CyberScotland Bulletin

Technical Bulletin April 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

Microsoft released its monthly security update on Tuesday 12th April 2022, patching 128 issues across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes 10 Critical issues, with the remaining 115 being labelled as Important. There has been one actively exploited flaw (CVE-2022-24521, CVSS score: 7.8) and relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS).

The main critical vulnerabilities to note are addressed below:

  • CVE-2022-24521 – Relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS)
  • CVE-2022-26904 – Concerns a case of privilege escalation in the Windows User Profile Service, successful exploitation of which “requires an attacker to win a race condition.”
  • CVE-2022-26809 – Remote code execution vulnerability that affects the RPC Runtime Library
  • CVE-2022-24491and CVE-2022-24497 – Remote code execution vulnerability that affects the Windows Network File System
  • CVE-2022-24541 – Remote code execution vulnerability that affects the Windows Server Service
  • CVE-2022-24500 – Remote code execution vulnerability that affects Windows SMB
  • CVE-2022-23259 – Remote code execution vulnerability that affects Microsoft Dynamics 365

As reported by The Hacker News, this month’s patches addressed 18 flaws in Windows DNS Server, 1 information disclosure flaw and 17 remote code execution flaws.

A full list of Microsoft’s April 2022 patches can be found here: Microsoft Security Response Centre

Section New SolarMarker Malware Variant Using Revised Methods to Stay Under the Radar

New SolarMarker Malware Variant Using Revised Methods to Stay Under the Radar

Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defence evasion abilities and staying under the radar. According to Hacker News, a recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files).

SolarMarker, also called Jupyter, leverages manipulated search engine optimization (SEO) tactics as its primary infection vector. It’s known for its information stealing and backdoor features, enabling the attackers to steal data stored in web browsers and execute arbitrary commands retrieved from a remote server.

You can read more about this from Hacker News here.

Section Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.

CVE-2022-20695 is rated at a 10 out of 10 and allows an attacker to bypass the security controls on the management interface of WLC.

You can read more about this bug from Hacker News here.

Section Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

VMware have rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.

Affected versions include 10.1.x, 10.2.x, and 10.3.x, with fixes available in versions 10.1.4.1, 10.2.2.3, and 10.3.3. The company has also published workarounds that can be followed when upgrading to a recommended version is not an option.

CVE-2022-22966 has a severity rating of 9.1 out of 10 and is a remote code execution vulnerability.

You can read more about this vulnerability for Hacker News here.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page