Threat Report 11/7/24
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could enable arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs, view, change, or delete data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.
Affected Systems:
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could enable arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs, view, change, or delete data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.
Affected Systems:
Risk
Remediation Recommendations
References
Microsoft sustained a DDoS attack on July 30th that disrupted a range of Azure services, as well as Microsoft 365 and Microsoft Purview services, BleepingComputer reports. Notably, Microsoft's DDoS mitigation mechanisms actually exacerbated the attack. The company stated, "While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it." The company hasn't offered details on how this occurred but says it will publish a post-incident review within two weeks.
Microsoft has warned that several ransomware actors are exploiting a vulnerability (CVE-2024-37085) in ESXi hypervisors that can be used to obtain full administrative permissions. VMware has issued patches for the flaw. Microsoft stated, "Microsoft security researchers identified a new post-compromise technique utilized by ransomware operators like Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest in numerous attacks. In several cases, this technique has led to Akira and Black Basta ransomware deployments. The technique includes running the following commands, which results in the creation of a group named 'ESX Admins' in the domain and adding a user to it."
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to apply patches by August 20th.
Insurance services provider Parametrix estimates that the total direct costs faced by Fortune 500 companies due to last week's CrowdStrike outage will reach approximately $5.4 billion, ComputerWeekly reports. The outage, which was caused by a faulty CrowdStrike update that crashed Windows machines, affected around 25% of Fortune 500 firms, most heavily impacting airlines, hospitals, and banks.
Software and IT companies (excluding Microsoft) were among the least affected, likely due to their greater reliance on Linux systems. Parametrix notes, "This could be viewed as a silver lining, because a high impact on this sector would have resulted in an even larger ripple effect, given this sector includes some of the largest service providers in the world."
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which...
Multiple Vulnerabilities in Google ChromeCould Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered in Google Chrome,...