advisory

Link: https://thehackernews.com/2022/11/vmware-warns-of-3-new-critical-flaws.html

Link: https://www.bleepingcomputer.com/news/security/vmware-fixes-three-critical-auth-bypass-bugs-in-remote-access-tool/

Link: https://www.securityweek.com/gaping-authentication-bypass-holes-vmware-workspace-one

Link: https://www.vmware.com/security/advisories/VMSA-2022-0028.html

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems.

Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations.

  • CVE-2022-27510 – Unauthorized access to Gateway user capabilities
  • CVE-2022-27513 – Remote desktop takeover via phishing
  • CVE-2022-27516 – User login brute-force protection functionality bypass

The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws –

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
  • Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
  • Citrix ADC 12.1-FIPS before 12.1-55.289
  • Citrix ADC 12.1-NDcPP before 12.1-55.289

Source: The hacker news / Bleeping computer / Dark reading / Securityweek / Citriy security bulletin

Link: https://thehackernews.com/2022/11/citrix-issues-patches-for-critical-flaw.html

Link: https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-critical-adc-gateway-auth-bypass/

Link: https://www.darkreading.com/vulnerabilities-threats/patch-asap-critical-citrix-vmware-bugs-remote-workspaces-takeover

Link: https://www.securityweek.com/citrix-patches-critical-vulnerability-gateway-adc

Link: https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516

Threat Source newsletter (Nov. 10, 2022): Vulnerability research, movies in class, and Emotet once again

Welcome to this week’s edition of the Threat Source newsletter. Tuesday was an absolute hammer for the infosec community. Not only did we have the US elections but we had Emotet returning and a regular Microsoft Tuesday release.

Source: CISCO Talos intelligence group

Link: https://blog.talosintelligence.com/threat-source-newsletter-oct-10-2022/

Privacy Policy Settings

We use cookies, which are necessary for the basic functions of the website. A cookie is a text file that is used to save settings on your computer. Cookies do not cause any damage to your computer.

Privacy Policy | Imprint