Tag Archive for: tuesday

For March’s Patch Tuesday, no zero-day flaws


Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they’re just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

Known issues

Each month, Microsoft publishes a list of known issues that relate to the operating system and platforms included in the latest update cycle; for March, there are two minor issues reported:

  • Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or see other icon alignment issues when attempting to use Copilot in Windows. Microsoft is still working on the issue.
  • For Exchange Server, Microsoft published an advisory note: after you install the latest security update there is no longer support for the Oracle OutsideIn Technology (OIT) or OutsideInModule. For more information, see this service update.

February was not a great month for how Microsoft communicated updates and revisions. With March being an exceptionally light month for reported “known issues” for desktop and server platforms, our team found no documentation issues. Good job Microsoft!

Major revisions

This month, Microsoft published the following major revisions to past security and feature updates including:

  • CVE-2024-2173, CVE-2024-2174, and CVE-2024-2176: Chromium: CVE-2024-2173 Out of bounds memory access in V8. These updates relate to recent security patches for the Chromium browser project at Microsoft. No further action required.

Mitigations and workarounds

Microsoft released these vulnerability-related mitigations for this month’s release cycle: 

  • CVE-2023-28746 Register File Data Sampling (RFDS). We are not certain how to categorize this update from Intel, as it relates to a hardware issue with certain Intel chipsets. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows update enables this third-party firmware-based mitigation. More information can be…

Source…

Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities


Microsoft has released a substantial set of patches in its February 2024 Patch Tuesday. This update is particularly significant as it addresses a total of 73 vulnerabilities, which includes two zero-day exploits that have been detected in active use by cyber criminals. Among the vulnerabilities patched, five have been classified as critical due to their potential to cause serious harm, such as denial of service, remote code execution, information disclosure and elevation of privileges. Read on for more details.  

What are the zero-days mentioned in Microsoft’s February 2024 Patch Tuesday?  

The two zero-day vulnerabilities that have been actively exploited are particularly concerning: 

  • CVE-2024-21351: This is a Windows SmartScreen bypass vulnerability. SmartScreen is designed to warn users about running unrecognized applications that could potentially be harmful. The exploitation of this vulnerability could lead to unauthorized data exposure or render systems unavailable. 
  • CVE-2024-21412: This vulnerability is a security feature bypass flaw. It allows attackers to carry out their attacks without triggering the security checks that are in place to prevent such incidents. 

The implications of these vulnerabilities are severe, as they can be used to compromise user data, disrupt business operations and gain unauthorized access to sensitive information. The complete list of resolved vulnerabilities in the February 2024 Patch Tuesday updates can be viewed in the full report. 

What is Nuspire doing? 

In response to these updates, Nuspire has taken immediate action by applying the patches as recommended by the vendor. In addition to patching, Nuspire’s security team is actively threat hunting within client environments to detect any signs of compromise that might indicate the exploitation of these vulnerabilities. 

What should I do? 

It is crucial for organizations to take proactive measures to protect their systems and data from these vulnerabilities. Here are the recommended steps: 

  • Prioritize Patching: Given the active exploitation of the two zero-days, organizations should prioritize patching these vulnerabilities. The sooner these patches are applied, the less…

Source…

Week in review: Patch Tuesday forecast, 9 free ransomware guides, Cybertech Europe 2023


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Photos: Cybertech Europe 2023
The Cybertech Europe conference and exhibition takes place at La Nuvola Convention Center in Rome, and features the latest innovative solutions from dozens of companies and speakers, including senior government officials, C-level executives, and industry trailblazers from Europe and around the world.

Cybertech Europe 2023 video walkthrough
In this Help Net Security video, we take you inside Cybertech Europe 2023 at La Nuvola Convention Center in Rome.

Securing GitHub Actions for a safer DevOps pipeline
In this Help Net Security interview, Varun Sharma, CEO at StepSecurity, talks about misconceptions about the security of GitHub Actions, the potential risks of using third-party actions, recommended best practices for using GitHub Actions securely, and more.

CISO’s compass: Mastering tech, inspiring teams, and confronting risk
In this Help Net Security interview, Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and challenges they face.

Tackling cyber risks head-on using security questionnaires
In this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments and accountability across all participants in the technology supply chain, fostering trust and safeguarding sensitive data.

Chalk: Open-source software security and infrastructure visibility tool
Chalk is a free, open-source tool that helps improve software security.

Critical zero-days in Exim revealed, only 3 have been fixed
Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday.

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)
A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches.

Amazon: AWS root accounts must have MFA enabled
Amazon wants to make…

Source…

Microsoft Fixes Six Zero-Days This Patch Tuesday


Microsoft issued a record-breaking 132 new fixes for vulnerabilities this month and detailed six zero-day bugs, including one being actively exploited in attacks against NATO members.

Of the massive haul, nine CVEs were rated “critical,” 37 were remote code execution (RCE) flaws and 33 were elevation of privilege bugs.

Read more on zero-day flaws: Microsoft Fixes Zero-Day Bug This Patch Tuesday

All six of the zero-days are being actively exploited in the wild, with one publicly disclosed. The latter is CVE-2023-36884, an RCE vulnerability impacting Office and Windows HTML. Microsoft warned that it is being used to target organizations attending the NATO summit this week with ransomware and espionage attacks using the RomCom backdoor.

There’s no patch for the vulnerability this month, but Microsoft released mitigations and promised a fix soon.

Another priority for organizations should be CVE-2023-35311: a Microsoft Outlook security feature bypass bug which uses a network attack vector with low attack complexity that requires user interaction but not elevated privileges.

“It’s important to note that this vulnerability specifically allows bypassing Microsoft Outlook security features and does not enable remote code execution or privilege escalation,” explained Action1 co-founder, Mike Walters.

“Therefore, attackers are likely to combine it with other exploits for a comprehensive attack. The vulnerability affects all versions of Microsoft Outlook from 2013 onwards.”

The other zero-day flaws are:

  • CVE-2023-32046: a Windows MSHTML Platform elevation of privilege vulnerability
  • CVE-2023-32049: a Windows SmartScreen security feature bypass vulnerability
  • CVE-2023-36874: a Windows Error Reporting Service elevation of privilege vulnerability
  • ADV230001: new guidance on Microsoft Signed Drivers being used maliciously

On the latter guidance, Ivanti VP of security products, Chris Goettl, explained that several developer accounts for the Microsoft Partner Center (MPC) were discovered submitting malicious drivers to obtain a Microsoft signature.

“All the developer accounts involved in this incident were immediately suspended. Microsoft has released Window security…

Source…