Cybersafe Solutions Security Advisory Bulletin January 24, 2025

In this week's Security Advisory:

• Oracle Releases January Critical Patch Update
• High Severity 7-zip Vulnerability Allows for Remote Code Execution
• SimpleHelp Remote Access Vulnerability Can Lead to Privilege Escalation
• Zoom releases Multiple Security Updates

Oracle released patches for three hundred and eighteen vulnerabilities in multiple products on Tuesday. One hundred and eighty (180) of these can be exploited remotely without authentication. A total of 30 were critical severity vulnerabilities. The most severe of all the vulnerabilities is CVE-2025-21556 (CVSS 9.9/10) which affects Agile Product Lifecycle Management by allowing an attacker to seize control over vulnerable instances.

Affected Versions

• A full list of affected versions can be found here

More Reading/Information

• https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html
• https://www.securityweek.com/oracle-patches-200-vulnerabilities-with-january-2025-cpu/

High Severity 7-zip Vulnerability Allows for Remote Code Execution

A high-severity 7-zip vulnerability, CVE-2025-0411 (CVSS 7/10), was released over the weekend. The vulnerability allows an attacker to bypass the Windows Mark of the Web Security feature, which is designed to identify files downloaded from unverified sources and flag them to restrict execution. By bypassing this feature, users would not be warned that a file extracted from 7-zip is malicious, and an attacker would be able to remotely execute code on the user's device.

Affected Versions

• 7-zip versions before 24.09.

More Reading/Information

• https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/
• https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code-2/

SimpleHelp Remote Access Vulnerabilities Can Lead to Privilege Escalation

SimpleHelp is a remote support software that allows an IT staff to remotely access user workstations without the user's interactions. The most critical vulnerability CVE-2024-57726 (CVSS 9.9/10), allows an attacker with technician access to elevate themselves to an admin role. These attackers can then interact with user machines if unattended access is configured. Two other high-severity vulnerabilities were also fixed in the released patch, CVE-2024-57727 (CVSS 7.5/10) and CVE-2024-57728 (CVSS 7.2/10).

Affected Versions

• Version 5.5.7 and earlier.

More Reading/Information

• https://simple-help.com/kb---security-vulnerabilities-01-2025#steps-to-secure-simplehelp
• https://www.securityweek.com/vulnerabilities-in-simplehelp-remote-access-software-may-lead-to-system-compromise/

Zoom Releases Multiple Security Updates

Zoom has released updates for its workplace apps and Jenkins plugins. The highest severity vulnerability, CVE-2025-0147 (CVSS 8.8/10) affects the Workplace app for Linux. The vulnerability allows an authorized user to escalate their privileges via network access. The bulletin also has three (3) medium and two (2) low-severity vulnerabilities as well.

Affected Versions

• A full list of affected versions can be found here

More Reading/Information

• https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US
• https://cybersecuritynews.com/zoom-matches-multiple-vulnerabilities/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.