End-of-Day report
Timeframe: Freitag 12-03-2021 18:30 - Montag 15-03-2021 18:30
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Protecting on-premises Exchange Servers against recent attacks
While Microsoft has regular methods for providing tools to update software, this extraordinary situation calls for a heightened approach. In addition to our regular software updates, we are also providing specific updates for older and out-of-support software with the intent to make it as easy as possible to quickly protect your business.
https://www.microsoft.com/security/blog/2021/03/12/protecting-on-premises-exchange-servers-against-recent-attacks/
Update verfügbar!
Zum internationalen Weltverbrauchertag gibt das BSI Informationen und Hinweise zur einfachen und automatischen Installation von Software-Aktualisierungen.
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Weltverbrauchertag_150321.html
Research: Security Agencies Expose Information via Improperly Sanitized PDFs
Most security agencies fail to properly sanitize Portable Document Format (PDF) files before publishing them, thus exposing potentially sensitive information and opening the door for attacks, researchers have discovered. read more
https://www.securityweek.com/research-security-agencies-expose-information-improperly-sanitized-pdfs
Vulnerabilities
Three Flaws in the Linux Kernel Since 2006 Could Grant Root Privileges
"Three recently unearthed vulnerabilities in the Linux kernel, located in the iSCSI module used for accessing shared data storage facilities, could allow root privileges to anyone with a user account," reports SC Media: "If you already had execution on a box, either because you have a user account on the machine, or youve compromised some service that doesnt have repaired permissions, you can do whatever you want basically," said Adam Nichols, [...]
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/d0iuqi9zTtI/three-flaws-in-the-linux-kernel-since-2006-could-grant-root-privileges
Sicherheitsupdate: Angreifer nehmen erneut Google Chrome ins Visier
Die Chrome-Entwickler haben im Webbrowser fünf Sicherheitslücken geschlossen. Eine Schwachstellen sollen Angreifer derzeit ausnutzen.
https://heise.de/-5987831
Security updates for Monday
Security updates have been issued by Debian (ca-certificates, flatpak, golang-1.7, golang-1.8, mupdf, pygments, and tiff), Fedora (containerd, golang-github-containerd-cri, mingw-gdk-pixbuf, mingw-glib2, mingw-jasper, mingw-python-jinja2, mingw-python-pillow, mingw-python3, python-django, python-pillow, and python2-pillow), Mageia (git, mediainfo, netty, python-django, and quartz), openSUSE (crmsh, git, glib2, kernel-firmware, openldap2, stunnel, and wpa_supplicant), Oracle (qemu), Red Hat [...]
https://lwn.net/Articles/849406/
GnuTLS: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-0273
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Apr 2020 CPU (CVE-2020-2773)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-apr-2020-cpu-cve-2020-2773/
Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025-3/
Security Bulletin: Streams Flows might be affected by some underlying Node.js vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-streams-flows-might-be-affected-by-some-underlying-node-js-vulnerabilities/
Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to a denial of service vulnerability (CVE-2020-1971)
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Oct 2020 CPU (CVE-2020-14781)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-oct-2020-cpu-cve-2020-14781/
Security Bulletin: IBM Security Guardium is affected by an Execution with Unnecessary Privileges vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-execution-with-unnecessary-privileges-vulnerability/
Security Bulletin: IBM InfoSphere Information Server is affected by a cross-site scripting vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-cross-site-scripting-vulnerability-4/
Security Bulletin: Vulnerability in IBM Java Runtime Environment affects installation and uninstallation of IBM Spectrum Protect for Enterprise Resource Planning on AIX and Linux (CVE-2020-27221)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-environment-affects-installation-and-uninstallation-of-ibm-spectrum-protect-for-enterprise-resource-planning-on-aix-and-linux-cve-2020-27221/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2020 CPU (CVE-2020-14781)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2020-cpu-cve-2020-14781/
Security Bulletin: IBM API Connect's API Manager is vulnerable to invitation and registration link tampering (CVE-2021-20440)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-api-manager-is-vulnerable-to-invitation-and-registration-link-tampering-cve-2021-20440/
Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nx-os-firmware-used-by-ibm-c-type-san-directors-and-switches-3/
Security Bulletin: IBM Security Privileged Identity Manager is affected by a code execution vulnerability (CVE-2020-4448)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-a-code-execution-vulnerability-cve-2020-4448/
Security Bulletin: IBM Security Privileged Identity Manager is affected by remote code execution (CVE-2020-4450)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-remote-code-execution-cve-2020-4450/