Weekly threat roundup: Windows 10, Adobe, and SonicWall VPNs

The most dangerous and pressing cyber security exploits from the week gone by

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Wormable CVSS 9.8-rated flaw - Microsoft’s Patch Tuesday

Although this week’s Patch Tuesday was a much smaller package than we have come to expect in recent months, with just 87 security fixes released, there were still patches for 11 ‘critical’ exploits among them.

The highlight of the bunch was a wormable flaw in the TCP/IP component of Windows 10 and Windows Server 2019 that, if exploited, could allow an attacker to run code on target systems remotely, and compromise an entire network. This flaw, tagged CVE-2020-16898, was rated 9.8 on the CVSS severity scale.

Another major exploit fixed as part of the wave of updates include a remote code execution bug found in Windows Hyper-V, tagged CVE-2020-16891. This was among bugs fixed in Microsoft Office, Azure Functions, Microsoft Exchange Server, and Adobe Flash player, among other Microsoft software.

Two critical bugs in Adobe’s Magento platform

Nine security vulnerabilities in Adobe’s ecommerce platform, branded Magento, were fixed on Thursday. These included two critical vulnerabilities, file upload allow list bypass and SQL injection flaws, tagged CVE-2020-24407 and CVE-2020-24400 respectively.

The former could have allowed a hacker to execute arbitrary code on targeted systems, while the latter, if exploited, would grant arbitrary read or write access to a database. Both require administrative privileges to execute, however.

Both the Magento Commerce and Magento Open Source platforms were affected by all nine bugs, the company confirmed, including versions 2.3.5-p1 and earlier versions as well as 2.4.0 and earlier versions of both platforms.

Zero-Click Linux Bluetooth flaws

A set of zero-click vulnerabilities in the Linux Bluetooth software can allow an unauthorised attacker to remotely execute arbitrary code, with kernel privileges, on vulnerable devices, according to security engineer Andy Nguyen.

Three flaws, collectively known as BleedingTooth, are present in the open-source BlueZ protocol stack, which provides support for the core Bluetooth layers and protocols on systems running Linux. Intel and Google have both provided advisories detailing the nature of the potential exploit.

Related Resource

2020 cyber security outlook report

Behaviours in the battle between modern attacker and defender

Download now

The first, tagged CVE-2020-12351, is a heap-based type confusion present in the Logical Link Control and Adaptation Protocol (L2CAP) of the standard, and can be exploited to send malicious packets and cause denial of service, or even arbitrary code execution. The second, tagged CVE-2020-12352, concerns improper access controls and may allow an attacker to enable information disclosure. The third, meanwhile, tagged CVE-2020-24490, centres on improper buffer restrictions in BlueZ, and may cause denial of service.

SonicWall VPNs under threat by RCE bug

Patches have been released for a critical vulnerability in the SonicOS operating system that runs SonicWall virtual private network (VPN) appliances.

The 9.4-rated vulnerability on the CVSS scale is a denial of service flaw that is caused by a buffer overflow and can allow hackers to potentially execute arbitrary code on systems running the vulnerable OS.

The flaw in approximately 800,000 of the network security appliances affected can be triggered by an unauthenticated HTTP request involving a custom protocol handler, according to researchers from Tripwire. An unskilled attacker can use the flaw to cause a persistent state of denial of service, or possibly even execute arbitrary code remotely.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021