Tageszusammenfassung - 17.01.2022

End-of-Day report

Timeframe: Freitag 14-01-2022 18:00 - Montag 17-01-2022 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

News

Security baseline for Microsoft Edge v97

We are pleased to announce the enterprise-ready release of the security baseline for Microsoft Edge version 97! We have reviewed the settings in Microsoft Edge version 97 and updated our guidance with the addition of 1 setting. A new Microsoft Edge security baseline package was just released to the Download Center. You can download the version 97 package from the Security Compliance Toolkit.

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v97/ba-p/3062252


Log4Shell Attacks Getting "Smarter", (Mon, Jan 17th)

Ever since news of the Log4Shell vulnerability broke, we saw a stream of attacks attempting to exploit this vulnerability in log4j (CVE-2021-44228).

https://isc.sans.edu/diary/rss/28246


New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

A software bug introduced in Apple Safari 15s implementation of the IndexedDB API could be abused by a malicious website to track users online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021.

https://thehackernews.com/2022/01/new-unpatched-apple-safari-browser-bug.html


Domain Persistence - Machine Account

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a machine account could be used for establishing domain persistence. This involves either the addition of an arbitrary machine account to a high privilege group such as the domain admins or the modification of the -userAccountControl- attribute [...]

https://pentestlab.blog/2022/01/17/domain-persistence-machine-account/


"Smishing"-Masche: Weiter massenhaft Betrugs-SMS auf Handys

Wer eine SMS von unbekannt mit einem Link bekommt, sollte vorsichtig sein. Es könnte sich um eine Betrugs-SMS handeln. "Smishing" ist noch immer nicht vorbei.

https://heise.de/-6328158


Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide

The GoSecure Titan Labs team saw an opportunity to further explore the topic of hash capturing (which is a must in the arsenal of any offensive team). This blog will examine RDP security modes, how they work and how to put that into action to capture NetNTLMv2 hashes via the RDP protocol using PyRDP-a library created by GoSecure.

https://www.gosecure.net/blog/2022/01/17/capturing-rdp-netntlmv2-hashes-attack-details-and-a-technical-how-to-guide/

Vulnerabilities

Serious Security: Linux full-disk encryption bug fixed - patch now!

Imagine if someone who didnt have your password could sneakily modify data that was encrypted with it.

https://nakedsecurity.sophos.com/2022/01/14/serious-security-linux-full-disk-encryption-bug-fixed-patch-now/


Über drei Millionen PCs in Deutschland mit unsicherem Windows-System

Vor zwei Jahren stellte Microsoft den Support für Windows 7 ein. Trotzdem schaffen es viele Anwender nicht, sich von dem unsicheren System zu trennen.

https://heise.de/-6328189


Virenschutz: Microsoft Defender erleichtert Einnisten von Schädlingen

Eine kleine Schwachstelle bei Zugriffsrechten des Microsoft Defender unter Windows 10 ermöglicht Angreifern, Malware vor Scans zu verstecken.

https://heise.de/-6329300


Security updates for Monday

Security updates have been issued by Debian (chromium, firefox-esr, ghostscript, libreswan, prosody, sphinxsearch, thunderbird, and uriparser), Fedora (cryptsetup, flatpak, kernel, mingw-uriparser, python-celery, python-kombu, and uriparser), Mageia (htmldoc, mbedtls, openexr, perl-CPAN, systemd, thunderbird, and vim), openSUSE (chromium and prosody), Red Hat (httpd, kernel, and samba), Scientific Linux (kernel), Slackware (expat), SUSE (ghostscript), and Ubuntu (pillow).

https://lwn.net/Articles/881545/


Oracle to Release Nearly 500 New Security Patches

Oracle is preparing the release of nearly 500 new security patches with its Critical Patch Update (CPU) for January 2022.

https://www.securityweek.com/oracle-release-nearly-500-new-security-patches


Microsoft Januar 2022 Patchday-Revisionen (14.1.2022)

Zum 11. Januar 2022 hat Microsoft eine Reihe Sicherheitsupdates für Windows und Office freigegeben, die Schwachstellen beseitigen sollen. Einige dieser Updates führten aber zu Problemen, so dass Funktionen in Windows gestört wurden. Am 14. Januar 2022 hat Microsoft eine Liste [...]

https://www.borncity.com/blog/2022/01/17/microsoft-januar-2022-patchday-revisionen-14-1-2022/


ZDI-22-081: TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-22-081/


ZDI-22-080: TP-Link Archer C90 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-22-080/


OpenBMCS 2.4 Secrets Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php


OpenBMCS 2.4 Unauthenticated SSRF / RFI

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php


OpenBMCS 2.4 Create Admin / Remote Privilege Escalation

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5693.php


IBM Security Bulletins

https://www.ibm.com/blogs/psirt/


Pepperl+Fuchs: Multiple DTM and VisuNet Software affected by log4net vulnerability (UPDATE A)

https://cert.vde.com/de/advisories/VDE-2021-041/


GNU libc: Mehrere Schwachstellen ermöglichen Codeausführung und Denial of Service

https://www.cert-bund.de/advisoryshort/CB-K22-0054


Stored Cross-Site Scripting Schwachstelle in Typo3 Extension "femanager"

https://sec-consult.com/de/vulnerability-lab/advisory/stored-cross-site-scripting-schwachstelle-in-typo3-extension-femanager/