April Threat Advisory – Top 5

SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of April 2023.

Apple Released Patch to Fix Two Vulnerabilities Impacting Multiple Apple Products

Threat Reference: Global

Risks: Arbitrary Code Execution

Advisory Type: Updates/Patches

Priority: Standard

Apple has released a patch to fix two vulnerabilities. Successful exploitation of these vulnerabilities could lead to arbitrary code execution. An app may be able to execute arbitrary code with kernel privileges. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected products include iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura.

Recommendation

It is recommended to update all the affected products to its latest available version.

Cisco Released Patches to Fix Critical and High-Level Vulnerabilities Impacting Cisco Products

Threat Reference: Global

Risks: Arbitrary OS command Injection, Authentication Bypass, Elevation of Privilege, Arbitrary File Deletion, Overwrite Arbitrary Files, Information Disclosure and Denial-of-Service (DoS)

Advisory Type: Updates/Patches

Priority: Standard

Cisco fixed multiple critical, high, and medium severity vulnerabilities affecting Cisco Products. Successful exploitation of these vulnerabilities can result in Arbitrary OS command Injection, Authentication Bypass, Privilege Escalation, Overwrite Arbitrary Files, Information Disclosure and Denial of Service (DoS).

The following issues were noted in the detected vulnerabilities.

• An authenticated remote attacker can execute arbitrary commands with administrative privileges.
• Vulnerability allows an authenticated, local attacker to read application data.
• An unauthenticated, remote attacker can bypass external authentication.
• An authenticated, remote attacker to elevate privileges on an affected device.
• An unauthenticated, remote attacker can exhaust system resources, causing a denial of service (DoS) condition.
• An authenticated, local attacker can delete arbitrary files.
• An authenticated local attacker can elevate privileges to root on an affected device.
• An authenticated local attacker can overwrite arbitrary files on the local file system of an affected device.
• An authenticated, local attacker can overwrite arbitrary files on the local file system of an affected device.
• An unauthenticated attacker to view sensitive information on an affected device.

Affected Products include Cisco Industrial Network Director, Cisco Modeling Labs for Education, Cisco Modeling Labs Enterprise, Cisco Modeling Labs – Not for Resale, ASR 5000 Series Routers, Virtualized Packet Core – Distributed Instance (VPC-DI), Virtualized Packet Core – Single Instance (VPC-SI), Cisco BroadWorks Network Server, Cisco SD-WAN vManage Software, TelePresence CE, RoomOS in on-premises operation, RoomOS in cloud-aware on-premises operation.

Recommendation

It is recommended to update all the affected products to the latest available patch version.

Fortinet Fixed Multiple High & Medium Vulnerabilities Impacting Fortinet Products

Threat Reference: Global

Risks: Buffer Underflow

Advisory Type: Patches/Updates

Priority: Standard

Fortinet has released patches to fix multiple vulnerabilities affecting Fortinet products. Successful exploitation of these vulnerabilities may lead to Privilege Escalation, Command Injection or XSS (Cross-Site Scripting).

Issues include arbitrary file creation from unprivileged users due to process impersonation, improper write access over FortiClient pipe object, arbitrary file creation by unprivileged users, cross site scripting vulnerabilities in administrative interface, XSS vulnerability in HTML generated attack report files, and OS command injection in CLI.

Affected products include FortiOS, FortiProxy, FortiADC, FortiClientWindows, and FortiWeb.

Recommendation

It is recommended to update all the affected products to its latest available patch version.

Google Released a Patch for Zero-day Vulnerability in Chrome Exploited in the Wild

Threat Reference: Global

Risks: Zero-Day

Advisory Type: Zero-Day Exploits

Priority: Standard

Google has released Chrome version 112.0.5615.138 for Windows, Mac, and Linux operating system to fix high severity vulnerability which is exploited in the wild.

Recommendation

It is recommended to update google chrome to latest available versions/patch level.

Microsoft Released April 2023 Patch Tuesday for 97 Flaws Including 1 Zero-day

Threat Reference: Global

Risks: Privilege Elevation, Remote Code Execution, Cross-site Scripting Vulnerability and Security Feature Bypass

Advisory Type: Updates/Patches

Priority: Standard

Microsoft has released its April 2023 Patch Tuesday to fix 97 vulnerabilities which includes 1 Zero-Days and 7 Critical severity vulnerabilities. Successful exploitation of these vulnerabilities could result in Privilege Elevation, Security Feature Bypass, Remote code execution, Denial of Service, Information Disclosure and Chromium Vulnerability.

Vulnerabilities include Windows Common Log File System Driver Elevation of Privilege Vulnerability, DHCP Server Service Remote Code Execution Vulnerability, Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability, Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability, Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability, Windows Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability, Raw Image Extension Remote Code Execution Vulnerability, Microsoft Message Queuing Remote Code Execution Vulnerability, Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability, .NET DLL Hijacking Remote Code Execution Vulnerability, Windows Bluetooth Driver Remote Code Execution Vulnerability, Microsoft Defender Denial of Service Vulnerability, Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability, Microsoft SharePoint Server Spoofing Vulnerability, Microsoft Word Remote Code Execution Vulnerability, Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability, Windows DNS Server Remote Code Execution Vulnerability, Windows Domain Name Service Remote Code Execution Vulnerability, Microsoft SQL Server Remote Code Execution Vulnerability, Visual Studio Elevation of Privilege Vulnerability, Windows Kernel Elevation of Privilege Vulnerability, Windows Kernel Remote Code Execution Vulnerability, Windows NTLM Elevation of Privilege Vulnerability, and Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability.

Affected Products include .NET Core, Microsoft Bluetooth Driver, Microsoft Defender for Endpoint, Microsoft Dynamics, Microsoft Graphics Component, Microsoft Message Queuing, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Word, Microsoft Printer Drivers, Microsoft Windows DNS, SQL Server, Visual Studio, Visual Studio Code, Windows Active Directory, Windows ALPC, Windows Ancillary Function Driver for WinSock, Windows Boot Manager, Windows Common Log File System Driver, Windows Network Address Translation (NAT), Windows Network File System, Windows Network Load Balancing, Windows NTLM, Windows Point-to-Point Protocol over Ethernet (PPPoE), Windows Raw Image Extension, Windows RDP Client, Windows RPC API, Windows Secure Channel, Windows Secure Socket Tunnelling Protocol (SSTP), Windows Transport Security Layer (TLS), and Windows Win32K.

Recommendations

• Keep applications and operating systems running at the current released patch level.
• Run software with the least privileges.

Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here. Or if you suspect a security incident, you can report an incident here.