SysAdmin 24x7

Apple Releases Security Update for Xcode Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 14.1 and apply the necessary update. https://www.cisa.gov/uscert/ncas/current-activity/2022/11/03/apple-releases-security-update-xcode

Inyección de comandos en InfoSphere de IBM Fecha de publicación: 03/11/2022 Identificador: INCIBE-2022-0998 Importancia: 5 - Crítica Recursos afectados: InfoSphere Information Server, versión 11.7. Descripción: IBM ha corregido una vulnerabilidad de inyección de comandos en IBM InfoSphere DataStage de severidad crítica. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/inyeccion-comandos-infosphere-ibm

OpenSSL Releases Security Update OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, "can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution," allowing them to take control of an affected system. CISA encourages users and administrators to review the OpenSSL advisory, blog, OpenSSL 3.0.7 announcement, and upgrade to OpenSSL 3.0.7. For additional information on affected products, see the 2022 OpenSSL vulnerability - CVE-2022-3602 GitHub repository, jointly maintained by the Netherland's National Cyber Security Centrum (NCSC-NL) and CISA. https://www.cisa.gov/uscert/ncas/current-activity/2022/11/01/openssl-releases-security-update

2022 OpenSSL vulnerability https://github.com/NCSC-NL/OpenSSL-2022

VMSA-2021-0021.1 CVSSv3 Range:2.7 Issue Date: 2021-10-12 Updated On: 2022-10-31 CVE(s): CVE-2021-22033 Synopsis: VMware vRealize Operations update addresses SSRF Vulnerability (CVE-2021-22033) Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager https://www.vmware.com/security/advisories/VMSA-2021-0021.html

open-vm-tools: Local Privilege Escalation GLSA 202210-27 A vulnerability has been discovered in open-vm-tools which could allow for local privilege escalation. Affected packages Package app-emulation/open-vm-tools on all architectures Affected versions < 12.1.0 Unaffected versions >= 12.1.0 Impact An unprivileged guest user could achieve root privileges within the guest. https://security.gentoo.org/glsa/202210-27

cisco-sa-sdwan-privesc-cli-xkGwmqKu First Published:2022 September 28 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvz46392 CVE-2022-20930 CWE-88 CVSS Score: Base 6.7 Vulnerable Products At the time of publication, this vulnerability affected the following Cisco products: SD-WAN vBond Orchestrator Software SD-WAN vEdge Routers SD-WAN vManage Software SD-WAN vSmart Controller Software https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu

Microsoft: Windows domain joins may fail after October updates Microsoft says Windows domain join processes may fail with "0xaac (2732)" errors after applying this month's security updates. The issue stems from hardening changes introduced when addressing the CVE-2022-38042 elevation of privilege vulnerability in the Active Directory Domain Services that would allow attackers to gain domain administrator privileges. https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-domain-joins-may-fail-after-october-updates/

VMSA-2022-0027.1 CVSSv3 Range: 5.3-9.8 Issue Date: 2022-10-25 Updated On: 2022-10-27 CVE(s): CVE-2021-39144, CVE-2022-31678 Synopsis: VMware Cloud Foundation updates address multiple vulnerabilities. Impacted Products VMware Cloud Foundation (Cloud Foundation) https://www.vmware.com/security/advisories/VMSA-2022-0027.html

Jira Align flaws enabled malicious users to gain super admin privileges – and potentially worse. Lateral or upwards movement beyond the instance was theoretically possible, concludes researcher A pair of vulnerabilities patched in Jira Align could in the “worst-case scenario” be combined by low-privileged malicious users to target Atlassian’s cloud infrastructure, a security researcher warns. Jira Align is a software-as-a-service (SaaS) platform through which enterprises can scale their deployments of Atlassian Jira, the hugely popular bug tracking and project management application, in the cloud. https://portswigger.net/daily-swig/jira-align-flaws-enabled-malicious-users-to-gain-super-admin-privileges-and-potentially-worse

Windows 10 KB5018482 update released with nineteen improvements. Microsoft has released the optional KB5018482 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes nineteen bug fixes and enhancements, including a fix for graphics issues in Direct3D 9 games and a bug that caused OS upgrades to fail. The KB5018482 cumulative update preview is part of Microsoft's October 2022 monthly "C" update, allowing admins to test fixes coming in the November 2022 Patch Tuesday. https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5018482-update-released-with-nineteen-improvements/

OpenSSL to Patch First Critical Vulnerability Since 2016. The OpenSSL Project has informed users that an upcoming update will patch a critical vulnerability in the open source cryptography and secure communication toolkit. OpenSSL version 3.0.7 is scheduled for Tuesday, November 1, between 13:00 and 17:00 UTC. No details have been provided, but it has been described as a ‘security-fix release’ that will include a patch for a vulnerability rated ‘critical’. The issue does not appear to impact OpenSSL versions prior to 3.0. https://www.securityweek.com/openssl-patch-first-critical-vulnerability-2016

Vulnerabilidad en Cisco AnyConnect Secure Mobility Client para Windows Fecha de publicación: 27/10/2022 Importancia: 4 - Alta Recursos afectados: Cisco AnyConnect Secure Mobility Client para Windows, versiones anteriores a 4.9.00086. Descripción: Cisco ha corregido una vulnerabilidad de severidad alta en el canal de comunicación entre procesos (IPC) de Cisco AnyConnect Secure Mobility Client para Windows. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-cisco-anyconnect-secure-mobility-client-windows

Múltiples vulnerabilidades en productos Aruba Fecha de publicación: 26/10/2022 Identificador: INCIBE-2022-0991 Importancia: 5 - Crítica Descripción: Se han identificado 16 vulnerabilidades, una de ellas de severidad crítica, que afectan a productos Aruba (subsidiaria de HP), cuya explotación podría permitir a un atacante inyectar código, ejecutar código arbitrario de forma remota, modificar la secuencia de arranque, eliminar archivos arbitrarios, causar una condición de denegación de servicio, divulgar información sensible, desbordar el búfer o lectura de archivos arbitrarios. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-aruba-0

Apple Releases Security Updates for Multiple Products https://www.cisa.gov/uscert/ncas/current-activity/2022/10/26/apple-releases-security-updates-multiple-products

Samba Releases Security Updates The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements and apply the necessary updates and workarounds. • CVE-2022-3437 • CVE-2022-3592 https://www.cisa.gov/uscert/ncas/current-activity/2022/10/26/samba-releases-security-updates

Microsoft fixes Windows vulnerable driver blocklist sync issue. Microsoft says it addressed an issue preventing its vulnerable driver blocklist from being synced to systems running older Windows versions. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-vulnerable-driver-blocklist-sync-issue/

VMSA-2022-0027 CVSSv3 Range: 5.3-9.8 Issue Date: 2022-10-25 Updated On:2022-10-25 (Initial Advisory) CVE(s): CVE-2021-39144, CVE-2022-31678 Synopsis: VMware Cloud Foundation updates address multiple vulnerabilities. Description VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. https://www.vmware.com/security/advisories/VMSA-2022-0027.html

Múltiples vulnerabilidades en Forma LMS Fecha de publicación: 25/10/2022 Identificador: INCIBE-2022-0982 Importancia: 5 - Crítica Recursos afectados: Forma LMS, versión 3.1.0. Solución: Esta vulnerabilidad ha sido resuelta por Forma en LMS versión 3.2.1. incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-forma-lms

Apple Fixes Exploited Zero-Day With iOS 16.1 Patch Apple on Monday shipped a major iOS update with fixes at least 20 documented security defects, including a kernel flaw that’s already being actively exploited in the wild. https://www.securityweek.com/apple-fixes-exploited-zero-day-ios-161-patch