flatpak-runtime-f37-3720230309184551.1
flatpak-sdk-f37-3720230309184551.1
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
thunderbird-102.9.0-1.fc36
Update to 102.9.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
thunderbird-102.9.0-1.fc37
Update to 102.9.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
thunderbird-102.9.0-1.fc38
Update to 102.9.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
FortiGuard Labs is aware of a report that an improper access control vulnerability in Adobe ColdFusion (CVE-2023-26360) was observed to have been exploited in the wild. Unauthenticated attackers can exploit the vulnerability to achieve arbitrary code execution on a remote machine. On March 15th, CISA added CVE-2023-26360 to the Known Exploited Vulnerability catalog.Why is this Significant?This is significant because Adobe reported that an improper access control vulnerability in Adobe ColdFusion (CVE-2023-26360) was exploited in the wild. CISA also added the vulnerability to the Known Exploited Vulnerability catalog. As such the patch needs to be applied as soon as possible.What is CVE-2023-26360?CVE-2023-26360 is an improper access control vulnerability that affects ColdFusion 2021 version 5 and prior as well as ColdFusion 2018 version 15 and prior. Unauthenticated attackers can exploit the vulnerability to achieve arbitrary code execution on a remote machine.Is CVE-2023-26360 being Exploited in the Wild?Adobe confirmed in the advisory that CVE-2023-26360 was leveraged in the wild.Has the Vendor Released an Advisory for CVE-2023-26360?Yes. See the Appendix for a link to “Security updates available for Adobe ColdFusion | APSB23-25”.Has the Vendor Released a Patch for the Vulnerability?Yes, Adobe released a patch for CVE-2023-26360 on March 14th, 2023.What is the Status of Protection?At this time, there is not sufficient information that allows us to investigate for protection. This Threat Signal will be updated when new information becomes available.
FortiGuard Labs recently observed that multiple vulnerabilities (CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357) in Progress Telerik UI (User Interface) are being exploited in chain to achieve arbitrary code execution on a remote machine. On March 15th, CISA released an advisory that multiple threat actors exploited unpatched IIS servers in a U.S. federal agency.Why is this Significant?This is significant because three Progress Telerik UI vulnerabilities are being exploited in chain for arbitrary code execution. On March 15th, 2023, CISA released an advisory that multiple threat actors exploited vulnerable IIS servers in a U.S. federal agency. As such, the patches need to be applied as soon as possible.What is CVE-2019-18935?CVE-2019-18935 is a critical deserialization of untrusted data vulnerability in the RadAsyncUpload functionProgress function of Telerik UI for ASP.NET AJAX, a suite of UI components for web applications. Successful exploitation of the vulnerability allows remote attackers to perform arbitrary file uploads or execute arbitrary code when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11317?CVE-2017-11317 is an unrestricted file upload vulnerability in Telerik UI for ASP.NET AJAX. It leverages weakness RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.What is CVE-2017-11357?CVE-2017-11357 is an arbitrary file upload vulnerability in Telerik UI for ASP.NET AJAX components. It is an insecure direct object reference vulnerability in the RadAsyncUpload function, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code by manipulating user input.The vulnerability affects Telerik UI versions prior to R1 2020 (2020.1.114) and has a CVSS base score of 9.8.Has the Vendor Released an Advisory for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357?Yes. See the Appendix for a link to “Unrestricted File Upload in RadAsyncUpload”, “Allows JavaScriptSerializer Deserialization” and “Insecure Direct Object Reference in RadAsyncUpload”.Has the Vendor Released a Patch for the Vulnerabilities?Yes. Patches are available for all three vulnerabilities.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2019-18935, CVE-2017-11317 and CVE-2017-11357:Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload
Today – March 14, 2023, Microsoft released 80 security updates for this month’s Patch Tuesday release. Two of the releases address known Zero Days in Microsoft Office (CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability) and Windows Operating Systems (CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability) which is related to last year’s December’s 2022 Patch Tuesday advisory for CVE-2022-44698 (Windows SmartScreen Security Feature Bypass Vulnerability).CVE-2023-23397 was observed being exploited in the wild by APT28/Fancy Bear attributed to the GRU which is an arm of the Russian government.What are the details for Both Zero Days?CVE-2023-23397 – is an Elevation of Privilege vulnerability (EoP) in Microsoft Outlook where an attacker that successfully exploits this vulnerability can access a user’s Net-NTLMv2 hash that could be used for an NTLM relay attack against another service to authenticate as the user. External attackers can create specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then use to authenticate as the victim via another service.CVE-2023-24880 is a vulnerability in Windows where an attacker can create a malicious file that would allow for the evasion of Mark of the Web (MOTW) protocols, resulting in the loss of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. This vulnerability is related to CVE-2022-44698 (Windows SmartScreen Security Feature Bypass Vulnerability) which was released in the December 2022 Microsoft Monthly Update.Are Both Vulnerabilities Being Exploited in the Wild?According to Microsoft CVE-2023-23397 (Microsoft Outlook Elevation of Privilege Vulnerability) has been exploited in the wild. This vulnerability was exploited by APT28/Fancy Bear which is attributed to GRU, an outpost of the Russian government.Regarding CVE-2023-24880 (Windows SmartScreen Security Feature Bypass Vulnerability) has not been reported to be exploited in the wild. However reports have previously connected last Decembers CVE-2022-44698 vulnerability being exploited by Magniber Ransomware group.What Suggested Mitigation is Available?For those unable to apply the patch for CVE-2023-23397, Microsoft recommends adding users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. Also, blocking TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares. Microsoft suggests downloading the following document – “Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2.” This document discusses Pass-the-Hash (PtH) attacks against Windows operating systems and provides detailed insight against PtH attacks. This document can be found here. For CVE-2023-24880 – it is suggested to apply the available patches as soon as possible.What are the CVSS scores?For CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability the CVSS score is 9.8 (CRITICAL).For CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability the CVSS score is 5.4 (MEDIUM).What is the Status of Coverage?Fortinet customers running the latest version of IPS definitions are protected against exploitation of CVE-2023-24880 by:MS.Windows.SmartScreen.Security.Feature.Bypass (CVE-2023-24880)Regarding CVE-2023-23397, IPS coverage is being investigated for feasibility and this Threat Signal will be updated when relevant information is available.
It was discovered that Kerberos incorrectly handled memory when processing
KDC data, which could lead to a NULL pointer dereference. An attacker could
possibly use this issue to cause a denial of service or have other
unspecified impacts. (CVE-2021-36222, CVE-2021-37750)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
