This month is another important month for Microsoft Patch Tuesday and subscribers of our Cyber Thursday blog, with 75 vulnerabilities reported, 8 of which are considered “Critical” (RCE or LPE) vulnerabilities.
We start with 3 Zero-days, including 2 that have active exploits underway. Do not delay getting your systems updated as several of these vulnerabilities are favorites of our Cyber Advisors penetration testers.
- CVE-2022-26925 - Windows LSA Spoofing Vulnerability
- Threat actors can intercept legitimate authentication requests, elevate privileges, and impersonate a Domain Controller
- CVE-2022-22713 - Windows Hyper-V Denial of Service Vulnerability
- CVE-2022-29972 - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver [Azure Synapse and Azure Data Factory]
The other (8) 'Critical' vulnerabilities from Patch Tuesday:
- Azure SHIR
- Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972
- RDC
- Remote Desktop Client Remote Code Execution Vulnerability
- Self-hosted Integration Runtime
- Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
Finally, there are other notable vulnerabilities from other software, vendors, technologies that should not be ignored:
- F5 (BIG-IP)
- We recommend to apply updates as soon as possible
- Allows remote attackers to execute commands as 'root' without authentication
- Interesting note: exploitation for shell dropping has been observed; if one misconfigures the appliance to 'allow default' on SelfIP then it is also vulnerable on non-management ports
- We recommend that you apply this fix: https://support.f5.com/csp/article/K23605346
- Cisco
- Three flaws effecting Enterprise NFVIS Software
- SAP
- Adobe
- Third party patching, multiple advisories
- SonicWALL
- Secure Mobile Access (SMA) 1000 vulnerability
Our Recommendations:
- Test and deploy patches to Domain Controllers to mitigate the new attack vector (NTLM Relay zero-day) related to CVE-2022-26925
- Test and deploy Microsoft patches and fixes
- Integrate Vulnerability Scanning and Vulnerability Management on a quarterly basis
- These threats are mitigated with the implementation of foundational security controls (such as monitoring/logging, MFA, identity access controls, etc)
- It is imperative to understand your critical assets to gain an understanding of risk and exposure as new vulnerabilities are constantly appearing
- Threat actors are gaining speed on exploiting these flaws
- Security measures and controls help gain visibility of network activity, and in the event a compromise occurs, this insight supplies the means to reduce the time of exposure while assisting in removal of persistent threats from environments
- It is not a matter of if, it is a matter of when, therefore organizations need to be prepared to respond to a threat
References: