seen in June Multiple security updates were released, including critical patches for Google Chrome and Android, among others, and dozens of patches for Microsoft products, including fixes for Windows zero-day vulnerabilities that attackers have exploited. As of this writing, Apple has no updates, but the month also includes some major enterprise patches for Citrix, SAP, and Cisco products.
Here’s what you need to know about the major patches released over the past month.
Microsoft’s June Patch Tuesday was a big deal, and it included fixes for 55 flaws in the tech giant’s products. This Tuesday Patch is particularly important because it addresses an already exploited remote code execution (RCE) issue in Windows, known as Follina, that Microsoft has been aware of since at least May.
Tracked as CVE-2022-30190, Follina exploits a vulnerability in the Windows Support Diagnostic Tool to execute without opening a document, and has been used by multiple criminal groups and state-sponsored attackers.
The three vulnerabilities affecting Windows Server addressed in Patch Tuesday are RCE vulnerabilities, rated critical. However, these patches seem to break some VPN and RDP connections, so be careful.
Updates to the Google Chrome browser are constantly being updated quickly. That’s not a bad thing, as the world’s most popular browser is by default one of the biggest targets for hackers. In June, Google released Chrome 103, which included patches for 14 vulnerabilities, some of them serious.
The biggest flaw, tracked as CVE-2022-2156, is a use-after-free issue in Base reported by Google’s Project Zero Vulnerability Hunt team that could lead to arbitrary code execution, denial of service, or data corruption. Worse yet, when chained with other exploits, the exploit could cause an entire system to be compromised.
Among the multiple Android security issues that Google patched in June, the most serious was a critical security flaw in a system component that could allow remote code execution without additional execution permissions, Google said in its Android security advisory.
Google also released updates for its Pixel devices to patch issues in the Android framework, media framework, and system components.
Samsung users seem to have been lucky with Android updates lately, with the device maker rolling out patches quickly. The June security update is no exception, arriving directly on the Samsung Galaxy Tab S7 series, Galaxy S21 series, Galaxy S22 series, and Galaxy Z Fold 2.
Software maker Cisco released a patch in June to fix a critical vulnerability in Cisco Secure Email and Web Manager and Cisco Email Security Appliances that could allow remote attackers to bypass authentication and log in to affected systems. The device’s web management interface.
Cisco said the issue, tracked as CVE-2022-20798, could be exploited if an attacker entered something specific on the login page of an affected device, which would provide access to a web-based management interface.
Citrix has issued a warning, urging users to patch some major vulnerabilities that could allow attackers to reset administrator passwords. A vulnerability in Citrix Application Delivery Management could allow an unauthenticated remote user to compromise a system, Citrix said in a security advisory. “The impact could include resetting the administrator password on the next device reboot, allowing an attacker with ssh access to connect using the default administrator credentials after the device reboots,” the company wrote.
Citrix recommends separating traffic to Citrix ADM’s IP addresses from standard network traffic. It said this reduces the risk of exploitation. However, the vendor also urges customers to install newer versions of the Citrix ADM Server and Citrix ADM Agent “as soon as possible.”
As part of June Patch Day, software company SAP released 12 security patches, three of which were critical. The first one listed by SAP is related to an update released on April 2018 Patch Day for Google Chromium, a browser control used by corporate business customers. Details of this vulnerability are not available, but it has a severity score of 10, so a patch should be applied immediately.
Another major fix involves an issue in the SAProuter agent in NetWeaver and ABAP platforms that could allow an attacker to execute SAProuter administrative commands from a remote client. The third major patch fixes a privilege escalation bug in SAP PowerDesigner Proxy 16.7.
Splunk has released several out-of-band patches for its enterprise products, fixing issues including critical vulnerabilities that could lead to arbitrary code execution.
The vulnerability, labeled CVE-2022-32158, could allow an attacker to compromise the universal forwarder endpoint and execute code on other endpoints connected to the deployment server. Thankfully, there is no indication that the vulnerability has been used for any real-world attacks.
Ninja Forms WordPress Plugin
Ninja Forms, a WordPress plugin with over one million active installations, fixes a serious issue that could be used by attackers in the wild. “We discovered a code injection vulnerability that allows an unauthenticated attacker to call a limited number of methods in various Ninja Forms classes, including one that deserializes user-supplied content, resulting in object injection ,” said the Security Analyst Intelligence Team for WordPress Wordfence Threats in an update.
This could allow attackers to execute arbitrary code or delete arbitrary files on sites where separate POP chains exist, the researchers said.
This vulnerability has been fully patched in versions 184.108.40.206, 3.1.10, 3.2.28, 220.127.116.11, 18.104.22.168, 22.214.171.124, and 3.6.11. WordPress appears to have performed a forced auto-update for the plugin, so your site may already be using one of these patched versions.
Australian software company Atlassian has released a patch to fix a zero-day vulnerability that has been exploited by attackers. The RCE vulnerability in Confluence servers and data centers is tracked as CVE-2022-26134 and can be used to backdoor servers exposed on the internet.
GitLab has released patches for versions 15.0.1, 14.10.4, and 14.9.5 for GitLab Community and Enterprise Editions. The updates contain important security fixes for eight vulnerabilities, one of which could allow account takeover.
With this in mind, the company “strongly recommends” that all GitLab installations upgrade to the latest version “as soon as possible.” GitLab.com is already running a patched version.