Technical Support: 412-349-6678 | Incident Response

Recent Vulnerabilities and Defining Why They Matter

Recent patches and defining vulnerabilities

After discussing updates for much of the last few weeks, we won’t cover this month’s Windows patching Tuesday in too much detail. However, some recent patches are just too important to ignore.

Last week’s VMware’s urgent patching announcement is followed by this week’s warning that attackers are now attempting to exploit the vulnerability.

Attackers continue to create malware more quickly and increasingly easy to acquire. So, in order to ensure proper risk assessment & management, it’s important to understand what these vulnerabilities mean.

Let’s took a look at some of the latest, and what they mean to your business.

Recent Vulnerabilities of Priority

In this week’s patched vulnerabilities, let’s start with two flaws flagged by the US Cybersecurity and Infrastructure Security Agency (CISA) for immediate remediation. Although both recent vulnerabilities are actively exploited, they also have available patch updates.

The first applies primarily to servers, and involves a path-traversal bug in the UnRAR utility for Unix and Linux systems. The flaw allows the attackers to bypass antivirus controls to extract malware from container files and place them into trusted directories for execution.

The second flaw, CVE-2022-34713, also known as DogWalk (and related to the Follina Bug) allows attackers to exploit the Windows Support Diagnostics Tool.

Now, you should know that some Exchange servers require administrators to manually enable Extended Protection to fully block attacks. Just make sure you verify your systems receive the fixes they require.

Computer with Ransomware
Related: Can Microsoft prevent these ransomware trends? (click image to read more)

Explaining Windows & Other Vendor Vulnerabilities

In total, Microsoft issued patches for 118 security issues, nearly three times the number of vulnerabilities patched last August. As if this wasn’t enough work, patching teams also received updates on the same day for:

  • Adobe: 25 vulnerabilities in 5 products including Adobe Acrobat & Reader
  • Cisco: including 2 critical and 2 high vulnerabilities
  • SAP: including 1 critical and 1 high vulnerability

How can you explain and prioritize these recent vulnerabilities in the simplest terms?

Let’s break down and define the vulnerabilities cited by these vendors.

  • Authentication Bypass: These vulnerabilities allow attackers to gain access without interference from authentication controls.
  • Denial of Service: The software, hardware, or network may be disabled and rendered non-functioning through exploits.
  • Elevation of Privilege: The attacker can use the vulnerability to gain rights or privileges that would normally be denied to their software or current user identity. Those rights can then be used for other malicious purposes (typically data access, malware execution, or changing security settings).
  • Information Disclosure: Data or security elements (passwords, directory indexing, RSA private keys, etc.) might be extracted through this vulnerability.
  • Insufficient Validation of Untrusted Input: When software fails to properly validate input, the unvalidated input could lead to crashes, erratic behavior of the software, or even security exploits. The impact depends upon the software and function that contains the vulnerability.
  • Memory Leak: This vulnerability can cause the software to fail to release memory and impair system performance.
  • Remote Code Execution: The attacker can execute code or run programs (usually malware or hacking tools) with reduced or no restriction.
  • Path Traversal Bug: Attackers can gain access to restricted directories to index them or deploy malicious files.
  • Spoofing: This vulnerability allows an attacker to impersonate an authorized or trusted user, software, or device.
Secure File Sharing
Recent: Secure file sharing: Should you use Outlook, OneDrive, or Teams? (click image to read more)

Memory Leak Issues

Memory leaks don’t impact security, but instead slow or crash computers.

The good news?

Failure to patch memory leak issues remains more of an annoyance than a danger. However, over time, it’s possible that delays caused by slower speeds and crashes add up to significant lost time.

They might not pose a security risk, but they’re not exactly something you want lingering, either.

One-Domino Issues

Picture a line of dominoes, standing neatly in a line. Push one over, it knocks the next one down, and starts a chain reaction of falling dominoes.

That’s where this term comes from. One issue leads to another, which can lead to another, and so forth, down the line.

Although hardly an official category, ‘one-domino’ phrasing helps those not normally exposed to the cybersecurity world understand certain flaws.

You see, these vulnerabilities don’t lead to a breach or exploit on their own. Instead, ‘one-domino’ issues are used in combination with other vulnerabilities or attacks.

Elevation of Privilege, Information Disclosure, Insufficient Validation, Path Traversal, Security Feature Bypass, and Spoofing all open doors into security structures.

Though they start as the beginnings of problems, with further work, attackers can eventually find their way through your systems.

Direct Attack Issues

In contrast to memory leaks & one-domino issues, direct attack problems pose much more immediate threats.

For instance, Denial of Service and Remote Code Execution can do direct damage without any additional work for attackers.

If left unpatched, an attacker simply needs access to cause damage.

While all recent vulnerabilities should get your attention, direct attack issues pose immediate threats.

Fixing Recent Vulnerabilities

Ultimately, the danger of an unpatched vulnerability depends upon where it is located.

A direct attack issue in an isolated system will be less dangerous than a one-domino vulnerability in a device exposed to the internet or other aspects your business.

Fortunately, you don’t need to understand the ins-and-outs of all recent vulnerabilities, attacks, and patches.

That is, as long as you have a partner you can trust does.

That’s exactly where outsourcing comes into play.

If you would like help patching or understanding your exposure, Ideal Integrations can help, along with the support of our cybersecurity division, Blue Bastion Cyber Security. Simply contact us at 412-349-6680, or fill out the form below.

Our team of experts will gladly provide a no-obligation consultation of potential next steps and solutions.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.