June has seen the release of several security updates with critical patches released for Google Chrome and Android, as well as dozens of patches for Microsoft products, including fixes for a Windows zero-day vulnerability that attackers had already exploited. Apple updates was absent at the time of writing, but the month also included some major business-focused patches for Citrix, SAP and Cisco products.
Here’s what you need to know about the major patches that have been released in the last month.
Microsoft’s Patch Tuesday release was pretty hefty in June, including fixes for 55 bugs in the technology giant’s products. This Patch Tuesday was particularly important because it addressed an already exploited remote code execution (RCE) issue in Windows dubbed Follina, which Microsoft has been aware of since at least May.
The trace as CVE-2022-30190, Follina – which exploits vulnerabilities in the Windows Support Diagnostic Tool and can be executed without having to open a document – has already been used by several criminal groups and state-sponsored attackers.
Three of the vulnerabilities addressed in Patch Tuesday that affect Windows Server are RCE errors and are rated as critical. However, patches appear to be break some VPN and RDP connections, so be careful.
Google Chrome updates keep coming thick and fast. This is not a bad thing, as the world’s most popular browser is by default one of the biggest targets for hackers. In June, Google released Chrome 103 with patches for 14 vulnerabilities, some of which are serious.
The trace as CVE-2022-2156 is the biggest error a problem without use in Base reported by Google’s Project Zero debugging team that could lead to arbitrary code execution, paralysis attacks or data corruption. Worse, when linked together with other vulnerabilities, the failure can lead to complete system compromise.
Of the many Android security issues that Google fixed in June, the most serious is a critical security vulnerability in the system component that could lead to remote code execution without the need for additional execution rights, Google said in its Android security bulletin.
Google too released updates to its Pixel devices to fix issues with Android Framework, Media Framework, and System Components.
Samsung users seem to have been lucky with Android updates lately where the device maker rolled out its patches very quickly. The security update from June is no different, it reaches the Samsung Galaxy Tab S7 series, Galaxy S21 series, Galaxy S22 series and Galaxy Z Fold 2 immediately.
Cisco Software Manufacturer released a patch in June to address a critical vulnerability in the Cisco Secure Email and Web Manager and Cisco Email Security Appliance that could allow a remote attacker to bypass authentication and log on to the Web management interface on an affected device.
The problem, tracked as CVE-2022-20798, could be exploited if an attacker entered something specific on the login page of the affected device, which would allow access to the Web-based management interface, Cisco said.
Citrix has issued a warning urging users to fix some major vulnerabilities that could allow attackers to reset administrator passwords. The vulnerabilities in Citrix Application Delivery Management could result in corruption of the system by an external, unauthorized user, Citrix said in a security bulletin. “The impact of this may include resetting the administrator password the next time the device is restarted, allowing a hacker with ssh access to connect to the default administrator information after the device is restarted,” the company wrote.
Citrix recommends that traffic to the Citrix ADM’s IP address be segmented from standard network traffic. This reduces the risk of exploitation, it says. However, the seller also urged customers to install the updated versions of Citrix ADM server and Citrix ADM agent “as soon as possible.”
The software company SAP has released 12 security fixes as part of their June Patch Day, three of which are serious. The first listed by SAP relates to an update released in April 2018 Patch Day and applies to the browser management Google Chromium used by the company’s business customers. Details of this vulnerability are not available, but it has a severity rating of 10, so the patch should be applied immediately.
Another major fix concerns an issue in the SAProuter proxy in NetWeaver and the ABAP platform that could allow an attacker to execute SAProuter administration commands from a remote client. The third major patch fixes an escalation privilege bug in SAP PowerDesigner Proxy 16.7.
Splunk has released some out-of-band patches to its Enterprise product that resolve issues, including a critically assessed vulnerability that could lead to arbitrary code execution.
The bug, labeled CVE-2022-32158, could allow an adversary to compromise a Universal Forwarder endpoint and execute code on other endpoints connected to the deployment server. Fortunately, there is no indication that the vulnerability has been used in any real attacks.
Ninja Forms WordPress Plug-In
Ninja Forms, a WordPress plugin with over a million active installations, has fixed a serious issue that is likely to be used by attackers in the wild. “We uncovered a code-injection vulnerability that allowed unauthorized attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection,” WordPress analysts security analysts Wordfence Threat Intelligence Team said in one update.
This can allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain were present, researchers said.
The bug has been completely fixed in versions 220.127.116.11, 3.1.10, 3.2.28, 18.104.22.168, 22.214.171.124, 126.96.36.199 and 3.6.11. WordPress seems to have performed a forced automatic update of the plug-in, so your site may already be using one of the patched versions.
Australian software company Atlassian has released a patch to fix a zero-day error that is already being exploited by attackers. Traced as CVE-2022-26134For example, the RCE vulnerability in Confluence Server and Data Center can be used to backdoor Internet-exposed servers.
GitLab has issued patches for versions 15.0.1, 14.10.4 and 14.9.5 for GitLab Community Edition and Enterprise Edition. The updates include important security patches for eight vulnerabilities, one of which could allow account takeover.
With this in mind, the company “strongly” recommends that all GitLab installations be upgraded to the latest version “as soon as possible.” GitLab.com is already running the patched version.