HTG Threat Report

Threat Report 9/21/23

Written by Evan Kennedy | Sep 21, 2023 8:00:00 PM
Multiple Vulnerabilities in Apple Products
Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Affected Systems:

  • macOS Big Sur prior to 11.7.10
  • macOS Monterey prior to 12.6.9
  • iOS prior to 15.7.9
  • iPadOS prior to 15.7.9

 

Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure Apple software has the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

 

Critical Patches Issued for Microsoft Products

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Systems:

  • .NET and Visual Studio
  • .NET Core & Visual Studio
  • .NET Framework
  • 3D Builder
  • 3D Viewer\
  • Azure DevOps
  • Azure HDInsights
  • Microsoft Azure Kubernetes Service
  • Microsoft Dynamics
  • Microsoft Dynamics Finance & Operations
  • Microsoft Exchange Server
  • Microsoft Identity Linux Broker
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Streaming Service
  • Microsoft Windows Codecs Library
  • Visual Studio
  • Visual Studio Code
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Defender
  • Windows DHCP Server
  • Windows GDI
  • Windows Internet Connection Sharing (ICS)
  • Windows Kernel
  • Windows Scripting
  • Windows TCP/IP
  • Windows Themes

 

Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all Microsoft products have the latest version available installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code Execution

A vulnerability has been discovered in Mozilla products, which could allow for arbitrary code execution.

· Mozilla Firefox is a web browser used to access the Internet.

· Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.

· Mozilla Thunderbird is an email client.

Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Systems:

  • Firefox ESR versions prior to 102.15.1
  • Firefox ESR versions prior to 115.2.1
  • Firefox versions prior to 117.0.1
  • Thunderbird versions prior to 102.15.1
  • Thunderbird versions prior to 115.2.2

Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all Mozilla products have the latest version available installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

 

Multiple Vulnerabilities in Adobe Products
Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

· Adobe Acrobat is used to view, create, print, and manage PDF files

· Adobe Reader is used to view, create, print, and manage PDF files

· Adobe Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms

· Adobe Connect is a suite of software for remote training, web conferencing, presentation, and desktop sharing

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Systems:

  • Acrobat DC versions 23.003.20284 and earlier
  • Acrobat Reader DC versions 23.003.20284 and earlier
  • Acrobat 2020 versions 20.005.30516 (Mac) and earlier
  • Acrobat 2020 versions 20.005.30514 (Win) and earlier
  • Acrobat Reader 2020 versions 20.005.30516 (Mac) and earlier
  • Acrobat Reader 2020 versions 20.005.30514 (Win) and earlier
  • Adobe Experience Manager (AEM) AEM Cloud Service (CS) versions 2023.8 and earlier
  • Adobe Experience Manager (AEM) versions 6.5.17.0 and earlier
  • Adobe Connect versions 12.3 and earlier

 

Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendation

  • Ensure all Adobe products have the latest version available installed
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

References

 Costs of Insider Risk

DTEX Systems has published a report conducted by the Ponemon Institute looking at the costs of insider risk: “The average annual cost of an insider risk has increased to $16.2M – a 40% increase over four years.

Meanwhile, the average number of days to contain an insider incident has increased to 86 days.” The report also found that the vast majority (90%) of insider risk budgets are spent after an insider incident has already occurred: “Only 10% of insider risk management budget (averaging $63,383 per incident) was spent on pre-incident activities: $33,596 on monitoring and surveillance, and $29,787 on ex-post analysis (this includes activities to minimize potential future insider incidents and steps taken to communicate recommendations with key stakeholders). The remaining 90% (averaging $565,363 per incident) was spent on post-incident activity cost centers: $179,209 on containment, $125,221 on remediation, $117,504 on investigation, $113,635 on incident response, and $29,794 on escalation.”