HTG Threat Report

Threat Report 3/21/24

Written by Evan Kennedy | Mar 22, 2024 4:08:43 PM
VMware Issues Emergency Patches for Critical Vulnerabilities    

VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. Below are the vulnerabilities that remediated with the VMware-provided patches: 

  • CVE-2024-22252: a use-after-free vulnerability in XHCI USB controller with a maximum severity range of 9.3 for Workstation/Fusion and a base score of 8.4 for ESXi. Someone with local administrative privileges on a virtual machine can execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox, whereas, on Workstation and Fusion, this could lead to code execution on the machine where Workstation or Fusion is installed. 
  • CVE-2024-22253: a use-after-free vulnerability in UHCI USB controller with a maximum severity rating of 9.3 for Workstation/Fusion and a base score of 8.4 for ESXi. Exploitation requirements and outcomes are the same as for CVE-2024-22252. 
  • CVE-2024-22254: an out-of-bounds write vulnerability with a maximum severity base score of 7.9. This vulnerability makes it possible for someone with privileges within the VMX process to trigger an out-of-bounds write, leading to a sandbox escape. 
  • CVE-2024-22255: an information disclosure vulnerability in the UHCI USB controller with a maximum CVSSv3 base score of 7.1. Someone with administrative access to a virtual machine can exploit it to leak memory from the vmx process. 

 

 

Affected Systems:

  • ESXi 6.5 
  • ESXi 6.7 
  • ESXi v7.0 
  • ESXi v8.0 
  • Workstation v17.x 
  • Fusion v13.x (masOC) 
  • VCF 3.x 
  • Cloud Foundation (VCF) v5.x/4.x 

Remediation Recommendations

  • Ensure all devices with VMware products have the latest versions installed. 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

 

Critical Patches Issued for Microsoft Products       

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

 

Affected Systems:

  • Popular Microsoft products including, but not limited to, Office, Hyper-V, and Defender 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all Microsoft products have the latest version(s) installed 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 


References

 
Vulnerabilities in Adobe Products
Could Allow for Arbitrary Code Execution
  
   

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. 

 

Affected Systems:

  • Adobe Experience Manager version 6.5.19.0 and earlier
  • Adobe Premiere Pro version 23.6.2 and earlier
  • Adobe Premiere Pro version 24.1 and earlier
  • Adobe ColdFusion 2021 update 12 and earlier
  • Adobe ColdFusion 2023 update 6 and earlier
  • Adobe Bridge version 13.0.5 and earlier
  • Adobe Bridge version 14.0.1 and earlier
  • Adobe Lightroom version 7.1.2 and earlier
  • Adobe Animate 2023 version 23.0.3 and earlier
  • Adobe Animate 2024 version 24.0 and earlier 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices running Adobe products have the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 



References

 
Multiple Vulnerabilities in Mozilla Products
Could Allow for
Arbitrary Code Execution
 

 

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.   

  • Mozilla Firefox is a web browser used to access the Internet. 
  • Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. 
  • Mozilla Thunderbird is an email client. 

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

 

Affected Systems:

  • Firefox ESR versions prior to 115.9 
  • Thunderbird versions prior to 115.9 
  • Firefox versions prior to 124 



Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices running Mozilla products have the latest version(s) installed 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References


 
Privilege Escalation Technique
Affects Active Directory Environments
   

Akamai this morningreleaseda report describing "a new privilege escalation technique affecting Active Directory (AD) environments that leverages the DHCP administrators' group." The researchers explain, "In cases where the DHCP server role is installed on a Domain Controller (DC), this could enable them to gain domain admin privileges." Akamai notes, "The technique is based on abuse of legitimate features and doesn’t rely on any vulnerability. Therefore, a fix for it doesn’t exist."