PowerShell Elevation of Privilege Vulnerability
CVE-2022-26788
Released: Apr 12, 2022
Last updated: Apr 27, 2022

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26788

PowerShell Elevation of Privilege Vulnerability.
CNA: Microsoft Corporation
Base Score: 7.8 HIGH

https://nvd.nist.gov/vuln/detail/CVE-2022-26788#vulnCurrentDescriptionTitle

1Password syncing went down for a few hours today during a database upgrade.

https://www.theverge.com/2022/4/27/23045469/1password-outage-password-manager-security-cloud-storage

QNAP warns users to disable AFP until it fixes critical bugs.

Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities.

https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-disable-afp-until-it-fixes-critical-bugs/

VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service.

https://portswigger.net/daily-swig/virustotal-debunks-claims-of-a-serious-vulnerability-in-google-owned-antivirus-service

Inyecciones de malware en el gestor de contraseñas KeePass

https://unaaldia.hispasec.com/2022/04/inyecciones-de-malware-en-el-gestor-de-contrasenas-keepass.html

Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL.

Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.

Microsoft has patched a dangerous pair of vulnerabilities in its Azure Database for PostgreSQL Flexible Server that gave attackers unauthorized cross-account access to databases in cloud hosted environments.

https://www.darkreading.com/cloud/microsoft-patches-pair-of-dangerous-vulnerabilities-in-azure-postgresql

CISCO corrige vulnerabilidades en dispositivos ASA, FTD y FMC

Fecha de publicación: 29/04/2022
Importancia: 4 - Alta

Descripción:
Cisco ha publicado varias vulnerabilidades de severidad alta de tipo denegación de servicio, desbordamiento de pila, divulgación de información, escalada de privilegios, y bypass de seguridad en la carga de archivos que afectan a dispositivos con el software ASA, FTD y FMC.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/cisco-corrige-vulnerabilidades-dispositivos-asa-ftd-y-fmc

Vulnerable plugins plague the CMS website security landscape.

https://www.zdnet.com/article/vulnerable-plugins-default-configurations-plague-the-website-security-landscape/

Atlassian: Two-week-long cloud outage impacted 775 customers.

Atlassian says that this month's two-week-long cloud outage has impacted almost double the number of customers it initially estimated after learning of the incident.

https://www.bleepingcomputer.com/news/technology/atlassian-two-week-long-cloud-outage-impacted-775-customers/

Vulnerabilidades críticas en DSM y SRM de Synology

Fecha de publicación: 03/05/2022
Importancia: 5 - Crítica

Recursos afectados:
Software para los NAS (DSM) y los rúteres (SRM):
DSM, versiones 7.1, 7.0 y 6.2;
Firmware, versión VS 2.3;
SRM, versión 1.2.

Descripción:
Synology ha publicado varias vulnerabilidades de severidad crítica que afectan al software DSM y SRM, las cuales podrían permitir a un atacante ejecutar código arbitrario u obtener información confidencial.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidades-criticas-dsm-y-srm-synology

Ejecución remota de código en switches de Aruba

Fecha de publicación: 04/05/2022
Importancia: 5 - Crítica

Descripción:
El equipo de investigación de Armis ha descubierto múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en varios dispositivos de Aruba que podría permitir a un atacante remoto la ejecución de código arbitrario en el dispositivo afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-switches-aruba

Security Advisory Description
Undisclosed requests may bypass iControl REST authentication. (CVE-2022-1388)

Impact
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

https://support.f5.com/csp/article/K23605346

K55879220: Overview of F5 vulnerabilities (May 2022)

https://support.f5.com/csp/article/K55879220

Múltiples vulnerabilidades en NFVIS de Cisco

Fecha de publicación: 05/05/2022
Importancia: 5 - Crítica

Recursos afectados:
Cisco Enterprise NFV Infrastructure Software (NFVIS), con la configuración por defecto.

Descripción:
Se han publicado 2 vulnerabilidades, una crítica y otra alta, en Cisco Enterprise NFV Infrastructure (NFVIS), que podrían permitir a un atacante pasar de la máquina virtual (VM) invitada al host, inyectar comandos como root o filtrar datos del sistema, desde el anfitrión a la máquina virtual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-nfvis-cisco

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
CVE-2022-29972

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972

May 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-May

May 2022 Microsoft Security Updates

RCE's en el reporte de mayo:

Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972

Windows LDAP Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29128
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29129
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29131
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29139

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22015

Remote Desktop Client Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017

Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019

Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270

Windows Address Book Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26926

Windows Graphics Component Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26927

Windows Network File System Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937

Microsoft SharePoint Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108

Microsoft Excel Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110

Windows Fax Service Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29115

Visual Studio Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29148
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30129

May 2022 Microsoft Security Updates
Tabla resumen.

Actualización de seguridad de SAP de mayo de 2022

Fecha de publicación: 11/05/2022
Importancia: 5 - Crítica

Recursos afectados:
SAP Business One Cloud, versión 1.1;
SAP Commerce, versiones 1905, 2005, 2105 y 2011;
SAP Customer Profitability Analytics, versión 2;
SAP Webdispatcher, versiones 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.83 y 7.85;
SAP Netweaver AS para ABAP y Java (ICM), versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, 8.04, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 y 8.04;
SAP BusinessObjects Business Intelligence Platform, versiones 420 y 430;
SAP NetWeaver Application Server para ABAP y ABAP Platform, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 y 788;
SAP Employee Self Service (Fiori My Leave Request), versión 605;
SAP Host Agent, versión 7.22.

Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-mayo-2022

Intel® NUC Firmware Advisory

Intel ID: INTEL-SA-00654
Advisory Category: Firmware
Impact of vulnerability: Escalation of Privilege
Severity rating: HIGH

Original release: 05/10/2022

Summary:
Potential security vulnerabilities in some Intel® NUCs may allow escalation of privilege.
Intel is releasing firmware updates to mitigate these potential vulnerabilities.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html

HP PC BIOS - May 2022 Security Updates

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Severity: High
HP Reference: HPSBHF03788 Rev. 2
Release date: May 10, 2022

https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788