In this week's Security Advisory:
- Critical Solar Winds Vulnerability Under Active Exploitation
- VMware Releases Patch to Address September Vulnerability
- Proof of Concept Released Windows Server Vulnerability
- F5 Patches Privilege Escalation Vulnerability
- Microsoft Releases Details on macOS Vulnerability
- Security Updates Released for Microsoft Edge and Google Chrome Desktop Browser
On August 14th, Cybersafe sent an advisory regarding the SolarWinds Web Help Desk solution. Another critical vulnerability, CVE-2024-28987, has been published and there are reports that it is being exploited in the wild. This vulnerability allows an unauthenticated remote user to access internal resources and modify data due to hardcoded credentials. This vulnerability has since been addressed in SolarWinds Web Help Desk 12.8.3 HF 2&3. It is recommended to apply the latest hotfixes as soon as you are able.
Original Advisory:
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to execute remote code. Tracked as CVE-2024-28986, with a CVSS score of 9.8 out of 10, it could allow an attacker to run commands on a vulnerable host. Web Help Desk (WHD) is an IT help desk software.
Affected Versions
- SolarWinds Web Help Desk 12.8.3 and all previous versions.
More Reading/Information
- https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
- https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
- https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986
- https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/
VMware Releases Patch to Address September Vulnerability
VMware released a new update to a previously patched vulnerability. CVE-2024-38812 (CVSS score: 9.8), was previously addressed with a patch on September 17th, 2024, however, it was realized that the update did not fully remediate the exposure. Updated patches are now available in 8.0 U3d, 8.0 U2e, and 7.0 U3t vCenter Server versions. It is also available as an asynchronous patch for VMware Cloud Foundation versions 5.x, 5.1.x, and 4.x.
Original Advisory:
Broadcom has patched a critical security issue in its VMware vCenter Server. The vulnerability tracked as CVE-2024-38812 (CVSS score 9.8/10), allows unauthenticated attackers to execute remote code on the server if exploited. They also released a patch for a high-severity privilege escalation vulnerability, tracked as CVE-2024-38813 (CVSS score 7.5/10), that allows an attacker to gain root privileges. Broadcom stated they have not seen evidence of this being exploited in the wild.
Affected Versions
- VMware vCenter Server version 7.0 and 8.0.
- VMware Cloud Foundation 4.x and 5.x.
More Reading/Information
- https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html
- https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/
- https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Proof of Concept Released Windows Server Vulnerability
A Proof-of-Concept exploit is now publicly available for the vulnerability CVE-2024-43532. This affects the Windows Remote Registry client and could allow an attacker to take control of a Windows domain by downgrading the authentication needed. This vulnerability affects Windows servers 2008 through 2022 as well as Windows 10 and 11 OS. It was previously addressed earlier this month in Microsoft's patch Tuesday.
Original Advisory:
The October 8th release of Microsoft's patch Tuesday includes updates to one hundred eighteen (118) vulnerabilities, five (5) of which are zero days, and two (2) that are being actively exploited. Three critical vulnerabilities were addressed, all three are remote code execution vulnerabilities.
The two under active exploitation include:
CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability
More Reading/Information
- https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/
- https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/
- https://www.securityweek.com/patch-tuesday-microsoft-confirms-exploited-zero-day-in-windows-management-console/
F5 Patches Privilege Escalation Vulnerability
F5 released updates to its BIG-IP and BIG-IQ products. These updates address two vulnerabilities being tracked CVE-2024-45844 and CVE-2024-47139. The first vulnerability affects the BIG-IP product and allows an authenticated attacker to elevate their privileges and make changes to the application's configuration. The second vulnerability affects the BIG-IQ product and is an XSS bug on an undisclosed page of the user interface. An attacker would need administrative privileges to exploit this vulnerability.
Affected Versions
- BIG-IP Versions 17.1.0 - 17.1.1, 16.1.0 - 16.1.4, and 15.1.0 - 15.1.10.
- BIG-IQ version 8.2.0.
More Reading/Information
- https://my.f5.com/manage/s/article/K000141302
- https://www.securityweek.com/f5-big-ip-updates-patch-high-severity-elevation-of-privilege-vulnerability/
Microsoft Releases Details on macOS Vulnerability
Microsoft has disclosed details concerning a vulnerability in Apple's Transparency, Consent, and Control (TCC) framework in macOS. The vulnerability is tracked as CVE-2024-44133 and was recently patched in macOS Sequoia 15. The vulnerability allows an attacker to remove the TCC protection for the Safari browser and gain access to the user's data.
Affected Versions
- Mac Studio (2022 and later).
- iMac (2019 and later).
- Mac Pro (2019 and later).
- Mac Mini (2018 and later).
- MacBook Air (2020 and later).
- MacBook Pro (2018 and later).
- iMac Pro (2017 and later).
More Reading/Information
- https://support.apple.com/en-us/121238
- https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html
Security Updates Released for Microsoft Edge and Google Chrome Desktop Browser
Microsoft has released a new version of Edge which includes updates to nine new vulnerabilities. Successful exploitation of the most severe vulnerability could lead to a compromised user account, which could then lead to privilege escalation attempts. Google Chrome also released a new version to address three high severity vulnerabilities.
More Reading/Information
- https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-17-2024
- https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
