Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected.

An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s Security Advisory and apply the necessary mitigations until patches are made available.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/microsoft-releases-guidance-zero-day-vulnerabilities-microsoft

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/

Cisco Releases Security Updates for Multiple Products

Original release date: September 30, 2022

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the advisories and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisco-releases-security-updates-multiple-products

Drupal Releases Security Update

Original release date: September 30, 2022

Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories.

CISA encourages users and administrators to review Drupal’s security advisory SA-CORE-2022-016 and apply the necessary update.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/drupal-releases-security-update

Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41040

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-41082

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082

Cisco Releases Security Updates for Multiple Products
Original release date: October 06, 2022

https://www.cisa.gov/uscert/ncas/current-activity/2022/10/06/cisco-releases-security-updates-multiple-products

VMSA-2022-0025
CVSSv3 Range: 3.8-7.2
Issue Date: 2022-10-06
CVE(s): CVE-2022-31680, CVE-2022-31681

Synopsis:
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)

Impacted Products
VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

https://www.vmware.com/security/advisories/VMSA-2022-0025.html

Múltiples vulnerabilidades en GLPI

Fecha de publicación: 07/10/2022
Identificador: INCIBE-2022-0956
Importancia: 5 - Crítica

Recursos afectados:
GLPI, versiones anteriores a 9.5.9 o 10.0.3.

Descripción:
Se han identificados 2 vulnerabilidades de severidad crítica en GLPI, una de ellas en la librería de terceros HTMLAWED usada por GLPI, cuyas explotaciones podrían permitir a un atacante realizar inyección SQL y ejecución remota de código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-glpi

Vulnerabilidad 0day de RCE en Zimbra Collaboration Suite

Fecha de publicación: 07/10/2022
Identificador: INCIBE-2022-0957
Importancia: 5 - Crítica

Recursos afectados:
Zimbra Collaboration Suite (ZCS), versiones 8.8.15 y 9.0 en las distribuciones de Linux:
Oracle Linux 8,
Red Hat Enterprise Linux 8,
Rocky Linux 8,
CentOS 8.

Descripción:
Rapid7 ha reportado una vulnerabilidad 0day de ejecución remota de código (RCE) en Zimbra Collaboration Suite (ZCS), que surge del uso inseguro de la utilidad cpio para analizar los correos electrónicos entrantes, específicamente del uso del motor antivirus de Zimbra (Amavis) en dicha utilidad.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-0day-rce-zimbra-collaboration-suite

Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.

On October 7, public reports began to circulate that Fortinet communicated directly with customers about a critical vulnerability in its FortiOS and FortiProxy products. This vulnerability, CVE-2022-40684, has been patched, but Fortinet has not released a full advisory yet via its Product Security Incident Response Team.


https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy

https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/289806/resolved-issues

VMSA-2021-0025.4

CVSSv3 Range: 7.1
Issue Date: 2021-11-10
Updated On: 2022-10-11
CVE(s):CVE-2021-22048

Synopsis:
VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

Impacted Products
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

https://www.vmware.com/security/advisories/VMSA-2021-0025.html

October 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct

Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
CVE-2022-37968

CVSS:3.1 10.0 / 8.7

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37968

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe Security Bulletins and apply the necessary updates.
• Adobe Cold Fusion APSB22-44
• Adobe Acrobat and Reader APSB22-46
• Adobe Commerce and Magneto Open Source APSB22-48
• Adobe Dimension APSB22-57

https://www.cisa.gov/uscert/ncas/current-activity/2022/10/11/adobe-releases-security-updates-multiple-products

Aruba fixes critical vulnerabilities in EdgeConnect Enterprise Orchestrator.

https://securityaffairs.co/wordpress/137000/security/aruba-edgeconnect-flaws.html

Active Directory Certificate Services Elevation of Privilege Vulnerability

CVE-2022-37976
CVSS: 8.8

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976

ICS Advisory (ICSA-22-291-01)

EXECUTIVE SUMMARY
CVSS v3: 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Advantech
Equipment: R-SeeNet
Vulnerabilities: Path Traversal, Stack-based Buffer Overflow

RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01

RCE en la librería Apache Commons Text
Fecha de publicación: 18/10/2022
Identificador: INCIBE-2022-0975
Importancia: 5 - Crítica

Recursos afectados:
Apache Commons Text, desde la versión 1.5 hasta la 1.9, ambas incluidas.

Descripción:
Apache ha publicado una vulnerabilidad en su librería Apache Commons Text que podría permitir a un atacante remoto ejecutar código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/rce-libreria-apache-commons-text

Actualización de seguridad 6.0.3 para WordPress

Fecha de publicación: 18/10/2022
Identificador: INCIBE-2022-0974
Importancia: 4 - Alta

Recursos afectados:
WordPress, versiones anteriores a 6.0.3.

Descripción:
Se ha publicado la última versión de WordPress que contiene correciones de seguridad.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-603-wordpress

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1

https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/