End-of-Day report
Timeframe: Freitag 21-02-2020 18:00 - Montag 24-02-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Windows 10 Gets Temp Fix for Critical Security Vulnerability
Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it.
https://www.bleepingcomputer.com/news/security/windows-10-gets-temp-fix-for-critical-security-vulnerability/
Celebrating Milestones (European CERT/CSIRT Report Coverage)
Celebrating a particularly significant long term milestone - our 107th National CERT/CSIRT recently signed up for Shadowservers free daily networking reporting service, which takes us to 136 countries and over 90% of the IPv4 Internet by IP space/ASN. This has finally changed our internal CERT reporting coverage map of Europe entirely green.
https://www.shadowserver.org/news/celebrating-milestones-european-cert-csirt-report-coverage/
Microsoft stellt Domaincontroller langsam auf LDAPS um
Microsoft bereitet eine Umstellung auf LDAPS im Active Directory vor. Admins sollten rechtzeitig Einstellungen und Logs prüfen, um Ausfälle zu vermeiden.
https://heise.de/-4666079
Emotet: Sicherheitsrisiko Microsoft Office 365
Dokumentiert aber wenig bekannt: Den Business-Versionen von Office 365 fehlt eine wichtige Schutzfunktion, die unter anderem Emotet-Infektionen verhindern kann.
https://heise.de/-4665197
Betrügerisches Wettbüro: sportbetting-365.com
Vorsicht vor betrügerischen Wettbüros im Internet wie sportbetting-365.com. Die Website erinnert auf den ersten Blick an zahlreiche echte Wettangebote und Online-Casinos. Bei genauerem Hinsehen fallen aber grobe Mängel auf: So gibt es beispielsweise kein Impressum. Einzahlungen funktionieren äußerst einfach, Auszahlungen hingegen sind praktisch unmöglich.
https://www.watchlist-internet.at/news/betruegerisches-wettbuero-sportbetting-365com/
Vulnerabilities
OpenSMTPD 6.6.4p1 Security Release
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.4p1
Security updates for Monday
Security updates have been issued by Debian (libpam-radius-auth, pillow, ppp, proftpd-dfsg, and python-pysaml2), Fedora (firefox, glib2, hiredis, http-parser, libuv, mingw-openjpeg2, nghttp2, nodejs, openjpeg2, python-pillow, skopeo, and webkit2gtk3), Mageia (patch, postgresql, and systemd), Red Hat (ksh, nodejs:10, openjpeg2, python-pillow, systemd, and thunderbird), and SUSE (java-1_7_1-ibm, libsolv, libzypp, zypper, pdsh, slurm_18_08, and php53).
https://lwn.net/Articles/813153/
Bugtraq: [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)
http://www.securityfocus.com/archive/1/542240
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200221-01-pcmanager-en
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v2)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-february-2020v2/
Security Bulletin: IBM Maximo Asset Management is vulnerable to Path Disclosure (CVE-2019-4745)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-path-disclosure-cve-2019-4745/
Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5481, CVE-2019-5482)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2019-5481-cve-2019-5482/
Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerablility.
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-http2-implementation-vulnerablility/
Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus (CVE-2019-12402).
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-compress-affects-ibm-spectrum-protect-plus-cve-2019-12402/
Security Bulletin: Command injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4210, CVE-2020-4213, CVE-2020-4222, CVE-2020-4212, CVE-2020-4211)
https://www.ibm.com/blogs/psirt/security-bulletin-command-injection-vulnerabilities-in-ibm-spectrum-protect-plus-cve-2020-4210-cve-2020-4213-cve-2020-4222-cve-2020-4212-cve-2020-4211/
Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Protect Plus (CVE-2019-14833, CVE-2019-14847, CVE-2019-10218)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-samba-affect-ibm-spectrum-protect-plus-cve-2019-14833-cve-2019-14847-cve-2019-10218/
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-linux-kernel-affect-ibm-spectrum-protect-plus/
Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2019-4703)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-plus-cve-2019-4703/
Security Bulletin: Multiple vulnerabilities in FasterXML Jackson-databind affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, CVE-2019-17531, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14379, CVE-2019-14439)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/
Security Bulletin: A security vulnerability has been identified in libjpeg-turbo shipped with PowerAI.
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-libjpeg-turbo-shipped-with-powerai/
HPESBGN03984 rev.1 - HPE OpenCall Media Platform (OCMP), Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03984en_us
HPESBHF03985 rev.1 - Certain HPE Servers with Intel Xeon SP-based processors, Local Disclosure of Information
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03985en_us