IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Weekly threat roundup: Atlassian, Microsoft Office, Zoho ManageEngine

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Atlassian Confluence is under attack

US officials have warned businesses that a vulnerability in the Atlassian Confluence workplace collaboration platform is being exploited on a massive scale.

Although Atlassian has issued a patch for the critical flaw tracked as CVE-2021-26084, researchers have detected mass scanning and exploit activity from hackers in a number of regions, including China and Brazil. Atlassian hasn’t revealed the exploit mechanism, although it’s described the flaw as a Confluence Server Websork OGNL injection.

The bug, rated 9.8 out of ten on the CVSS threat severity scale, lies in the Atlassian Confluence Server and Confluence Data Center products and can allow an unauthorised attacker to execute arbitrary code on either. Confluence Cloud, which is hosted on public cloud environments, isn’t affected.

Microsoft users targeted with malicious Office files

Hackers are exploiting a vulnerability in the browser engine that powers Internet Explorer to target Windows users with malicious Microsoft Office documents.

The flaw, tracked as CVE-2021-40444, is a remote code execution zero-day embedded in MSHTML, an engine also known as Trident, and is rated 8.8 out of ten on the CVSS threat severity scale. This bug is under limited and targeted exploitation, according to the firm.

Exploitation involves an attacker crafting a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. These are small programmes for Internet Explorer and other Windows apps used to add more functionality to the core software. Once an attacker’s written the malicious ActiveX control, they would then need to convince a victim to open the malicious file.

HAProxy susceptible to HTTP request smuggling attacks

A critical flaw in HAProxy, a widely-used open source load balancer and proxy server, can be exploited to smuggle HTTP requests. This might lead to hackers accessing sensitive data and launching a variety of attacks, according to researchers with JFrog Security.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point insideFree download

This integer overflow vulnerability, tracked as CVE-2021-40346, exists in HAProxy 2.0 through 2.5 in the htx_add_header() component and can allow an attacker to tamper with the way a site processes a sequence of HTTP requests. This abuses parsing inconsistencies between how front-end and band-end servers process the HTTP requests.

The consequences of a successful attack include gaining access to sensitive data, executing unauthorised commands or modifying data, hijacking user sessions, and exploiting a reflected cross-site scripting (XSS) vulnerability without user interaction.

CISA warns that Zoho ManageEngine is being targeted

The US cybersecurity and infrastructure agency (CISA) has revealed that a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus is being exploited in the wild.

ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) system for Active Directory and cloud applications that allows IT admins to enforce two-factor authentication (2FA) across their systems.

Tracked as CVE-2021-40539, this vulnerability is described as an authentication bypass flaw that can lead to remote code execution. Zoho has described it as a “critical issue”, given that it allows attackers to gain unauthorised access to the product through REST API endpoints by sending a specially crafted request.

Customers can protect themselves against attacks by updating ADSelfService Plus to the latest build, 6114.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022