End-of-Day report
Timeframe: Mittwoch 08-03-2023 18:00 - Donnerstag 09-03-2023 18:00
Handler: Robert Waldner
Co-Handler: Michael Schlagenhaufer
News
Microsoft Word RCE-Lücke könnte auch Microsoft Outlook betreffen
Laut einem Bericht bei borncity könnte die mit dem Februar-Patchday gefixte Remote Code Execution - Lücke in Microsoft Word auch Microsoft Outlook (zumindest 2013) betreffen - auch wenn die Februar-Patches eingespielt wurden. Noch sind nicht alle Details dazu klar, wir raten Outlook-Nutzer:innen momentan aber trotzdem dringend dazu die Empfehlungen von Microsoft dazu umzusetzen, und Outlook so zu konfigurieren, dass Mails als reiner Text dargestellt werden.
https://cert.at/de/aktuelles/2023/3/microsoft-word-rce-lucke-konnte-auch-microsoft-outlook-betreffen
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world.
https://thehackernews.com/2023/03/icefire-linux-ransomware.html
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.
https://thehackernews.com/2023/03/hackers-exploiting-remote-desktop.html
Vulnerabilities
Drupal: Gutenberg - Less critical - Denial of Service - SA-CONTRIB-2023-009
This vulnerability is mitigated by the fact an attacker must have "use gutenberg" permission to exploit it. If you use the Gutenberg module versions 8.x-2.x, upgrade to Gutenberg 8.x-2.7
https://www.drupal.org/sa-contrib-2023-009
Oracle Database Vault Protected Table With Realm Data Extraction Vulnerability
This security issue is fixed from 21c on-wards [ I think back-port patch was released in October 2022 CPU cycle]. Still Exists in 19c (so far from version 19.18 and below). DB Vault is a security feature in Oracle that attempts to restrict -SYS- account power , in addition DB Vault will ensure seperation of duties in place such as account management and authorization can-t be performed by the DBA through SYS account anymore.
https://databasesecurityninja.wordpress.com/2023/03/07/oracle-database-vault-protected-table-with-realm-data-extraction-vulnerability/
Ivanti Avalanche: Security Alert - CVE-2022-44574 - Authentication Bypass for Remote Control RCServlet
This vulnerability enables an attacker to overwrite credentials which gives access to a Web Panel. This vulnerability affects all Avalanche Premise versions 6.3.x and below. This vulnerability has a CVE score of 6.5.
https://forums.ivanti.com/s/article/Avalanche-ZDI-CAN-19513-Security-Advisory?language=en_US
Foxit PDF Editor: Lücken erlauben einschleusen von Schadcode
Sicherheitslücken in Foxit PDF Editor ermöglichen Angreifern, mit manipulierten PDF-Dateien Schadcode einzuschmuggeln und auszuführen. Ein Update steht bereit.
https://heise.de/-7540068
Home Assistant: Sicherheitslücke entdeckt und geschlossen
Wer den Home Assistant mit Supervisor benutzt, sollte sein System jetzt aktualisieren. Ansonsten könnten Eindringlinge sich daran zu schaffen machen.
https://heise.de/-7540500
Security updates for Thursday
Security updates have been issued by CentOS (kernel, pesign, samba, and zlib), Oracle (kernel), Slackware (httpd), SUSE (emacs, libxslt, nodejs12, nodejs14, nodejs16, openssl, poppler, python-py, python-wheel, xen, and xorg-x11-server), and Ubuntu (linux-gcp-5.4, linux-gkeop, opusfile, and samba).
https://lwn.net/Articles/925723/
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
https://www.ibm.com/support/pages/node/6551876
IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
https://www.ibm.com/support/pages/node/6962195
Docker based datastores for IBM Instana do not currently require authentication
https://www.ibm.com/support/pages/node/6959969
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
https://www.ibm.com/support/pages/node/6962201
A vulnerability exists in IBM Robotic Process Automation where Queue Provider credentials are not obfuscated during editing (CVE-2023-25680)
https://www.ibm.com/support/pages/node/6962207
IBM Robotic Process Automation for Cloud Pak may be vulnerable to a denial of service due to ISC BIND (CVE-2022-38177, CVE-2022-38178).
https://www.ibm.com/support/pages/node/6962223
Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-44228)
https://www.ibm.com/support/pages/node/6536732
Multiple Vulnerabilities in IBM HTTP Server affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On
https://www.ibm.com/support/pages/node/6962383
Multiple Vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
https://www.ibm.com/support/pages/node/6962407
June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition
https://www.ibm.com/support/pages/node/6962411
z\/Transaction Processing Facility is affected by vulnerabilities in the Apache Kafka (kafka-clients) and cryptography packages
https://www.ibm.com/support/pages/node/6962437
IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
https://www.ibm.com/support/pages/node/6962195
IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions (CVE-2022-46774)
https://www.ibm.com/support/pages/node/6962455