CyberScotland Bulletin

Technical Bulletin February 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday 8th February 2022, disclosing 51 vulnerabilities across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes only 1 “moderate” rating, with the remaining labelled as “important”. This month has been one of the few times that no critical vulnerability has been published. Additionally, no vulnerabilities this time around have been found to be actively exploited.

One vulnerability addressed is a zero-day that has been classified as CVE-2022-21989. This issue relates to a privilege escalation bug in Windows Kernel. In Microsoft’s FAQ, they advised that an attack could be preformed from a low privilege AppContainer. A malicious actor could elevate privileges and execute code or access resources.

Overall, Microsoft’s February release address vulnerabilities in Windows, Microsoft Edge, Microsoft Office and Office Components, SQL Server, Visual Studio Code and Microsoft teams, among others.

More information can be found with this link: thehackernews.com

Section Google Chrome Urgent Update

Google Chrome Urgent Update

This month, Google has addressed 11 security issues in the Chrome web browser, one of which is a zero-day being actively exploited. The vulnerability, classified as CVE-2022-0609, is a use-after-free vulnerability in it’s animation component. Use-after-free refers to an issue where an attacker can cause a program to crash, use unexpected values, or execute malicious code.

The main 8 issues in this patch are highlighted in the release update found with this link: Chrome Releases

Chrome users are therefore highly recommended to update their browser to it’s latest version, which is currently 98.0.4758.102.

Section Apple WebKit Vulnerability

Apple WebKit Vulnerability

Apple has released security updates for iOS, iPadOS, macOS, and Safari, which address a zero-day vulnerability being actively exploited. The flaw relates to the WebKit browser engine, in which attackers can execute arbitrary code after processing malicious web content.

The vulnerability is classified as CVE-2022-22620, and relates to a use-after-free exploit, allowing an attacker can cause a program to crash, use unexpected values, or execute malicious code. The company noted in a statement that they are “aware of a report that this issue may have been actively exploited”.

The separate security updates which patch this issue are as follows:

It is recommend that Apple users update all their devices to their latest versions to mitigate this vulnerability. A guide on updating devices can be found at support.apple.com and further information on the issue is discussed at threatpost.com.

Section Flaw in Cisco Small Business RV Series Routers

Flaw in Cisco Small Business RV Series Routers

A number of critical vulnerabilities relating to Cisco Small Business RV Series Routers have been patched by Cisco. Exploits such as privilege escalation, denial of service, and execution of malicious code are possible on affected devices. Proof-of-concept code also exists which can be used to target several of these known vulnerabilities, according to the company.

Three of the discovered issues have been given the highest severity rating possible, and are highlighted below.

Cisco have highlighted that there are no current workarounds that address any of these vulnerabilities, and software updates have since been released to patch the issues.

A full list of the affected products and associated vulnerabilities can be found at tools.cisco.com. Software updates should be applied to any affected routers as soon as possible.

 

Section Join the CiSP Network

Join the CiSP Network

The Cyber Security Information Sharing Partnership is a joint initiative between government and industry to share cyber threat information in a secure and confidential environment.

Organisations that are proactive in their approach for the management and handling of cyber security should consider joining CiSP to keep up with emerging threats.

Your organisation can register to join CiSP here. If your organisation is looking for a sponsor please contact the Cyber Resilience Unit at the Scottish Government at [email protected]

When your organisation has joined, you can register as an individual here.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Scottish Business Resilience Centre
Back to top of the page