What Happened Over the Week? | CVEs Special
Hello, hello cyber-securiters. This is a special edition for CVEs. You need lots of updates this week.
Here is a catch-up for you. Let's start.
1) Cybercriminals Exploit CVE-2022-26923 in Evolving Social Engineering Campaign
A series of sophisticated intrusion attempts have been linked to an ongoing social engineering campaign. This campaign has evolved significantly, with cybercriminals adopting new tools and techniques to bypass security measures and compromise targeted systems.
Exploitation of CVE-2022-26923: This vulnerability allows attackers to create a machine account within a domain, enabling Kerberoasting attacks to extract service account credentials from domain controllers.
2) Critical Security Flaws in WPS Office Expose Users to Remote Code Execution Attacks
WPS Office, a popular office suite with over 200 million users, has been found to contain two critical vulnerabilities that could expose users to remote code execution (RCE) attacks. These vulnerabilities, identified as CVE-2024-7262 and CVE-2024-7263, have been assigned a CVSS score of 9.3, emphasizing their high severity and potential for exploitation.
3) CVE-2024-38063: Microsoft Urgently Patches Windows TCP/IP Vulnerability
In the latest August Patch Tuesday, Microsoft addressed a critical security vulnerability within the Windows TCP/IP stack, known as CVE-2024-38063. With a CVSS score of 9.8, this flaw has been identified as a severe threat to enterprise environments, allowing attackers to execute arbitrary code remotely with minimal effort.
4) Adobe Releases Important Security Updates for Commerce and Magento
Adobe has released a critical security update for its widely-used e-commerce platforms, Adobe Commerce and Magento Open Source. This update addresses a range of vulnerabilities, some of which could allow attackers to execute malicious code, read sensitive files, bypass security features, or gain full control of affected systems.
CVEs:
5) Palo Alto Networks Releases Critical Security Patches for Cortex XSOAR and Other Products
6) CVE-2024-42479: Major Security Flaw in AI Library Exposes Millions to RCE Threats
A critical security vulnerability, tracked as CVE-2024-42479, has been discovered in the popular llama_cpp_python Python package. This vulnerability presents a significant risk of remote code execution (RCE) and has been assigned a CVSS score of 10 due to its severity.
The llama_cpp_python library is widely used in AI projects, and this vulnerability puts millions of users at risk.
7) Windows SmartScreen Vulnerability Exploited as Zero-Day Since March
Microsoft has revealed that a Mark of the Web (MotW) security bypass vulnerability, which attackers have exploited as a zero-day to circumvent SmartScreen protection, was patched during the June 2024 Patch Tuesday update.
8) CVE-2024-36877: The Vulnerability Discovered in MSI Motherboards
MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability identified as CVE-2024-36877, which affects a wide range of its motherboards. This vulnerability, located in the System Management Mode (SMM) handler, could allow attackers to execute arbitrary code on affected systems, potentially leading to full system compromise.
Recommended by LinkedIn
9) CISA Issues Alert on Critical Vulnerabilities in Vonets WiFi Bridge Devices with No Available Patch
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory detailing multiple critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities pose a significant threat to the security of industrial and commercial networks relying on these devices, as they could allow attackers to execute arbitrary code, disclose sensitive information, or disrupt device functionality.
Despite the severity of these flaws, Vonets has not responded to CISA’s requests for collaboration on mitigation strategies, leaving users in a vulnerable position.
CVEs:
10) Critical Vulnerability in Windows TCP/IP Stack: CVE-2024-38063
In its latest Patch Tuesday security update, Microsoft has disclosed a critical vulnerability in the Windows TCP/IP stack that requires immediate attention. Among the 88 vulnerabilities addressed in August, CVE-2024-38063 stands out due to its severity and potential global impact.
11) Critical Vulnerabilities in the Linux Kernel
Security researchers have disclosed technical details and released proof-of-concept (PoC) exploit codes for three significant vulnerabilities (CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208) in the Linux kernel. These vulnerabilities, which impact versions ranging from v3.18-rc1 to v6.5-rc4, involve "use-after-free" issues within the net/sched component.
12) CVE-2024-28986 (CVSS 9.8): Critical Update Alert for SolarWinds Web Help Desk Users
SolarWinds has issued an urgent security advisory regarding a critical vulnerability in its Web Help Desk software. This vulnerability, identified as CVE-2024-28986, allows for Java Deserialization Remote Code Execution, potentially enabling unauthorized users to execute arbitrary commands on the affected system.
With a CVSS score of 9.8, the severity of this vulnerability underscores the need for immediate action.
13) CVE-2024-39825 and CVE-2024-39818: Critical Zoom Vulnerabilities
Zoom has issued a security bulletin addressing multiple vulnerabilities within its Workplace Apps and Rooms Clients, with some posing significant security risks. Two of the most critical vulnerabilities are CVE-2024-39825 and CVE-2024-39818, each carrying a CVSS score of 8.5, indicating a high level of severity. If left unpatched, these vulnerabilities could result in privilege escalation and information disclosure.
14) CVE-2024-7348: Serious Vulnerability in PostgreSQL
The PostgreSQL project has issued a security advisory concerning a serious vulnerability identified as CVE-2024-7348. This vulnerability, which carries a CVSS score of 8.8, poses a risk of arbitrary SQL execution during pg_dump operations and could potentially allow attackers to execute harmful functions with elevated privileges.
15) CVE-2023-31315: AMD SinkClose Vulnerability Poses High Risk of Invisible Malware Infections
AMD has issued a warning about a serious CPU vulnerability named "SinkClose," which impacts a wide range of its EPYC, Ryzen, and Threadripper processors. The flaw, identified as CVE-2023-31315, allows attackers with Kernel-level (Ring 0) privileges to escalate to Ring -2, one of the highest privilege levels associated with System Management Mode (SMM).
This level of access enables threat actors to install nearly undetectable malware, as SMM operates above the operating system and hypervisor, making it invisible and inaccessible to standard security tools.
16) Authentication Bypass Vulnerability in Ivanti vTM: CVE-2024-7593
Ivanti has announced a critical security vulnerability (CVE-2024-7593) in its Virtual Traffic Manager (vTM) software. This vulnerability allows unauthenticated attackers to bypass authentication and create an administrator user, potentially leading to full system compromise. This vulnerability has a CVSS score of 9.8, indicating its critical nature.
17) CVE-2024-22116: Critical RCE Vulnerability in Zabbix Monitoring Solution
Zabbix, a widely-adopted open-source solution for enterprise-level IT infrastructure monitoring, has disclosed a critical security vulnerability that could lead to full system compromise.
The vulnerability, identified as CVE-2024-22116 and assigned a CVSS severity score of 9.9, underscores the potential for severe consequences if left unaddressed.
18) New Windows Vulnerability CVE-2024-6768 Triggers 'Blue Screen of Death'
A recently discovered vulnerability in the Windows operating system, identified as CVE-2024-6768, is raising alarms among cybersecurity experts due to its potential to trigger the infamous "Blue Screen of Death" (BSOD). This vulnerability is found within the Common Log File System (CLFS) driver and affects all versions of Windows 10 and 11, regardless of the patch level.