End-of-Day report
Timeframe: Donnerstag 31-10-2019 18:00 - Montag 04-11-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Windows: Schadsoftware nutzt erstmals Bluekeep-Sicherheitslücke aus
Als eine Sicherheitslücke wie Wanna Cry beschreibt Microsoft Bluekeep. Nun entdeckten Sicherheitsforscher die erste Schadsoftware, die die Lücke ausnutzt. Diese ist jedoch noch weit entfernt von dem Worst-Case-Szenario.
https://www.golem.de/news/windows-schadsoftware-nutzt-erstmals-bluekeep-sicherheitsluecke-aus-1911-144784-rss.html
Malware "QSnatch" attackiert QNAP-Netzwerkspeicher - auch in Deutschand
QSnatch hat es auch hierzulande auf NAS von QNAP abgesehen. Ob ein Firmware-Update hilft, ist unklar - durchführen sollte man es dennoch.
https://heise.de/-4573483
Android Beam erlaubt Einschleusen fremder Apps
Über NFC könnten fast unbemerkt gefährliche Apps auf Android-Geräte gelangen. Betroffen sind Android 8, 9 und 10. Es gibt Abhilfe.
https://heise.de/-4574396
Vulnerabilities
Advantech WISE-PaaS/RMM
This advisory contains mitigations for path traversal, missing authorization, improper restriction of XML external entity reference, and SQL injection vulnerabilities in Advantech-s WISE-PaaS/RMM IoT device remote monitoring and management platform.
https://www.us-cert.gov/ics/advisories/icsa-19-304-01
Honeywell equIP Series IP Cameras
This advisory contains mitigations for an improper input validation vulnerability in Honeywells equIP series IP cameras.
https://www.us-cert.gov/ics/advisories/icsa-19-304-02
Honeywell equIP and Performance Series IP Cameras
This advisory contains mitigations for a missing authentication for critical function vulnerability in Honeywells equIP series and Performance series IP cameras.
https://www.us-cert.gov/ics/advisories/icsa-19-304-03
Honeywell equIP and Performance Series IP Cameras and Recorders
This advisory contains mitigations for an authentication bypass by capture-relay vulnerability in Honeywells equIP series and Performance series IP cameras and recorders.
https://www.us-cert.gov/ics/advisories/icsa-19-304-04
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
If youre using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow [...]
https://thehackernews.com/2019/11/rConfig-network-vulnerability.html
Microsoft Office for Mac cannot properly disable XLM macros
The Microsoft Office for Mac option "Disable all macros without notification" enables XLM macros without prompting, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
https://kb.cert.org/vuls/id/125336/
Update verfügbar: MikroTik sichert Router gegen vier Schwachstellen ab
Schwachstellen in RouterOS lassen sich zu einer Exploit-Chain zusammenbauen. Gerätebesitzer sollten jetzt updaten.
https://heise.de/-4573749
Xcode: Lücken in Entwicklungsumgebung erlaubten beliebige Codeausführung
Zwei Lücken in der macOS-Entwicklungsumgebung Xcode vor Version 11.2 erlaubten die beliebige Programmcode-Ausführung - möglicherweise auch aus der Ferne.
https://heise.de/-4575632
Security updates for Friday
Security updates have been issued by CentOS (firefox, sudo, and thunderbird), Debian (libarchive and qtbase-opensource-src), Oracle (php), Red Hat (php, rh-php71-php, and rh-php72-php), Scientific Linux (firefox and php), and SUSE (kernel and samba).
https://lwn.net/Articles/803651/
Security updates for Monday
Security updates have been issued by Arch Linux (chromium and qt5-webengine), CentOS (firefox and php), Fedora (file, java-latest-openjdk, nspr, nss, php, t1utils, and webkit2gtk3), Mageia (ansible, aspell, golang, libsoup, and libxslt), openSUSE (chromium and chromium, re2), Oracle (php), and Ubuntu (apport and file).
https://lwn.net/Articles/803785/
Synology-SA-19:36 PHP
CVE-2019-11043 allows remote attackers to execute arbitrary code via a susceptible version of PHP 7.2, or PHP 7.3.
https://www.synology.com/en-global/support/security/Synology_SA_19_36
[remote] Microsoft Windows Server 2012 - Group Policy Security Feature Bypass
https://www.exploit-db.com/exploits/47559
[remote] Microsoft Windows Server 2012 - Group Policy Remote Code Execution
https://www.exploit-db.com/exploits/47558
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator (CVE-2019-4442)
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-websphere-application-server-shipped-with-ibm-cloud-orchestrator-cve-2019-4442/
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-php-cve-2019-6978-cve-2019-6977/
Security Bulletin: IBM Navigator for i is affected by CVE-2019-4450
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-affected-by-cve-2019-4450/
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libssh2
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-libssh2/
Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-tcp-sack-panic-kernel-vulnerability/
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerability-in-php/
Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Commons Beanutils (CVE-2019-10086)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-affected-by-a-vulnerability-in-apache-commons-beanutils-cve-2019-10086/
Security Bulletin: IBM Navigator for i is affected by CVE-2019-4450
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-affected-by-cve-2019-4450/
BIG-IP TMUI XSS vulnerability CVE-2019-6657
https://support.f5.com/csp/article/K22441651
BIG-IP AFM SQL injection vulnerability CVE-2019-6658
https://support.f5.com/csp/article/K21121741
Citrix Hypervisor Security Update
https://support.citrix.com/article/CTX263477