CyberScotland Bulletin

Technical Bulletin November 2021

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Microsoft Patch Tuesday

Microsoft released its monthly security update on Tuesday the 9th of November 2021, remediating 55 vulnerabilities across its products. Six of the vulnerabilities are considered to be critical, but in particular, Microsoft have reported that they have seen active exploitation of two vulnerabilities addressed within this rollup. The remaining vulnerabilities have been rated as important.

CVE-2021-42321 relates to a remote code execution (RCE) vulnerability in Exchange Server. In order for an attacker to exploit the vulnerability, they need to need to be able to authenticate with the service, so these are not as severe as the very commonly exploited ‘ProxyShell’ and ‘ProxyLogon’ vulnerabilities. See the reference provided for identifying whether the vulnerability has been exploited, which can be performed after installing the update.

The other vulnerability that has been observed to be exploited in the wild is CVE-2021-42292, which correlates to a security bypass in Microsoft Excel that allows remote code execution on both Windows and MacOS operating systems. A patch does not appear to be available for MacOS at this time.

The update also includes four hotfixes for Active Directory, one of which (KB5008380) has been highlighted to potentially cause issues in June 2022 if inconsistent patching is in effect across Domain Controllers.

See list for breakdown of all vulnerabilities identified in this security update: Microsoft November 2021 Patch Tuesday (sans.edu)

Ransomware Update

In September, vxunderground reported that the source code of the Babuk ransomware was leaked by one of the developers. As the Babuk source code included decryption keys, Avast released a decryptor for this ransomware in October. Avast has also released decryptors for AtomSilo and LockBit.

In October, Conti group, known for their “double extortion” ransomware, appeared to have deviated from their current business model in that they were attempting to broker access to victims. Digital Shadows suggest that this may be due the issues associated with hosting exfiltrated data either on dark web or file-sharing sites.

Apple Security Updates

Apple released security updates across their products between the 25th and 27th of October 2021. Namely iOS (22 vulnerabilities), iOS 15.1, macOS Big Sur (24 vulnerabilities), 11.6.1 and macOS Monterey (40 vulnerabilities), 12.0.1. Four vulnerabilities were also addressed within the latest Safari security update.

iOS 14.8.1 is also available to users that do not wish to upgrade to iOS 15. The 14.8.1 update fixes 12 vulnerabilities.

The security updates for both Big Sur and Monterey address a vulnerability identified in macOS System Integrity Protection (SIP), dubbed ‘Shrootless’. The mechanism intends to protect the system by prohibiting changes to files and folders, even if attempted by the root user. The flaw could allow an attacker to bypass the mitigation allowing them to install rootkits.

Palo Alto Global Protect VPN Security Update

Palo Alto networks has issued a security advisory regarding a critical vulnerability identified in older versions of its products.

Organisations that have PAN-OS firewalls with versions between 8.1 < 8.1.17 are vulnerable to a remote code execution vulnerability which would allow complete control over the device, could be exploited by an unauthenticated attacker, provident the GlobalProtect portal and gateways are enabled.

At this point in time, there is no publicly available exploit code, nor has there been any evidence to suggest this has been exploited in the wild. Given the prevalence of exploitation in network device vulnerabilities in 2019, this could change.

Other Announcements

Also this month, Microsoft released Sysmon for Linux, an enhanced monitoring and logging tool for collecting system activity useful for SIEM ingestion. Microsoft also announced ‘Microsoft Defender for Business’ for public preview, which offers some of the same enterprise grade features found in its EDR product, but at a price point that may be more accessible for SMBs.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more
Scottish Business Resilience Centre

Related content

Technical Bulletin – July 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• NSO Group’s Pegasus Spyware

• Oracle Issues Patch for Critical Vulnerabilities

• Microsoft Advises On Vulnerability Affecting Windows 10 And The Upcoming Windows 11

Technical Bulletin – May 2021

The CyberScotland Technical Bulletin
will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Adobe Patches

• AutoHotKey Malware Attacks

• Android Patching Zero-Day Exploits

Technical Bulletin October 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Apple Urgent Zero-Day Fix

• New Ransomware Threatens to Launch DDoS Attacks as well as Encrypt Data

• Ransomware Group Targeting Healthcare Networks

Technical Bulletin – June 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Apple Zero-Day Urgent Patches

• Google Chrome Urgent Update for Exploited Zero-Day

• Linux Users Urged To Update After Root Level Security Flaw Found

Technical Bulletin September 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• REvil/Sodinokibi Ransomware Decryptor

• Google Patches Zero-Days

• Apple Patches Zero-Days

Technical Bulletin – August 2021

The CyberScotland Technical Bulletin will provide you with information about updates, exploits and countermeasures.

This month’s topics include:

• Microsoft Patch Tuesday

• Cisco Patches Critical Vulnerabilities

• Realtek Warns of Vulnerabilities

• Diavol Ransomware Linked to TrickBot Gang

Back to top of the page