Threat Report 7/19/24

A Vulnerability in OpenSSH
Could Allow for Remote Code Execution   

A vulnerability has been discovered in OpenSSH, which could allow for remote code execution. OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It is widely used in enterprise environments for remote server management, secure file transfers, and various DevOps practices. Successful exploitation of this vulnerability could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  

Affected Systems:

• OpenSSH versions 8.7 and 8.8 and corresponding portable versions 

Risk

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all hosts using OpenSSH have the latest version(s) installed.
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

• http://www.openwall.com/lists/oss-security/2024/07/08/2

Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

Affected Systems:

• Chrome prior to 126.0.6478.182/183 for Windows and Mac  

• Chrome prior to 126.0.6478.182 for Linux 

Risk

• Large and medium business entities: High
• Small business entities: High

Remediation Recommendations

• Ensure all devices using Google Chrome have the latest version(s) installed 
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 
  
  

References

• https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html

Critical Patches Issued for Microsoft Products 

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

Affected Systems:

• SQL Server 
• Windows CoreMessaging
• Windows Secure Boot 

• Windows MultiPoint Services 

• Microsoft Dynamics 

• Windows Remote Access Connection Manager 

• Windows NTLM 

• Windows Cryptographic Services 

• .NET and Visual Studio 

• Microsoft Office SharePoint 

• Azure Network Watcher 

• Azure DevOps 

• Windows iSCSI 

• Windows Server Backup 

• Windows Remote Desktop 

• Windows Message Queuing 

• Windows Performance Monitor 

• Microsoft Office Outlook 

• Microsoft Office 

• Windows Image Acquisition 

• Line Printer Daemon Service (LPD) 

• Windows Themes 

• Windows Online Certificate Status Protocol (OCSP) 

• XBox Crypto Graphic Services 

• Windows PowerShell 

• Windows Filtering 

• Windows Kernel 

• Windows DHCP Server 

• NDIS 

• Windows Distributed Transaction Coordinator 

• Windows Workstation Service 

• Microsoft Graphics Component 

• Microsoft Streaming Service 

• Windows Internet Connection Sharing (ICS) 

• Microsoft Windows Codecs Library 

• Windows BitLocker 

• Windows Win32K - ICOMP 

• Role: Active Directory Certificate Services; Active Directory Domain Services 

• Windows Kernel-Mode Drivers 

• Windows TCP/IP 

• Windows Win32K - GRFX 

• Windows Enroll Engine 

• Windows LockDown Policy (WLDP) 

• Windows Remote Desktop Licensing Service 

• Active Directory Federation Services 

• Role: Windows Hyper-V 

• Windows Win32 Kernel Subsystem 

• Azure Kinect SDK 

• Microsoft Defender for IoT 

• Microsoft WS-Discovery 

• Azure CycleCloud 

• Windows COM Session 

• Windows Fax and Scan Service 

• Windows MSHTML Platform 

Risk

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all Microsoft products have the latest version(s) installed.
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 
  
  

References

• https://msrc.microsoft.com/update-guide/
• https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code Execution 

Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.   

Affected Systems:

• Firefox ESR versions prior to 115.13 

• Firefox versions prior to 128 

Risk

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all versions of all Mozilla products are updated to their latest versions 
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 
  
  

References

• https://www.mozilla.org/en-US/security/advisories/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/
  
  

Multiple Vulnerabilities in Adobe Products
Could Allow for Arbitrary Code Execution 

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

Affected Systems:

• Adobe Premiere Pro 24.4.1 and earlier versions for Windows and macOS. 

• Adobe Premiere Pro 23.6.5 and earlier versions for Windows and macOS. 

• Adobe InDesign ID19.3 and earlier version for Windows and macOS. 

• Adobe InDesign ID18.5.2 and earlier version for Windows and macOS. 

• Adobe Bridge 13.0.7 and earlier versions for Windows and macOS. 
• Adobe Bridge 14.1 and earlier versions for Windows and macOS.
   

Risk

• Large and medium business entities: High
• Small business entities: Medium

Remediation Recommendations

• Ensure all devices utilizing the above software have the latest version installed 
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 
  
  

References

• https://helpx.adobe.com/security/Home.html

• https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html

•  https://helpx.adobe.com/security/products/indesign/apsb24-48.html
• https://helpx.adobe.com/security/products/bridge/apsb24-51.html