Monthly Advisory • 10 MIN READ
November Threat Advisory – Top 5
by Eleanor Barlow • Nov 2022
SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of November 2022.
OpenSSL Fixes Two High Severity Vulnerabilities in Open SSL 3.0.7
Threat Reference: Global
Risks: Potential Remote Code Execution, Denial of Service
Advisory Type: Updates/Patches
Priority: Standard
Two High severity vulnerability were fixed in OpenSSL 3.0.7. Buffer overflow vulnerability can be triggered in X.509 certificate verification, successful exploitation can lead to denial of service or potential remote code execution.
Organizations should proactively check for the presence of OpenSSL usage and especially for internet facing.
In case of TLS client, this vulnerability can be triggered by connecting to a malicious server.
In case of TLS server, this vulnerability can be triggered if the server requests client authentication and a malicious client connects.
Affected Versions:
- OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this issue.
- OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Recommendation:
It is recommended to update vulnerable affected version to OpenSSL version 3.0.7.
Apple Released Patch to Fix Two High Severity Vulnerabilities Affecting MacOS, iOS, iPad Devices.
Threat Reference: Global
Risks: Arbitrary Code Execution
Advisory Type: Updates/Patches
Priority: Standard
Apple released a security update to fix two high severity vulnerabilities affecting MacOS, iOS, iPad devices. Successful exploitation of these vulnerabilities will lead to arbitrary code execution.
Affected Devices
• iPhone 8 and later
• iPad Pro (all models)
• iPad Air 3rd generation and later
• iPad 5th generation and later
• iPad mini 5th generation and later
• macOS Ventura
Recommendation:
It is recommended to update the affected products to the latest fixed versions.
F5 Released Patch to Fix Critical Vulnerabilities on F5 BIG-IP and BIG-IQ Devices
Threat Reference: Global
Risks: Remote Code Execution, Cross-Site Request Forgery (CSRF)
Advisory Type: Updates/Patches
Priority: Standard
F5 has patched critical remote code execution vulnerability having a CVSS Score 8.7 in iControl REST and cross-site request forgery (CSRF) having CVSS Score 8.8 in iControl Simple Object Access Protocol (SOAP) component of the F5 BIG-IP and BIG-IQ devices respectively.
Recommendations
• It is recommended to update F5 BIG-IP and BIG-IQ to latest fixed versions.
Microsoft Released November Patch Tuesday for 68 Flaws Including 6 Zero-day Vulnerabilities
Threat Reference: Global
Risks: Elevation of Privilege Vulnerability, Remote Code Execution
Advisory Type: Updates/Patches
Priority: Standard
Microsoft have released their November 2022 Patch Tuesday to fix 68 vulnerabilities which includes 11 Critical severity vulnerabilities. Successful exploitation of this vulnerabilities could result in privilege elevation, spoofing, or remote code execution.
Affected Products:
• .NET Framework
• AMD CPU Branch
• Azure
• Azure Real Time Operating System
• Linux Kernel
• Microsoft Dynamics
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Word
• Network Policy Server (NPS)
• Open Source Software
• Role: Windows Hyper-V
• SysInternals
• Visual Studio
• Windows Advanced Local Procedure Call
• Windows ALPC
• Windows Bind Filter Driver
• Windows BitLocker
• Windows CNG Key Isolation Service
• Windows Devices Human Interface
• Windows Digital Media
• Windows DWM Core Library
• Windows Extensible File Allocation
• Windows Group Policy Preference Client
• Windows HTTP.sys
• Windows Kerberos
• Windows Mark of the Web (MOTW)
• Windows Netlogon
• Windows Network Address Translation (NAT)
• Windows ODBC Driver
• Windows Overlay Filter
• Windows Point-to-Point Tunnelling Protocol
• Windows Print Spooler Components
• Windows Resilient File System (ReFS)
• Windows Scripting
• Windows Win32K
Recommendation:
• Keep applications and operating systems running at the current released patch level.
• Run software with the least privileges.
VMware Fixed Multiple Vulnerabilities Including 3 Critical in VMware Workspace ONE
Threat Reference: Global
Risks: Authentication Bypass
Advisory Type: Updates/Patches
Priority: Standard
VMware has released security updates to address multiple vulnerabilities including 3 Critical in VMware Workspace ONE which allows a remote attacker to gain administrative access without the need to authenticate to the application.
Affected Product: VMware Workspace ONE
Recommendation:
It is recommended to update the affected products to their latest available versions/patch level.
Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.
Or if you suspect a security incident, you can report an incident here.