UPDATE January 13 2022: Protection section has been updated with a IPS signature information.FortiGuard Labs is aware that a total of 96 vulnerabilities were patched by Microsoft on January 11th, 2022 as part of regular MS Patch Tuesday. In those vulnerabilities, CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability) is one of the nine vulnerabilities that are rated critical. In the advisory, Microsoft warned that CVE-2022-21907 is wormable and “recommends prioritizing the patching of affected servers”.Why is this Significant?This is significant because CVE-2022-21907 is considered wormable as such malware can exploit the vulnerability to self-propagate without any user interaction nor elevated privilege. CVE-2022-21907 targets the HTTP trailer support feature that is enabled by default in various Windows 10 and 11 versions, as well as Windows Server 2022. The vulnerability also has a CVSS score of 9.8 (max score 10).What is CVE-2022-21907?CVE-2022-21907 is a remote code execution vulnerability in HTTP protocol stack (http.sys). HTTP.sys is a legitimate Windows component that is responsible for parsing HTTP requests. An unauthenticated attacker could craft and send a malicous packet to an affected server utilizing the HTTP Protocol Stack (http.sys) to process packets, which leads to remote code execution.Which Versions of Windows are Vulnerable?Per the Microsoft advisory, the following Windows versions are vulnerable:Windows Server 2019Windows Server 2022Windows 10Windows 11Note that the HTTP trailer support feature is inactive by default in Windows Server 2019 and Windows 10 version 1809. As such, they are not vulnerable unless the feature is enabled.Is the Vulnerability Exploited in the Wild?FortiGuard Labs is not aware of CVE-2022-21907 being exploited in the wild at the time of this writing.Has the Vendor Released a Fix?Yes. Microsoft released a fix for CVE-2022-21907 on January 11th, 2022 as part of regular Patch Tuesday.What is the Status of Coverage? (Updated January 13 2022)FortiGuard Labs has released the following IPS signature in version 19.241:MS.Windows.HTTP.Protocol.Stack.CVE-2022-21907.Code.Execution (default action is set to pass)Any Mitigation?Microsoft provided the following mitigation in the advisory:In Windows Server 2019 and Windows 10 version 1809, the the HTTP Trailer Support feature that contains the vulnerability is not active by default. The following registry key must be configured to introduce the vulnerable condition:HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters”EnableTrailerSupport”=dword:00000001This mitigation does not apply to the other affected versions.

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the targeted user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer privileges on the system could be less impacted than those who operate with elevated privileges.

Read More

Several vulnerabilities have been discovered in the interpreter for
the Ruby language and the Rubygems included, which may result
in information disclosure or denial of service.

Read More

Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service.

Read More

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Read More

A vulnerability has been discovered in Samba which could allow for arbitrary code execution. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Successful exploitation of this vulnerability could result in arbitrary code execution as root on affected Samba installations that use the VFS module vfs_fruit. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More