Monthly Advisory • 10 MIN READ

October Threat Advisory Top 5

by Eleanor Barlow • Oct 2022

SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of October 2022.

Adobe Released Patches to Fix Critical Vulnerabilities in Multiple Products

Threat Reference: Global

Risks: Arbitrary code Execution, Memory leak, Denial of Service

Advisory Type: Updates/Patches

Priority: Standard

Adobe released updates to fix multiple critical vulnerabilities, including Arbitrary Code Executions, Memory Leaks and Application Denial-of-Service. Affected products included Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.

Recommendation:

It is recommended to update affected products to the latest fixed versions.

Fortinet Fixed Critical Authentication Bypass Vulnerability in FortiOS and FortiProxy

Threat Reference: Global

Risks: Authentication Bypass

Advisory Type: Updates/Patches

Priority: Standard

Fortinet has released a security patch to fix critical Authentication bypass vulnerability in FortiOS and FortiProxy. Successful exploitation of the authentication bypass vulnerability using an alternate path or channel in FortiOS and FortiProxy may allow an unauthenticated remote attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Recommendations

  • It is recommended to update FortiOS/FortiProxy devices to latest available versions.
  • If the vulnerable devices cannot be updated in a timely manner, it is recommended that the internet-facing HTTPS Administration should be immediately disabled, until the upgrade is performed.
  • It is recommended to limit the IP addresses that can reach the administrative interface using a “local-in-policy” to block remote attackers from bypassing authentication and logging into vulnerable FortiGate and FortiProxy deployments.

Microsoft Released October 2022 Patch Tuesday with 84 flaws including 2 Zero-days

Threat Reference: Global

Risks: Elevation of Privilege Vulnerability, Remote Code Execution

Advisory Type: Updates/Patches

Priority: Standard

Microsoft has released its October 2022 Patch Tuesday to fix 84 vulnerabilities which includes 13 critical severity vulnerabilities. Successful exploitation of these vulnerabilities could result in privilege elevation, spoofing, or remote code execution.

Notable Vulnerabilities include Microsoft Exchange Server Elevation of Privilege Vulnerability, and Microsoft Exchange Server Remote Code Execution Vulnerability.

Products effected include, Active Directory Domain Services, Azure, Azure Arc, Client Server Run-time Subsystem (CSRSS), Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Word, Microsoft WDAC OLE DB provider for SQL, NuGet Client, Remote Access Service Point-to-Point Tunnelling Protocol, Role: Windows Hyper-V, Service Fabric, Visual Studio Code, Windows Active Directory Certificate Services, Windows ALPC, Windows CD-ROM Driver, Windows COM+ Event System Service, Windows Connected User Experiences and Telemetry, Windows CryptoAPI, Windows Defender, Windows DHCP Client, Windows Distributed File System (DFS), Windows DWM Core Library, Windows Event Logging Service, Windows Group Policy, Windows Group Policy Preference Client, Windows Internet Key Exchange (IKE) Protocol, Windows Kernel, Windows Local Security Authority (LSA), Windows Local Security Authority Subsystem Service (LSASS), Windows Local Session Manager (LSM), Windows NTFS, Windows NTLM, Windows ODBC Driver, Windows Perception Simulation Service, Windows Point-to-Point Tunnelling Protocol, Windows Portable Device Enumerator Service, Windows Print Spooler Components, Windows Resilient File System (ReFS), Windows Secure Channel, Windows Security Support Provider Interface, Windows Server Remotely Accessible Registry Keys, Windows Server Service, Windows Storage, Windows TCP/IP, Windows USB Serial Driver, Windows Web Account Manager, Windows Win32K, Windows WLAN Service, Windows Workstation Service.

Recommendations

• Keep applications and operating systems running at the current released patch level.

• Run software with the least privileges.

Microsoft SQL Servers Backdoored with Newly Identified Malware named “Maggie”

Threat Reference: Global

Risks: Malware

Advisory Type: Threats

Priority: Standard

Security researchers observed a new malware called “Maggie” which deployed using Signed Extended Stored Procedure DLL file on Microsoft SQL Servers. To execute the backdoor, attackers placed the ESP file in a directory which MSSQL server had access, using valid credentials. After execution, it controlled through client connection which allowed to fetch user-supplied SQL queries, interact with sensitive files, querying for system information, executing programs, interacting with files and folders, enabling remote desktop services, running a SOCKS5 proxy, and setting up port forwarding.

Maggie backdoor also allows the attacker to perform brute forcing on other MSSQL server admin logins and to drop a hardcoded backdoor user on the successful authenticated server.

Recommendations

  • Keep Anti-malware solutions at endpoint and network level always updated.
  • Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints.
  • Monitor your IT infrastructure 24×7 for cybersecurity attacks and suspicious activities.

Palo Alto Released Security Update to Fix Authentication Bypass in PAN-OS 8.1 Web Interface

Threat Reference:  Global

Risks: Authentication Bypass

Advisory Type: Updates/Patches

Priority: Standard

An authentication bypass vulnerability has been discovered in Palo Alto Networks PAN-OS 8.1 web interface. Where it allows an attacker to gain access to the web interface of vulnerable device.

Recommendation:

• It is recommended to update the affected products to their latest available versions/patch level.

Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.

Or if you suspect a security incident, you can report an incident here.