SysAdmin 24x7

Citrix Releases Security Updates for ADC and Gateway Original release date: May 26, 2022 Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates. https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/citrix-releases-security-updates-adc-and-gateway

Drupal soluciona una vulnerabilidad que afecta a la librería Guzzel Fecha de publicación: 26/05/2022 Importancia: 3 - Media Recursos afectados: Las versiones de Drupal anteriores a: Drupal 9.3.14, Drupal 9.2.20. Descripción: Se ha detectado una vulnerabilidad en la librería Guzzel utilizada por módulos de Drupal para gestionar peticiones y respuestas a servicios externos con el protocolo HTTP. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/drupal-soluciona-vulnerabilidad-afecta-libreria-guzzel

VMSA-2022-0015 CVSSv3 Range:5.8 Issue Date:2022-05-24 CVE(s):CVE-2022-22977 Synopsis: VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977) https://www.vmware.com/security/advisories/VMSA-2022-0015.html

May 2022 You might see authentication failures on the server or client for services Status Originating update History Resolved OS Build 19042.1706 KB5013942 2022-05-10 Resolved: 2022-05-19, 19:16 PT Opened: 2022-05-11, 18:38 PT After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller. https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-20h2#2826msgdesc https://twitter.com/WindowsUpdate/status/1527400220216025088

ICS Advisory (ICSA-22-139-01) Mitsubishi Electric MELSEC iQ-F Series 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition by sending specially crafted packets. A system reset is required for recovery. https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01

CVE-2022-1183: Destroying a TLS session early causes assertion failure Posting date: 18 May 2022 Program impacted: BIND CVSS Score: 7.0 Severity: High Versions affected: BIND 9.18.0 -> 9.18.2 and 9.19.0 of the BIND 9.19 development branch Exploitable: Remotely Description: An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early. Impact: On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. https://kb.isc.org/docs/cve-2022-1183

VMSA-2022-0014 CVSSv3 Range: 7.8-9.8 Issue Date: 2022-05-18 CVE(s): CVE-2022-22972, CVE-2022-22973 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities. https://www.vmware.com/security/advisories/VMSA-2022-0014.html

Actualiza tus dispositivos Apple y evita estas vulnerabilidades Fecha de publicación: 17/05/2022 Importancia: Alta Recursos afectados macOS Catalina, versiones anteriores a 2022-004. macOS Big Sur versiones, anteriores a 11.6.6. macOS Monterey, versiones anteriores a 12.4. iOS e iPadOS, versiones anteriores a 15.5: iPhone 6s y posteriores, iPad Pro (todos los modelos), iPad Air 2 y posteriores, iPad 5th generation y posteriores, iPad mini 4 y posteriores, iPod touch (7th generation). Safari, versiones anteriores a 15.5. Descripción Apple ha identificado y corregido vulnerabilidades de lectura y escritura de memoria fuera de límites, ejecución arbitraria de código y elevación de privilegios que afectan a varios de sus sistemas, por lo que recomienda actualizar los sistemas afectados. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/actualiza-tus-dispositivos-apple-y-evita-estas-vulnerabilidades

Múltiples vulnerabilidades en productos Aruba Fecha de publicación: 18/05/2022 Importancia: 5 - Crítica Recursos afectados: AirWave Management Platform, versión 8.2.14.0 y anteriores; Aruba Fabric Composer (AFC) y Plexxi Composable Fabric Manager (CFM), versión 6.2.0 y anteriores; Aruba EdgeConnect Enterprise, versiones ECOS 9.1.1.3, ECOS 9.0.6.0, ECOS 8.3.6.0 y anteriores; Aruba EdgeConnect Enterprise Orchestrator (on-premises). Descripción: Múltiples vulnerabilidades en la biblioteca de procesamiento XML Expat afectan a productos de Aruba. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-aruba

Microsoft recently observed a campaign targeting SQL servers that, like many attacks, uses brute force methods for initial compromise. What makes this campaign stand out is its use of the in-box utility sqlps.exe. https://twitter.com/MsftSecIntel/status/1526680337216114693

Apache Releases Security Advisory for Tomcat Original release date: May 16, 2022 The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. https://www.cisa.gov/uscert/ncas/current-activity/2022/05/16/apache-releases-security-advisory-tomcat

Vulnerabilidad en el sistema operativo de los cortafuegos de Zyxel Fecha de publicación: 16/05/2022 Importancia: 4 - Alta Recursos afectados: USG FLEX 100(W), 200, 500 y 700 con versiones de firmware ZLD V5.00 hasta ZLD V5.21 Patch 1. USG FLEX 50(W) y USG20(W)-VPN con versiones de firmware ZLD V5.10 hasta ZLD V5.21 Patch 1. ATP series con versiones de firmware ZLD V5.10 hasta ZLD V5.21 Patch 1. VPN series con versiones de firmware ZLD V4.60 hasta ZLD V5.21 Patch 1. Descripción: Zyxel ha publicado el parche que soluciona una vulnerabilidad de inyección de comandos en el sistema operativo de los firewalls detallados en “Recursos afectados”. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-el-sistema-operativo-los-cortafuegos-zyxel

SonicWall urges customers to fix SMA 1000 vulnerabilities. SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products. SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products. An attacker can exploit the vulnerabilities to bypass authorization and, potentially, compromise vulnerable devices. https://securityaffairs.co/wordpress/131247/security/sonicwall-urges-customers-to-fix-sma-1000-vulnerabilities.html

HP PC BIOS - May 2022 Security Updates Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. Severity: High HP Reference: HPSBHF03788 Rev. 2 Release date: May 10, 2022 https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788

Intel® NUC Firmware Advisory Intel ID: INTEL-SA-00654 Advisory Category: Firmware Impact of vulnerability: Escalation of Privilege Severity rating: HIGH Original release: 05/10/2022 Summary: Potential security vulnerabilities in some Intel® NUCs may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html

Actualización de seguridad de SAP de mayo de 2022 Fecha de publicación: 11/05/2022 Importancia: 5 - Crítica Recursos afectados: SAP Business One Cloud, versión 1.1; SAP Commerce, versiones 1905, 2005, 2105 y 2011; SAP Customer Profitability Analytics, versión 2; SAP Webdispatcher, versiones 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.83 y 7.85; SAP Netweaver AS para ABAP y Java (ICM), versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, 8.04, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 y 8.04; SAP BusinessObjects Business Intelligence Platform, versiones 420 y 430; SAP NetWeaver Application Server para ABAP y ABAP Platform, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 y 788; SAP Employee Self Service (Fiori My Leave Request), versión 605; SAP Host Agent, versión 7.22. Descripción: SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-mayo-2022

May 2022 Microsoft Security Updates Tabla resumen.

May 2022 Microsoft Security Updates RCE's en el reporte de mayo: Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972 Windows LDAP Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29128 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29129 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29131 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29139 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22015 Remote Desktop Client Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017 Remote Procedure Call Runtime Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270 Windows Address Book Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26926 Windows Graphics Component Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26927 Windows Network File System Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937 Microsoft SharePoint Server Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108 Microsoft Excel Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110 Windows Fax Service Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29115 Visual Studio Remote Code Execution Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29148 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30129

May 2022 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2022-May

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver CVE-2022-29972 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972