June 12, 2023

Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover

Description

Security researchers from Varonis have discovered a vulnerability, tracked as CVE-2023-28299, in the Microsoft Visual Studio installer that could allow cyber attackers to distribute malicious extensions to application developers. The bug, classified as moderate severity by Microsoft, is easily exploitable and affects multiple versions of Visual Studio, with a 26% market share and over 30,000 customers. Attackers can bypass the security restriction by adding newline characters to the extension name, hiding warnings about the extension not being digitally signed. By delivering a malicious extension, attackers can infiltrate development environments, compromise systems, steal intellectual property, and more. Potential delivery methods include phishing, social engineering, cracked software, or typosquatting in the Microsoft marketplace. User interaction is required for the flaw to be exploited, but all Visual Studio users who are not up to date are at risk. Organizations are urged to update Visual Studio to mitigate the vulnerability.

Infected Technology

Visual Studio

Source

https://www.darkreading.com/application-security/researchers-warn-of-easily-exploitable-spoofing-bug-in-visual-studio?&web_view=true

Recommendation

• Update Visual Studio to the latest version with the patch. • Educate users about risks and untrusted extensions. • Enable automatic updates for Visual Studio. • Implement robust endpoint protection. • Monitor for suspicious activities. • Promote secure development practices. • Conduct regular security assessments.

CVE ID

CVE-2023-28299

Experts Unveil Exploit for Recent Windows Vulnerability under Active Exploitation

Description

A recently patched security flaw in Microsoft Windows, identified as CVE-2023-29336, has been revealed to have been actively exploited by threat actors to gain elevated privileges on affected systems. The vulnerability, rated 7.8 in severity, involves an elevation of privilege bug in the Win32k component, which is responsible for GUI and window management. While the exact details of the exploitation are not known, cybersecurity company Numen Cyber has analyzed the Microsoft patch and created a proof-of-concept exploit for Windows Server 2016. Numen Cyber highlighted the significance of the vulnerability and suggested that Microsoft’s refactoring of the Win32k code using Rust in the Windows 11 preview version might eliminate such vulnerabilities in the future.

Infected Technology

Microsoft Windows, specifically the Win32k component

Source

https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html

Recommendation

• Implement strong access controls and least privilege principles. • Use advanced security solutions to detect and mitigate exploits. • Consider migrating to Windows 11 for improved security features.

CVE ID

CVE-2023-29336

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability

Description

A type confusion vulnerability, identified as CVE-2023-3079, has been discovered in the V8 JavaScript engine used by Google Chrome. The issue was reported to Google by Clement Lecigne of the Threat Analysis Group on June 1, 2023. This vulnerability, present in versions of Google Chrome prior to 114.0.5735.110, could potentially be exploited by a remote attacker through a specially crafted HTML page. The vulnerability allows for potential heap corruption, but the specific details of the attacks have not been disclosed by Google. It is important to note that an exploit for CVE-2023-3079 has been observed in active use in the wild.

Infected Technology

Chrome

Source

https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html

Recommendation

• To upgrade to version 114.0.5735.110 for Windows and 114.0.5735.106 for macOS and Linux

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Description

Fortinet, a leading network security solutions provider, has resolved a critical Remote Code Execution (RCE) vulnerability affecting its FortiGate SSL VPN devices. This flaw could allow attackers to execute arbitrary code on vulnerable systems, leading to a complete compromise of the devices. Fortinet responded swiftly by releasing security patches and firmware updates to address the vulnerability, urging all users to apply them immediately. Prompt patching and adherence to security best practices, such as strong passwords and regular updates, are essential to mitigate the risk and maintain a robust security posture. The critical RCE vulnerability in FortiGate SSL VPN devices could enable attackers to execute arbitrary code with elevated privileges. Exploiting this flaw could lead to unauthorized access, tampering with network configurations, and potential data breaches. Fortinet’s proactive response included the release of security patches, firmware updates, and recommendations for users to promptly apply them. Organizations utilizing FortiGate SSL VPN devices must prioritize patching and follow security best practices to protect their networks from potential exploitation and ensure a secure environment.

Infected Technology

Fortinet Products

Source

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/

Recommendation

• Patch and update immediately

Barracuda, an enterprise email security company, requests replacement of compromised ESG appliances

Description

A vulnerability has been discovered in the Barracuda Email Security Gateway (appliance form factor only) product, affecting versions 5.1.3.001-9.2.0.006. This vulnerability is related to a remote command injection, which occurs due to inadequate sanitization of .tar file processing. The flaw lies in the incomplete validation of user-supplied .tar file names within the archive. Exploiting this vulnerability allows a remote attacker to execute system commands through Perl’s qx operator, leveraging the privileges of the Email Security Gateway product. As of now, three distinct malware families have been identified, each equipped with functionalities enabling the uploading and downloading of arbitrary files, execution of commands, establishment of persistence, and the creation of reverse shells to a server controlled by the malicious actor.

Infected Technology

Email Security Gateway (ESG) Appliances

Source

https://thehackernews.com/2023/06/barracuda-urges-immediate-replacement.html

Recommendation

• Conduct regular security assessments. • Deploy multi-layered defense measures.

CVE ID

CVE-2023-2868