CyberScotland Bulletin

Microsoft released its monthly security update Tuesday 13^th July 2021, disclosing 117 vulnerabilities across its suite of products.

This  Patch Tuesday, the breakdown of vulnerabilities include 13 “Critical” ratings with the rest labelled as “Important” and 1 vulnerability labelled as “Moderate”. Additionally, there has been 4 out of 9 zero-days that have been identified as being currently exploited in the wild. The 4 zero-days are as follows:

• CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability
• CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
• CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
• CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability

As reported by zdnet.com, the products affected by these vulnerabilities are Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows Kernel, and Windows SMB.

The most interesting vulnerability to come from this month’s Patch Tuesday is CVE-2021-34527, notably called “PrintNightmare”. A similar vulnerability had been patched before, but what makes this vulnerability interesting is that guidance was developed on how to exploit it. However, the guidance was actually for an undiscovered but similar CVE; meaning there was now in-depth guidance on how to exploit an active vulnerability.

A full list of Microsoft’s July 2021 Patches, their CVE’s severities, scores, exploits, and disclosures can be found here: SANS Internet Storm Centre.

In a revelation by Amnesty International’s Cybersecurity Team, 50,000 phone numbers extracted through the use of a zero-click (no-user interaction) Trojan that allows full access to a wide range of iOS and Android Smartphones have been revealed online.

The International Human Rights Organisation cybersecurity research team has discovered that the Pegasus Spyware developed by NSO is not just being used to target cyber-criminals and terrorists, nor is it capable of leaving no trace on a victim’s phone. The spyware is capable of breaching any innocent user’s privacy. It has also discovered alarming links that other organisations including various international governmental bodies, have been using the spyware to track various types of users, from public figures within government as well as private citizens. You can read more about it here.

If you are concerned you may have fallen prey to this spyware then utilities have been developed by Amnesty International to help you extract the contents of your phone into an environment within a desktop computer where you can scan the contents for signs of infection. The Mobile Verification Toolkit supports both iOS and Android devices and is available here.

You will also need an indicator of compromise file that has been supplied by Amnesty International .

On Tuesday, the 20th of July, Oracle released its quarterly Critical Patch Update. Within this patch, a whopping 342 fixes were distributed, across the entire range of Oracle products. Some of these vulnerabilities, prior to the patch, could have been exploited by a remote hacker to gain remote control of the affected system.

Out of the 342 fixes, the critical fix was CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that’s remotely exploitable without authentication. Oracle WebLogic Server is a platform for developing, deploying, and running enterprise Java-based applications. This flaw rated a 9.8 out of a maximum 10 on the CVSS scale, a scale used to determine the severity of an exploit, exists within 11.1.2.4 and 11.2.5.0 and within the Oracle Hyperion Infrastructure Technology.

As reported by thehackernews.com, this isn’t the first time a critical exploit has been discovered in the WebLogic server either, earlier this year Oracle shipped the April 2021 patch, which fixed 2 bugs that could be used to execute remote code.

Oracle customers are advised to move quickly to apply the updates and protect systems against potential exploitation.

An elevation-of-privilege vulnerability known as CVE-2021-36934 has been discovered which affects Windows 10 Version 1809 and newer. Most amazingly, this vulnerability also affects Windows 11; an operating system that is yet to be released.

As reported by redmondmag.com, the vulnerability has been given the nickname ‘SeriousSAM’. It allows for an attacker to run code on the target machine which could allow them to access and change data, launch programs, and even create new accounts.

Although publicly disclosed, the vulnerability has thankfully not yet been exploited.

There is currently no patch available for this vulnerability, instead, Microsoft has advised users to restrict access to the SAM and delete any shadow copies created by the Volume Shadow Copy Service (VSS). However, this workaround should be taken with caution as it could cause unintended side effects to the system.