Monthly Advisory • 10 MIN READ

January Threat Advisory Top 5

by Eleanor Barlow • Jan 2023

SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of January 2023.

Fortinet Release Patches to Fix Multiple Vulnerabilities Impacting Fortinet Products.

Threat Reference: Global

Risks: Arbitrary Code Execution, Broken Access Control

Advisory Type: Updates/Patches

Priority: Standard

Fortinet has released patches to fix high and medium-severity vulnerabilities in their multiple products. Successful exploitation of these vulnerabilities can result in unauthorized command execution and improper access controls.

An unauthenticated attacker can execute arbitrary commands in the underlying shell in FortiTester; run commands in the web interface via specifically crafted HTTP requests due to improper neutralization of special elements used in an OS Command; access a FortiGate without a password via newly created Virtual Domains (VDOMs) after the admin account with super admin profile is deleted due to incorrect user management; perform XSS (Cross Site Scripting) attack via sending a request with a specially crafted column index parameter due to improper neutralization of input during web page generation.

Affected Products: FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5, FortiTester version 7.1.0, FortiTester version 7.0 all versions, FortiTester version 4.0.0 through 4.2.0, FortiTester version 2.3.0 through 3.9.1, FortiManager version 7.0.0 through 7.0.1, FortiManager version 6.4.0 through 6.4.7, FortiManager version 6.2.0 through 6.2.9, FortiPortal version 6.0.0 through 6.0.11, FortiPortal 5.3 all versions, FortiPortal 5.2 all versions, FortiPortal 5.1 all versions, FortiPortal 5.0 all versions.

Recommendation: It is recommended to update the affected products to the latest available versions.

Apple Released Patches for Critical and High Vulnerabilities Impacting Multiple Apple Products.

Threat Reference: Global

Risks: Arbitrary Code Execution, Escalation of Privilege, Denial-of-Service

Advisory Type: Updates/Patches

Priority: Standard

Apple has released patches to fix multiple critical and high severity vulnerabilities. Successful exploitation of these vulnerabilities could lead to arbitrary code execution and privilege escalation.

Affected Products: macOS Monterey, macOS Big Sur, iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, iPod touch, Apple Watch Series 4 and later, iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), iPhone 8 and later, iPad Pro, iPad, iPad mini, macOS Ventura.

Recommendation: It is recommended to update all the affected products to the latest available patch version.

Microsoft Released January 2023 Patch Tuesday for 98 Flaws & 1 Zero-day.

Threat Reference: Global

Risks: Privilege Elevation, Remote Code Execution, Security Feature Bypass, Denial of Service

Advisory Type: Updates/Patches

Priority: Standard

Microsoft has released January 2023 Patch Tuesday to fix 98 vulnerabilities which include 11 Critical severity vulnerabilities. Successful exploitation of these vulnerabilities could result in Privilege Elevation, Security Feature Bypass, Remote code execution, Denial of Service, or Information Disclosure.

Affected Products: .NET Core, 3D Builder, Azure Service Fabric Container, Microsoft Bluetooth Driver, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft WDAC OLE DB provider for SQL, Visual Studio Code, Windows ALPC, Windows Ancillary Function Driver for WinSock, Windows Authentication Methods, Windows Backup Engine, Windows Bind Filter Driver, Windows BitLocker, Windows Boot Manager, Windows Credential Manager, Windows Cryptographic Services, Windows DWM Core Library, Windows Error Reporting, Windows Event Tracing, Windows IKE Extension, Windows Installer, Windows Internet Key Exchange (IKE) Protocol, Windows iSCSI, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows LDAP – Lightweight Directory Access Protocol, Windows Local Security Authority (LSA), Windows Local Session Manager (LSM), Windows Malicious Software Removal Tool, Windows Management Instrumentation, Windows NTLM, Windows ODBC Driver, Windows Overlay Filter, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Access Service L2TP Driver, Windows RPC API, Windows Secure Socket Tunneling Protocol (SSTP), Windows Smart Card, Windows Task Scheduler, Windows Virtual Registry Provider, Windows Workstation Service.

Recommendation:

  • Keep applications and operating systems running at the current released patch level.
  • Run software with the least privileges.

Oracle Released Quarterly Critical Patch Update for January 2023.

Threat Reference: Global

Risks: Unauthenticated Account Takeover

Advisory Type: Updates/Patches

Priority: Standard

Oracle has released patches for several critical vulnerabilities affecting multiple Oracle products. The patch includes a total of 327 new security updates across 29 Oracle product families. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products.

Out of all security patches, approximately 79 patches were observed for Oracle communications, followed by The Oracle Fusion Middleware and Oracle Communications Application, with 50 and 39 patches, respectively.

Affected Prroducts: Oracle Database Server, Oracle Big Data Graph, Oracle Essbase, Oracle Global Lifecycle Management, Oracle GoldenGate, Oracle Graph Server and Client, Oracle Spatial Studio, Oracle Times Ten In-Memory Database, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction and Engineering, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Food and Beverage Applications, Oracle Fusion Middleware, Oracle Health Sciences Applications, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle Insurance Applications, Oracle Java SE, Oracle JD Edwards, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Support Tools, Oracle Systems, Oracle Utilities Applications, Oracle Virtualization.

Recommendation: It is recommended to update all affected products to their latest patch available.

Zoho Released Patch to Fix Critical Vulnerability in Zoho Products.

Threat Reference: Global

Risks: Remote Code Execution

Advisory Type: Updates/Patches

Priority: Standard

Zoho has released a patch to fix the Remote Code Execution vulnerability affecting multiple Zoho products. An unauthenticated attacker can perform remote code execution in Zoho ManageEngine products due to the usage of an outdated third-party dependency named “Apache Santuario”. This vulnerability is applicable only when SAML SSO is/was enabled in the ManageEngine setup.

Affected Products: PAM 360, OS Deployer, Endpoint DLP, Analytics Plus, Endpoint Central, Key Manager Plus, Device Control Plus, Remote Access Plus, Patch Manager Plus, Access Manager Plus, Browser Security Plus, Endpoint Central MSP, Password Manager Pro, Application Control Plus, Vulnerability Manager Plus, ADAudit Plus, Asset Explorer, ADManager Plus, ServiceDesk Plus, ADSelfService Plus, SupportCenter Plus, Active Directory 360, ServiceDesk Plus MSP.

Recommendations:

• It is recommended to disable SAML SSO in ManageEngine setup.

• Also, it is recommended to update all the affected products to their latest available versions.

Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.

Or if you suspect a security incident, you can report an incident here.