Weekly threat roundup: Windows 10, Adobe, and SonicWall VPNs

The most dangerous and pressing cyber security exploits from the week gone by

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Wormable CVSS 9.8-rated flaw - Microsoft’s Patch Tuesday

Although this week’s Patch Tuesday was a much smaller package than we have come to expect in recent months, with just 87 security fixes released, there were still patches for 11 ‘critical’ exploits among them.

The highlight of the bunch was a wormable flaw in the TCP/IP component of Windows 10 and Windows Server 2019 that, if exploited, could allow an attacker to run code on target systems remotely, and compromise an entire network. This flaw, tagged CVE-2020-16898, was rated 9.8 on the CVSS severity scale.

Another major exploit fixed as part of the wave of updates include a remote code execution bug found in Windows Hyper-V, tagged CVE-2020-16891. This was among bugs fixed in Microsoft Office, Azure Functions, Microsoft Exchange Server, and Adobe Flash player, among other Microsoft software.

Two critical bugs in Adobe’s Magento platform

Nine security vulnerabilities in Adobe’s ecommerce platform, branded Magento, were fixed on Thursday. These included two critical vulnerabilities, file upload allow list bypass and SQL injection flaws, tagged CVE-2020-24407 and CVE-2020-24400 respectively.

The former could have allowed a hacker to execute arbitrary code on targeted systems, while the latter, if exploited, would grant arbitrary read or write access to a database. Both require administrative privileges to execute, however.

Both the Magento Commerce and Magento Open Source platforms were affected by all nine bugs, the company confirmed, including versions 2.3.5-p1 and earlier versions as well as 2.4.0 and earlier versions of both platforms.

Zero-Click Linux Bluetooth flaws

A set of zero-click vulnerabilities in the Linux Bluetooth software can allow an unauthorised attacker to remotely execute arbitrary code, with kernel privileges, on vulnerable devices, according to security engineer Andy Nguyen.

Three flaws, collectively known as BleedingTooth, are present in the open-source BlueZ protocol stack, which provides support for the core Bluetooth layers and protocols on systems running Linux. Intel and Google have both provided advisories detailing the nature of the potential exploit.

Related Resource

2020 cyber security outlook report

Behaviours in the battle between modern attacker and defender

Download now

The first, tagged CVE-2020-12351, is a heap-based type confusion present in the Logical Link Control and Adaptation Protocol (L2CAP) of the standard, and can be exploited to send malicious packets and cause denial of service, or even arbitrary code execution. The second, tagged CVE-2020-12352, concerns improper access controls and may allow an attacker to enable information disclosure. The third, meanwhile, tagged CVE-2020-24490, centres on improper buffer restrictions in BlueZ, and may cause denial of service.

SonicWall VPNs under threat by RCE bug

Patches have been released for a critical vulnerability in the SonicOS operating system that runs SonicWall virtual private network (VPN) appliances.

The 9.4-rated vulnerability on the CVSS scale is a denial of service flaw that is caused by a buffer overflow and can allow hackers to potentially execute arbitrary code on systems running the vulnerable OS.

The flaw in approximately 800,000 of the network security appliances affected can be triggered by an unauthenticated HTTP request involving a custom protocol handler, according to researchers from Tripwire. An unskilled attacker can use the flaw to cause a persistent state of denial of service, or possibly even execute arbitrary code remotely.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

22 Apr 2021
What is hacktivism?
hacking

What is hacktivism?

22 Apr 2021
Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021