CVE-2021-22797

Read Time:24 Second

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)

Read More

CVE-2021-22795

Read Time:12 Second

A CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

Read More

CVE-2021-22794

Read Time:10 Second

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

Read More

CVE-2019-6834

Read Time:17 Second

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)

Read More

CVE-2015-20107

Read Time:15 Second

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).

Read More

USN-5378-4: Gzip vulnerability

Read Time:18 Second

USN-5378-1 fixed a vulnerability in Gzip. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.

Read More

Microsoft Patch Tuesday, April 2022 Edition

Read Time:2 Minute, 54 Second

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA).

Of particular concern this month is CVE-2022-24521, which is a “privilege escalation” vulnerability in the Windows common log file system driver. In its advisory, Microsoft said it received a report from the NSA that the flaw is under active attack.

“It’s not stated how widely the exploit is being used in the wild, but it’s likely still targeted at this point and not broadly available,” assessed Dustin Childs with Trend Micro’s Zero Day Initiative. “Go patch your systems before that situation changes.”

Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user.

Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component (RPC) that earned a CVSS score of 9.8 (10 being the worst). Microsoft said it believes exploitation of this flaw is more likely than not.

Other potentially wormable threats this month include CVE-2022-24491 and CVE-2022-24497, Windows Network File System (NFS) vulnerabilities that also clock in at 9.8 CVSS scores and are listed as “exploitation more likely by Microsoft.”

“These could be the kind of vulnerabilities which appeal to ransomware operators as they provide the potential to expose critical data,” said Kevin Breen, director of cyber threat research at Immersive Labs. “It is also important for security teams to note that NFS Role is not a default configuration for Windows devices.”

Speaking of wormable flaws, CVE-2022-24500 is a critical bug in the Windows Server Message Block (SMB).

“This is especially poignant as we approach the anniversary of WannaCry, which famously used the EternalBlue SMB vulnerability to propagate at great pace,” Breen added. “Microsoft advises blocking TCP port 445 at the perimeter firewall, which is strong advice regardless of this specific vulnerability. While this won’t stop exploitation from attackers inside the local network, it will prevent new attacks originating from the Internet.”

In addition, this month’s patch batch from Redmond brings updates for Exchange Server, Office, SharePoint Server, Windows Hyper-V, DNS Server, Skype for Business, .NET and Visual Studio, Windows App Store, and Windows Print Spooler components.

As it generally does on the second Tuesday of each month, Adobe released four patches addressing 70 vulnerabilities in Acrobat and Reader, Photoshop, After Effects, and Adobe Commerce. More information on those updates is available here.

For a complete rundown of all patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

Read More