As we all know, none of the issues that Google patched were exploited in the attack, but if the update is available to you, it’s best to apply it as soon as possible.
Microsoft Patch Tuesday is an important patch because it comes with fixes for vulnerabilities already used in attacks. The zero-day vulnerability, tracked as CVE-2022-37969, is a privilege escalation issue in the Windows Common Journaling File System driver that could allow an attacker to take control of a machine.
The zero-day vulnerability is one of 63 vulnerabilities patched by Microsoft, five of which are rated critical. These include CVE-2022-34722 and CVE-2022-34721, Remote Code Execution (RCE) flaws in Windows Internet Key Exchange (IKE), both with a CVSS score of 9.8.
In late September, Microsoft released an out-of-band security update for a spoofing vulnerability in its Endpoint Configuration Manager, tracked as CVE 2022 37972.
Encrypted messaging service WhatsApp has released updates to fix two vulnerabilities that could lead to remote code execution. CVE-2022-36934 is an integer overflow issue in WhatsApp for Android prior to v184.108.40.206, Business for Android prior to v220.127.116.11, iOS prior to v18.104.22.168, and Business for iOS prior to v2. 22.16.12, which could lead to remote code execution in video calls.
Meanwhile, CVE-2022-27492 is an integer underflow vulnerability prior to WhatsApp for Android v22.214.171.124 and WhatsApp for iOS v126.96.36.199 that could allow remote code execution by someone receiving a crafted video file. WhatsApp Security Advisory.
WhatsApp patched these vulnerabilities about a month ago, so if you’re running the current version, you should be safe.
HP has fixed a critical issue with the Support Assistant tool that comes preinstalled on all of its laptops. Privilege escalation bug in HP Support Assistant is listed as a high severity issue, tracked as CVE-2022-38395.
HP has released only limited details about the vulnerability on its support page, but those with affected devices should make sure to update immediately.
SAP’s September Patch Day released 16 new and updated patches, including three high-priority fixes for SAP Business One, SAP BusinessObjects, and SAP GRC.
The SAP Business One fix fixes the unreferenced service path vulnerability and is the most critical of the three fixes. Security firm Onapsis said an attacker could exploit the flaw “to execute an arbitrary binary when a vulnerable service starts, which could allow it to escalate privileges to SYSTEM.”
The second fix for SAP BusinessObjects fixes an information disclosure vulnerability. “In some cases, the vulnerability could allow an attacker to access unencrypted sensitive information in the central management console of the SAP BusinessObjects business intelligence platform,” Onapsis said in its blog.
A third high priority note affecting SAP GRC customers may allow an authenticated attacker to access a Firefighter session even if it is closed in Firefighter Logon Pad.
Software giant Cisco has released a patch to fix a high-severity security issue in the container-bonded configuration of SD-WAN vManage software. The vulnerability, tracked as CVE-2022-20696, could allow an unauthenticated attacker to access the VPN0 logical network to access the message service port on the affected system.
“A successful exploit could allow an attacker to view and inject messages into the messaging service, which could result in configuration changes or cause a system reload,” Cisco warned in an advisory.
Security firm Sophos has just patched an RCE vulnerability in its firewall product that it said has been used in attacks. The code injection vulnerability CVE-2022-3236 was found in Sophos Firewall’s user portal and Webadmin.
“Sophos observed this vulnerability being used to target a small number of specific organizations, primarily in the South Asian region,” the company said in a security advisory.
WP Gateway WordPress Plugin
A vulnerability in a WordPress plugin called AP Gateway has been exploited. A privilege escalation vulnerability, tracked as CVE-2022-3180, could allow an attacker to add a malicious user with administrator privileges to take over the site running the plugin.
Ram Gall, Senior Threat Analyst at Wordfence, said: “As this is an actively exploited zero-day vulnerability and attackers already know the mechanisms required to exploit it, we are issuing this public service announcement to all users, adding that certain Details are intentionally withheld to prevent further exploitation.
Leave a Reply