CyberScotland Bulletin

Technical Bulletin October 2022

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Section Microsoft Patch Tuesday

Microsoft Patch Tuesday

October’s round of monthly Microsoft security patches saw 84 vulnerabilities addressed, including 13 rated critical severity. Most notably is the zero-day flaw CVE-2022-41033, which Microsoft says has been actively exploited, although they have provided no detail as to the targets or prevalence of the attacks. This is a privilege-escalation vulnerability in Windows COM+ Event System Service, which could allow an attacker with an initial foothold in a host to elevate their privileges to SYSTEM level, effectively allowing them complete control. This vulnerability affects all supported versions of Windows beginning with Windows 7 and Server 2008.

Another vulnerability patched in this release was CVE-2022-37968. Another privilege escalation flaw, this time in Azure Kubernetes clusters, and with a maximum CVSS Score of 10. This vulnerability could allow a remote, unauthenticated attacker to take admin control over an Arc-Enabled Kubernetes cluster, although Microsoft states that for successful exploitation, the attacker would require the randomly-generated name of the cluster’s DNS endpoint.

Notably absent from this round of patches was a fix for ProxyNotShell, a pair of actively exploited zero-day vulnerabilities in Exchange on-premises which allow an authenticated attacker to conduct remote code execution. After these flaws were first revealed by a 3rd party security researcher in September, Microsoft released instructions for mitigation but have yet to publish a fix.

Section Adobe Patches

Adobe Patches

Adobe released 4 security updates on 11 October addressing vulnerabilities rated critical and important. This included 2 critical severity stack-based Buffer Overflow vulnerabilities in Adobe Acrobat and Reader which could allow arbitrary code execution, if a user interacted with a malicious file created by the attacker. This release also included fixes for flaws in Adobe’s ColdFusion, Commerce, and Dimension products.

Section Fortinet Firewall Authentication Bypass

Fortinet Firewall Authentication Bypass

On 10 October, Fortinet warned that a flaw in its firewall and web proxy products was being actively exploited in the wild. The flaw, tracked as CVE-2022-40684, relates to an authentication bypass in the FortiOS, FortiProxy, and FortiSwitchManager products. This flaw could allow an attacker to remotely perform administrative operations by creating custom HTTP/S requests. Fortinet contacted affected customers several days prior to the public disclosure, urging them to apply patches as soon as possible.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Cyber and Fraud Centre – Scotland
Back to top of the page