Critical Patches Issued for Microsoft Products
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.
Affected Systems:
- Many popular Microsoft products including, but not limited to, Windows, Office, and Exchange Server
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
References
Vulnerability in Apple Products
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.
Affected Systems:
- Safari versions prior to 18.1.1
- iOS versions prior to 18.1.1 and iPadOS versions prior to 18.1.1
- iOS versions prior to 17.7.2 and iPadOS versions prior to 17.7.2
- macOS Sequoia versions prior to 15.1.1
- visionOS versions prior to 2.1.1
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure Apple software has the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it
References
Multiple Vulnerabilities in google chrome
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the user's associated privileges, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.
Affected Systems:
- Chrome versions prior to 131.0.6778.69/.70 for Windows and Mac
- Chrome versions prior to 131.0.6778.69 for Linux
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all devices using Google Chrome have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Palo Alto Networks Warns of PAN-OS Zero-Day Exploitation
The Record reports that Palo Alto Networks has confirmed that threat actors are exploiting a recently discovered vulnerability affecting its PAN-OS firewall management interface. The vulnerability (CVE-2024-0012) has been assigned a CVSS score of 9.3, and the company urges customers to apply mitigations as soon as possible. Palo Alto stated, "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474." The company added that it's "observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network."
CISA Director Jen Easterly Will Depart in January
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Fortinet flaw (CVE-2024-23113) to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal agencies to patch the flaw by October 30th. Fortinet fixed the flaw in February, but many devices remain unpatched. CyberScoop notes that, as of Sunday, more than 86,000 IP addresses were vulnerable.
The flaw is a format string vulnerability affecting Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb, allowing "a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests." The vulnerability was assigned a CVSS score of 9.8.
