Monthly Advisory • 10 MIN READ
October Threat Advisory Top 5
by Eleanor Barlow • Oct 2022
SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of October 2022.
Adobe Released Patches to Fix Critical Vulnerabilities in Multiple Products
Threat Reference: Global
Risks: Arbitrary code Execution, Memory leak, Denial of Service
Advisory Type: Updates/Patches
Priority: Standard
Adobe released updates to fix multiple critical vulnerabilities, including Arbitrary Code Executions, Memory Leaks and Application Denial-of-Service. Affected products included Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Recommendation:
It is recommended to update affected products to the latest fixed versions.
Fortinet Fixed Critical Authentication Bypass Vulnerability in FortiOS and FortiProxy
Threat Reference: Global
Risks: Authentication Bypass
Advisory Type: Updates/Patches
Priority: Standard
Fortinet has released a security patch to fix critical Authentication bypass vulnerability in FortiOS and FortiProxy. Successful exploitation of the authentication bypass vulnerability using an alternate path or channel in FortiOS and FortiProxy may allow an unauthenticated remote attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Recommendations
- It is recommended to update FortiOS/FortiProxy devices to latest available versions.
- If the vulnerable devices cannot be updated in a timely manner, it is recommended that the internet-facing HTTPS Administration should be immediately disabled, until the upgrade is performed.
- It is recommended to limit the IP addresses that can reach the administrative interface using a “local-in-policy” to block remote attackers from bypassing authentication and logging into vulnerable FortiGate and FortiProxy deployments.
Microsoft Released October 2022 Patch Tuesday with 84 flaws including 2 Zero-days
Threat Reference: Global
Risks: Elevation of Privilege Vulnerability, Remote Code Execution
Advisory Type: Updates/Patches
Priority: Standard
Microsoft has released its October 2022 Patch Tuesday to fix 84 vulnerabilities which includes 13 critical severity vulnerabilities. Successful exploitation of these vulnerabilities could result in privilege elevation, spoofing, or remote code execution.
Notable Vulnerabilities include Microsoft Exchange Server Elevation of Privilege Vulnerability, and Microsoft Exchange Server Remote Code Execution Vulnerability.
Products effected include, Active Directory Domain Services, Azure, Azure Arc, Client Server Run-time Subsystem (CSRSS), Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Word, Microsoft WDAC OLE DB provider for SQL, NuGet Client, Remote Access Service Point-to-Point Tunnelling Protocol, Role: Windows Hyper-V, Service Fabric, Visual Studio Code, Windows Active Directory Certificate Services, Windows ALPC, Windows CD-ROM Driver, Windows COM+ Event System Service, Windows Connected User Experiences and Telemetry, Windows CryptoAPI, Windows Defender, Windows DHCP Client, Windows Distributed File System (DFS), Windows DWM Core Library, Windows Event Logging Service, Windows Group Policy, Windows Group Policy Preference Client, Windows Internet Key Exchange (IKE) Protocol, Windows Kernel, Windows Local Security Authority (LSA), Windows Local Security Authority Subsystem Service (LSASS), Windows Local Session Manager (LSM), Windows NTFS, Windows NTLM, Windows ODBC Driver, Windows Perception Simulation Service, Windows Point-to-Point Tunnelling Protocol, Windows Portable Device Enumerator Service, Windows Print Spooler Components, Windows Resilient File System (ReFS), Windows Secure Channel, Windows Security Support Provider Interface, Windows Server Remotely Accessible Registry Keys, Windows Server Service, Windows Storage, Windows TCP/IP, Windows USB Serial Driver, Windows Web Account Manager, Windows Win32K, Windows WLAN Service, Windows Workstation Service.
Recommendations
• Keep applications and operating systems running at the current released patch level.
• Run software with the least privileges.
Microsoft SQL Servers Backdoored with Newly Identified Malware named “Maggie”
Threat Reference: Global
Risks: Malware
Advisory Type: Threats
Priority: Standard
Security researchers observed a new malware called “Maggie” which deployed using Signed Extended Stored Procedure DLL file on Microsoft SQL Servers. To execute the backdoor, attackers placed the ESP file in a directory which MSSQL server had access, using valid credentials. After execution, it controlled through client connection which allowed to fetch user-supplied SQL queries, interact with sensitive files, querying for system information, executing programs, interacting with files and folders, enabling remote desktop services, running a SOCKS5 proxy, and setting up port forwarding.
Maggie backdoor also allows the attacker to perform brute forcing on other MSSQL server admin logins and to drop a hardcoded backdoor user on the successful authenticated server.
Recommendations
- Keep Anti-malware solutions at endpoint and network level always updated.
- Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints.
- Monitor your IT infrastructure 24×7 for cybersecurity attacks and suspicious activities.
Palo Alto Released Security Update to Fix Authentication Bypass in PAN-OS 8.1 Web Interface
Threat Reference: Global
Risks: Authentication Bypass
Advisory Type: Updates/Patches
Priority: Standard
An authentication bypass vulnerability has been discovered in Palo Alto Networks PAN-OS 8.1 web interface. Where it allows an attacker to gain access to the web interface of vulnerable device.
Recommendation:
• It is recommended to update the affected products to their latest available versions/patch level.
Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.
Or if you suspect a security incident, you can report an incident here.
Related Content
Choosing Your Managed Security Service Provider (MSSP). 7 Steps to Consider.
Selecting the right MSSP for your business is fundamental to the security of your clients, your people, processes, data, and infrastructure. Everything depends on the security you have in place. Which is why choosing the right MSSP for your business is crucial. But knowing what MSSP to go with can be hard. Especially if you […]
How Managed Data Security Can Benefit Your Business
Your business collects, stores and uses critical data on a daily basis. Not only do businesses hold a vast amount of data but they have hundreds, sometimes thousands, of databases and sub-databases. A business will have a database for their address book, another for leads, another for locations, and they are all interlinked to form […]
Cyber Security Threats in Gaming Industry at an All-time High
Explore at a variety of different forms of attacks that the gaming industry has seen, with recommendations provided to mitigate against such threats, to both gamers and organisations in the industry.
![10 Tips to Protect Your Data [Infographic]](https://www.securityhq.com/wp-content/uploads/2021/07/Thumbnail-image-Tips-to-Protect-Your-Data-blog-copy.jpg)
10 Tips to Protect Your Data [Infographic]
When making an online purchase, or creating an account online, it is tempting to save banking details and passwords for the sake of convenience. But a data leak from even one of these sources could cost you. With the multitude of devices, and the rapid shift to cloud storage, all our data is interconnected. Our […]
