Cyber Advisors Business Blog

Cyber Advisors Security Updates May 2022

Written by Dan Sanderson | May 12, 2022 5:36:42 PM

This month is another important month for Microsoft Patch Tuesday and subscribers of our Cyber Thursday blog, with 75 vulnerabilities reported, 8 of which are considered “Critical” (RCE or LPE) vulnerabilities.


We start with 3 Zero-days, including 2 that have active exploits underway.  Do not delay getting your systems updated as several of these vulnerabilities are favorites of our Cyber Advisors penetration testers.

  • CVE-2022-26925 - Windows LSA Spoofing Vulnerability
    • Threat actors can intercept legitimate authentication requests, elevate privileges, and impersonate a Domain Controller
  • CVE-2022-22713 - Windows Hyper-V Denial of Service Vulnerability
  • CVE-2022-29972 - Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver [Azure Synapse and Azure Data Factory]

 

The other (8) 'Critical' vulnerabilities from Patch Tuesday:

  • Azure SHIR
    • Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972
  • RDC
    • Remote Desktop Client Remote Code Execution Vulnerability
  • Self-hosted Integration Runtime
    • Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver

 

Finally, there are other notable vulnerabilities from other software, vendors, technologies that should not be ignored:

  • F5 (BIG-IP)
    • We recommend to apply updates as soon as possible
    • Allows remote attackers to execute commands as 'root' without authentication

    • Interesting note: exploitation for shell dropping has been observed; if one misconfigures the appliance to 'allow default' on SelfIP then it is also vulnerable on non-management ports

    • We recommend that you apply this fix: https://support.f5.com/csp/article/K23605346

  • Cisco
    • Three flaws effecting Enterprise NFVIS Software
  • SAP
    • Remote Code Executions
  • Adobe
    • Third party patching, multiple advisories
  • SonicWALL
    • Secure Mobile Access (SMA) 1000 vulnerability

Our Recommendations:

  • Test and deploy patches to Domain Controllers to mitigate the new attack vector (NTLM Relay zero-day) related to CVE-2022-26925
  • Test and deploy Microsoft patches and fixes
  • Integrate Vulnerability Scanning and Vulnerability Management on a quarterly basis
    • These threats are mitigated with the implementation of foundational security controls (such as monitoring/logging, MFA, identity access controls, etc)
    • It is imperative to understand your critical assets to gain an understanding of risk and exposure as new vulnerabilities are constantly appearing
    • Threat actors are gaining speed on exploiting these flaws
    • Security measures and controls help gain visibility of network activity, and in the event a compromise occurs, this insight supplies the means to reduce the time of exposure while assisting in removal of persistent threats from environments
    • It is not a matter of if, it is a matter of when, therefore organizations need to be prepared to respond to a threat

 

 

References: