CyberScotland Bulletin

Microsoft released its monthly security update on Tuesday 12th April 2022, patching 128 issues across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes 10 Critical issues, with the remaining 115 being labelled as Important. There has been one actively exploited flaw (CVE-2022-24521, CVSS score: 7.8) and relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS).

The main critical vulnerabilities to note are addressed below:

• CVE-2022-24521 – Relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS)
• CVE-2022-26904 – Concerns a case of privilege escalation in the Windows User Profile Service, successful exploitation of which “requires an attacker to win a race condition.”
• CVE-2022-26809 – Remote code execution vulnerability that affects the RPC Runtime Library
• CVE-2022-24491and CVE-2022-24497 – Remote code execution vulnerability that affects the Windows Network File System
• CVE-2022-24541 – Remote code execution vulnerability that affects the Windows Server Service
• CVE-2022-24500 – Remote code execution vulnerability that affects Windows SMB
• CVE-2022-23259 – Remote code execution vulnerability that affects Microsoft Dynamics 365

As reported by The Hacker News, this month’s patches addressed 18 flaws in Windows DNS Server, 1 information disclosure flaw and 17 remote code execution flaws.

A full list of Microsoft’s April 2022 patches can be found here: Microsoft Security Response Centre

Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defence evasion abilities and staying under the radar. According to Hacker News, a recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files).

SolarMarker, also called Jupyter, leverages manipulated search engine optimization (SEO) tactics as its primary infection vector. It’s known for its information stealing and backdoor features, enabling the attackers to steal data stored in web browsers and execute arbitrary commands retrieved from a remote server.

You can read more about this from Hacker News here.

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.

CVE-2022-20695 is rated at a 10 out of 10 and allows an attacker to bypass the security controls on the management interface of WLC.

You can read more about this bug from Hacker News here.

VMware have rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.

Affected versions include 10.1.x, 10.2.x, and 10.3.x, with fixes available in versions 10.1.4.1, 10.2.2.3, and 10.3.3. The company has also published workarounds that can be followed when upgrading to a recommended version is not an option.

CVE-2022-22966 has a severity rating of 9.1 out of 10 and is a remote code execution vulnerability.

You can read more about this vulnerability for Hacker News here.