Insights | Resources by Cybersafe Solutions

Cybersafe Solutions Security Advisory Bulletin August 16, 2024

Written by Cybersafe Solutions | Aug 16, 2024 2:00:00 PM

In this week's Security Advisory:

  • SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
  • Microsoft Warns of Six Windows Zero-Days Being Actively Exploited
  • Unpatched Microsoft Office Vulnerability can lead to Data Exposure
  • OpenVPN vulnerabilities discovered leading to RCE and LPE
  • Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
  • SAP Patches Critical Bypass Vulnerabilities
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to execute remote code. Tracked as CVE-2024-28986, with a CVSS score of 9.8 out of 10, it could allow an attacker to run commands on a vulnerable host. Web Help Desk (WHD) is an IT help desk software.

Affected Versions

  • SolarWinds Web Help Desk 12.8.3 and all previous versions

More Reading/Information

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

The August 13th edition of Microsoft's Patch Tuesday includes security updates for eighty-nine (89) flaws of which eight (8) are considered critical. The patches also address the following six (6) vulnerabilities that are under active exploitation:

•    CVE-2024-38178, CVSS score 7.5 out of 10 - Scripting Engine Memory Corruption Vulnerability
•    CVE-2024-38193, CVSS score 7.8 out of 10- Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
•    CVE-2024-38213, CVSS score 6.5 out of 10 - Windows Mark of the Web Security Feature Bypass Vulnerability
•    CVE-2024-38106, CVSS score 7.0 out of 10 - Windows Kernel Elevation of Privilege Vulnerability
•    CVE-2024-38107, CVSS score 7.8 out of 10 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
•    CVE-2024-38189, CVSS score 8.8 out of 10 - Microsoft Project Remote Code Execution Vulnerability

More Reading/Information

•    https://www.securityweek.com/microsoft-warns-of-six-windows-zero-days-being-actively-exploited/
•    https://www.bleepingcomputer.com/news/microsoft/new-windows-smartscreen-bypass-exploited-as-zero-day-since-march/
•    https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/

Unpatched Microsoft Office Vulnerability can lead to Data Exposure

Microsoft has revealed an unpatched zero-day vulnerability in Office that, if successfully exploited, could lead to the unauthorized disclosure of sensitive information to malicious actors. Tracked as CVE-2024-38200, CVSS score 7.5 out of 10, this vulnerability stems from an information disclosure weakness that allows unauthorized actors to access protected information.

Affected Versions

  • Microsoft Office 2016 for 32-bit edition and 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit and 64-bit editions
  • Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems
  • Microsoft Office 2019 for 32-bit and 64-bit editions

More Reading/Information

OpenVPN vulnerabilities discovered leading to RCE and LPE

Microsoft has revealed four medium-severity security flaws in the open-source OpenVPN software that could be combined to achieve remote code execution (RCE) and local privilege escalation (LPE). Identified as CVE-2024-27459, CVSS score 7.8, CVE-2024-24974, CVSS score of 7.5, and CVE-2024-27903, CVSS score 9.8, these vulnerabilities affect OpenVPN's openvpnserv component. Another flaw, related to the Windows TAP driver and tracked as CVE-2024-1305, could be exploited to trigger denial-of-service conditions. User authentication is needed to exploit this flaw. It is important to note that these flaws are present on the client side of OpenVPN, not the server side.

Affected Versions

  • All versions of OpenVPN prior to version 2.6.10 and 2.5.10.

More Reading/Information

•    https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-attack-openvpn-vulnerabilities-discovered-leading-to-rce-and-lpe/
•    https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
•    https://www.scmagazine.com/brief/rce-privilege-escalation-likely-with-chained-openvpn-flaws

Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution

Several vulnerabilities have been identified in Ivanti products, with the most severe potentially allowing remote code execution. Tracked as CVE-2024-75, with a CVSS score of 9.8 out of 10, this authentication bypass vulnerability could allow unauthenticated attackers to bypass  authentication on Internet-exposed vTM admin panels.

This also includes CVE-2024-7569 (CVSS score: 9.6) and CVE-2024-7570 (CVSS score: 8.3) which Ivanti has also addressed.

Affected Products:

  • Ivanti Avalanche versions prior to 6.4.4
  • Ivanti Neurons for ITSM without supplied patch.
  • Ivanti Virtual Traffic Manager prior to versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, 22.7R2

More Reading/Information

•    https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-vtm-auth-bypass-with-public-exploit/
•    https://duo.com/decipher/exploit-code-available-for-critical-ivanti-vtm-bug

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Adobe has released patches for at least seventy-two (72) security vulnerabilities across multiple products, warning that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks.

Affected Versions:

•    https://www.securityweek.com/adobe-calls-attention-to-massive-batch-of-code-execution-flaws/
   https://cybersecuritynews.com/adobe-patches-vulnerabilities/

SAP Patches Critical Bypass Vulnerabilities

SAP has released its August 2024 security patch update, addressing seventeen (17) new vulnerabilities, including two (2) critical flaws that could enable attackers to bypass authentication and fully compromise affected systems. The most severe vulnerability tracked as CVE-2024-41730, with a CVSS score of 9.8 out of 10, affects SAP BusinessObjects Business Intelligence Platform versions 430 and 440. The second critical vulnerability tracked as CVE-2024-29415, with a CVSS score of 9.1 out of 10, is a server-side request forgery flaw in applications built with SAP Build Apps versions earlier than 4.11.130.

More Reading/Information

•    https://www.bleepingcomputer.com/news/security/critical-sap-flaw-allows-remote-attackers-to-bypass-authentication/
•    https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-businessobjects-build-apps/
•    https://thecyberexpress.com/sap-update-critical-vulnerabilities-hackers/
•    https://cybersecuritynews.com/sap-hackers-bypass-authentication/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.