The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Microsoft released its monthly security update on Tuesday 14th December 2021, disclosing 67 vulnerabilities across its suite of products.
This Patch Tuesday, the breakdown of vulnerabilities includes 7 Critical ratings, and 6 zero-days, one of which is being actively exploited.
CVE-2021-41333 – Windows Print Spooler Elevation of Privilege
CVE-2021-43240 – NTFS Set Short Name Elevation of Privilege bug
CVE-2021-43880 – Elevation of Privilege in Windows Mobile Device Management
CVE-2021-43883 – Privilege escalation impacting Windows Installer
CVE-2021-43890 – Windows AppX Installer Spoofing
CVE-2021-43893 – Elevation of Privilege in Windows EFS
With this round of patches, Microsoft has addressed a total of 887 CVEs in 2021, according to stats by the Zero Day Initiative and zdnet.
A full list of Microsoft’s December 2021 Patches, their CVE’s severities, and updates can be found here: Microsoft Security Response Center
A zero-day was discovered in the Apache Log4j 2 library, which is a common logging utility featured in applications and services built using Java technology. The vulnerability, coined Log4Shell and tracked as CVE-2021-44228, can allow an attacker to perform remote code execution on systems that use vulnerable versions of Log4j. Exploiting this vulnerability is considered trivial and can be achieved with as little as a single line of code.
The earliest non-vulnerable version of the library is 2.17.0 (as of 21/12/2021). If an earlier version of the library is found to be in use by organisations, then it should be updated to the latest version.
Further information regarding this vulnerability can be found here: sbrcentre.co.uk
Google has released patches for five vulnerabilities in the Chrome web browser. One of the five vulnerabilities has been exploited in the wild. The Use-After-Free bug (meaning referencing memory after is has been freed) can cause the application to crash, become corrupted, or even execute code. Tracked as CVE-2021-4102, the bug exists in the V8 JavaScript and WebAssembley engine. The other four CVEs can be seen below.
CVE-2021-4099 – use after free vulnerability
CVE-2021-4100 – object lifecycle issue
CVE-2021-4101 – Heap buffer overflow vulnerability
CVE-2021-4098 – Insufficient Data Validation Issue
It is recommended that Google Chrome users update to the latest version, which is currently 96.0.4664.110.
Apple has released a series of updates for its operating systems, including iOS, macOS, tvOS, and watchOS. Among the addressed issues are two memory corruption vulnerabilities and two buffer overflow vulnerabilities, which could allow rogue applications to run malicious code. Furthermore, issues in which a person can retrieve passwords and sensitive data from the lock screen have been resolved. A macOS issue was also patched, in which a local user could exploit the Wi-Fi module to cause unexpected system termination.
It is recommended that Apple OS users update their devices to their most recent versions.
The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]
Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialogSciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]
Read more Scottish Information Sharing Network (SciNET Group) in modal dialogThe NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]
Read more Early Warning Service in modal dialog