Read Time:56 Second

What is the Attack?

On June 11, 2023, Microsoft released an advisory and a blog for a new Office and Windows HTML Remote Code Execution (RCE) vulnerability that was reportedly leveraged by the Storm-0978 threat actor in attacks against defense and government agencies in Europe and North America. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Microsoft Office document. The vulnerability has a CVSS base score of 8.3 and is rated important by Microsoft.

Why is this Significant?

The CVE-2023-36884 has no available patch and there are reported exploitation in the wild.

What is the Vendor Solution?

Microsoft has not released a fix for CVE-2023-36884 at the time of this writing (June 12th, 2023). However, Microsoft has provided mitigation steps for CVE-2023-36884 in the advisory. For more information, please see the Appendix for the link to “CVE-2023-36884 (Microsoft)”.

What FortiGuard Coverage is available?

FortiGuard Labs is currently investigating potential samples that exploit CVE-2023-36884 for protection. We will update this Threat Signal when new information becomes available.

Advisories

USN-6225-1: Knot Resolver vulnerability

July 13, 2023

Read Time:9 Second

It was discovered that Knot Resolver did not correctly handle certain
client options. A remote attacker could send requests to malicous domains
and cause a denial of service.

Advisories

CVE-2021-0948

July 13, 2023

Read Time:8 Second

The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.

Advisories

A Vulnerability in Cisco SD-WAN vManage Could Allow for Security Mechanism Bypass

July 12, 2023

Read Time:22 Second

A vulnerability has been discovered in Cisco SD-WAN vManage which could allow for security mechanism bypass. Cisco SD-WAN vManage is a centralized network management console for controlling, configuring and monitoring devices in a network. Successful exploitation of this vulnerability could allow an attacker to bypass security mechanisms on the targeted host, granting them to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

Advisories

USN-6224-1: Linux kernel vulnerabilities

July 12, 2023

Read Time:26 Second

It was discovered that the XFS file system implementation in the Linux
kernel did not properly perform metadata validation when mounting certain
images. An attacker could use this to specially craft a file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2023-2124)

Wei Chen discovered that the InfiniBand RDMA communication manager
implementation in the Linux kernel contained an out-of-bounds read
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-2176)

Advisories

USN-6223-1: Linux kernel (Azure CVM) vulnerabilities

July 12, 2023

Read Time:2 Minute, 8 Second

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)

It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)

It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)

It was discovered that the Xircom PCMCIA network device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2023-1670)

It was discovered that a race condition existed in the Xen transport layer
implementation for the 9P file system protocol in the Linux kernel, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (guest crash) or expose sensitive information (guest
kernel memory). (CVE-2023-1859)

Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)

It was discovered that the BigBen Interactive Kids’ gamepad driver in the
Linux kernel did not properly handle device removal, leading to a use-
after-free vulnerability. A local attacker with physical access could plug
in a specially crafted USB device to cause a denial of service (system
crash). (CVE-2023-25012)

It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)

Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)

It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)

News

Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy

July 12, 2023

Read Time:6 Minute, 41 Second

When it comes to protecting your privacy, take a close look at your social media use—because sharing can quickly turn into oversharing.

The term “oversharing” carries several different definitions. Yet in our case here, oversharing means saying more than one should to more people than they should. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Who among them can you absolutely trust with the information you share?

And you might be sharing more than you think. Posts have a way of saying more than one thing, like:

“This is the pool at the rental home I’m staying at this week. Amazing!” Which also tells everyone, “My home is empty for the next few days.”

“I can’t start my workday without a visit to my favorite coffeeshop.” Which also says, “If you ever want to track me down in person, you can find me at this location practically any weekday morning.”

One can quickly point to other examples of oversharing. Unintentional oversharing at that.

A first-day-of-school picture can tell practical strangers which elementary school your children attend, say if the picture includes the school’s reader board in it. A snapshot of you joking around with a co-worker might reveal a glimpse of company information. Maybe because of what’s written on the whiteboard behind the two of you. And in one extreme example, there’s the case an assault on a pop star. Her attacker tracked her down through her selfie, determining her location through the reflection in her eyes.

The list goes on.

That’s not to say “don’t post.” More accurately, it’s “consider what you’re posting and who gets to see it.” You have control over what you post, and to some degree, who gets to see those posts. That combination is key to your privacy—and the privacy of others too.

Three simple steps for protecting your privacy on social media

1) Be more selective with your settings

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting—not to mention your relationships and likes. Taking a “friends only” approach to your social media profiles can help protect your privacy, because that gives a possible scammer or stalker much less material to work with. Yet further, some platforms allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.

2) Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers might be more than just a stranger. They might be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q1 of 2023 alone, Facebook took action on 426 million fake accounts. Reject such requests.

3) Consider what you post

Think about posting those vacation pictures after you get back so people don’t know you’re away when you’re away. Also consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.

Further ways to make yourself more private online

While we’re on the topic, you can take a few other steps that can make you more private online. In addition to your social media usage, other steps can help keep more of your private and personal information with you—where it belongs:

Skip the online quizzes: Which superhero are you? “What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen quizzes like these crop up in your feed sometimes. Shadily, these quizzes might ask for the name of the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts. Needless to say, skip the quizzes.
Clean up your personal data trail: When was the last time you Googled yourself? The results might reveal all kinds of things, like your estimated income, the names and ages of your children, what you paid for your home, and, sometimes, your purchasing habits. Who’s collecting and posting this information about you? Online data brokers, which gather information from all manner of public records. Beyond that, they’ll also gather information from app developers, loyalty cards, and from other companies that track your web browsing. Data brokers will sell this info to anyone. Advertisers, background checkers, telemarketers, and scammers too. Data brokers don’t discriminate. Yet you can clean up that information with a Personal Data Cleanup like ours. It scans some of the riskiest data broker sites for your personal info and helps manage the removal for you.
Spend time online more privately with a VPN: A VPN creates an encrypted “tunnel” that shields your activity from cybercriminals so what you do online remains anonymous. It helps make you anonymous to advertisers and other trackers too. By encrypting your web traffic requests, a VPN can hide your search habits and history from those that might use that info as part of building a profile of you—whether that’s for targeted ads or data collection that they might sell to brokers for profit. Comprehensive online protection software like ours includes one.

More privacy partly comes down to you

Granted, “social” is arguably the opposite of “private.” Using social media involves sharing, by its very definition. Yet any oversharing can lead to privacy issues.

Maybe you want close friends to know what’s going on, but what about that so-so acquaintance deep in your friends list? How well do you really know them? And to what extent do you want them to know exacting details about where you are, where your kids go to school, and so on? Those are questions you ultimately must answer, and ultimately have some control over depending on what you share on social media.

Also important to consider is this: if you post anything on the internet, consider it front page news. Even with social media privacy settings in place, there’s no guarantee that someone won’t copy your posts or pics and pass them along to others.

The flipside to the topic of social media and privacy is the platform you’re using. It’s no secret that social media companies gather hosts of personal information about their users in exchange for free use of their platforms. Certainly, that’s a topic unto itself. We cover what social media companies know about you in this article here—along with a few steps that can help you limit what they know as well.

When it comes to your privacy and social media, it depends largely on how you use it. How you use various privacy and audience settings offers one way to manage it. The other is you and the information you put out there for others to see.

The post Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy appeared first on McAfee Blog.

Advisories

USN-6222-1: Linux kernel (Xilinx ZynqMP) vulnerabilities

July 12, 2023

Read Time:6 Minute, 39 Second

Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon
GPU devices did not properly validate memory allocation in certain
situations, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-3108)

Zheng Wang discovered that the Intel i915 graphics driver in the Linux
kernel did not properly handle certain error conditions, leading to a
double-free. A local attacker could possibly use this to cause a denial of
service (system crash). (CVE-2022-3707)

It was discovered that the infrared transceiver USB driver did not properly
handle USB control messages. A local attacker with physical access could
plug in a specially crafted USB device to cause a denial of service (memory
exhaustion). (CVE-2022-3903)

Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the
do_prlimit() function in the Linux kernel did not properly handle
speculative execution barriers. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2023-0458)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did
not properly implement speculative execution barriers in usercopy functions
in certain situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2023-0459)

It was discovered that the Human Interface Device (HID) support driver in
the Linux kernel contained a type confusion vulnerability in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1073)

It was discovered that a memory leak existed in the SCTP protocol
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2023-1074)

It was discovered that the TLS subsystem in the Linux kernel contained a
type confusion vulnerability in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-1075)

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)

It was discovered that the Reliable Datagram Sockets (RDS) protocol
implementation in the Linux kernel contained a type confusion vulnerability
in some situations. An attacker could use this to cause a denial of service
(system crash). (CVE-2023-1078)

Duoming Zhou discovered that a race condition existed in the infrared
receiver/transceiver driver in the Linux kernel, leading to a use-after-
free vulnerability. A privileged attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-1118)

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel
did not properly initialize some data structures. A local attacker could
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)

It was discovered that a use-after-free vulnerability existed in the iSCSI
TCP implementation in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash). (CVE-2023-2162)

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu
Linux kernel contained a race condition when handling inode locking in some
situations. A local attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2023-2612)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel
did not properly handle certain sysctl allocation failure conditions,
leading to a double-free vulnerability. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)

Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Sanan Hasanov discovered that the framebuffer console driver in the Linux
kernel did not properly perform checks for font dimension limits. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-3161)

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)

It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)

Advisories

nodejs16-16.20.1-1.fc37

July 12, 2023

Read Time:49 Second

FEDORA-2023-61e40652be

Packages in this update:

nodejs16-16.20.1-1.fc37

Update description:

2023-06-20, Version 16.20.1 ‘Gallium’ (LTS), @RafaelGSS

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases
OpenSSL security advisory 28th March.
OpenSSL security advisory 20th April.
OpenSSL security advisory 30th May
c-ares vulnerabilities:
GHSA-9g78-jv2r-p7vc
GHSA-8r8p-23f3-64c2
GHSA-54xr-f67r-4pc4
GHSA-x6mf-cxr9-8q6v

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Advisories

nodejs16-16.20.1-1.fc38

July 12, 2023

Read Time:49 Second

FEDORA-2023-608a1417d3

Packages in this update:

nodejs16-16.20.1-1.fc38

Update description:

2023-06-20, Version 16.20.1 ‘Gallium’ (LTS), @RafaelGSS

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Cyber Security News

Monthly Archives: July 2023

Unpatched Office Remote Code Execution Vulnerability (CVE-2023-36884)

USN-6225-1: Knot Resolver vulnerability

CVE-2021-0948

A Vulnerability in Cisco SD-WAN vManage Could Allow for Security Mechanism Bypass

USN-6224-1: Linux kernel vulnerabilities

USN-6223-1: Linux kernel (Azure CVM) vulnerabilities

Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy

Three simple steps for protecting your privacy on social media

1) Be more selective with your settings

2) Say “no” to strangers bearing friend requests

3) Consider what you post

Further ways to make yourself more private online

More privacy partly comes down to you

USN-6222-1: Linux kernel (Xilinx ZynqMP) vulnerabilities

nodejs16-16.20.1-1.fc37

FEDORA-2023-61e40652be

Packages in this update:

Update description:

2023-06-20, Version 16.20.1 ‘Gallium’ (LTS), @RafaelGSS

Notable Changes

nodejs16-16.20.1-1.fc38

FEDORA-2023-608a1417d3

Packages in this update:

Update description:

2023-06-20, Version 16.20.1 ‘Gallium’ (LTS), @RafaelGSS

Notable Changes

News, Advisories and much more