Please see Security Advisories for the week ending August 20, 2021
- Urgent: Attackers Actively Exploiting ProxyShell Vulnerabilities on Microsoft Exchange Server
- Cisco Releases Security Updates for Multiple Products
- ISC Releases Security Advisory for BIND
- Google Releases Security Updates for Chrome
- Apple Releases Security Update for iCloud on Windows
_______________________________
Urgent: Attackers Actively Exploiting ProxyShell Vulnerabilities on Microsoft Exchange Server
Situation
Attackers have been seen actively exploiting three ProxyShell vulnerabilities found on Microsoft Exchange Server.
Problem
The vulnerabilities seen actively being exploited are:
CVE-2021-34473 a Microsoft Exchange Server remote code execution vulnerability.
CVE-2021-34523 a Microsoft Exchange Server elevation of privilege vulnerability.
CVE-2021-31207 a Microsoft Exchange Server security feature bypass vulnerability.
Implication
If an attacker is able to successfully exploit these vulnerabilities it could allow them to execute arbitrary code taking control of the affected device.
Need
The Cybersecurity and Infrastructure Security Agency (CISA) strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft's Security Update from May 2021, to remediate theses three ProxyShell vulnerabilities. Additional information can be found in the links below.
CVE-2021-34473:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
CVE-2021-34523:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523
CVE-2021-31207:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207
Microsoft's Security Update Release Notes:
https://msrc.microsoft.com/update-guide/releaseNote/2021-May
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
Problem
These updates address a range of vulnerabilities, BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products, Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability, Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability, Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability, Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability, Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability, and Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
ISC Releases Security Advisory for BIND
Situation
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND)
Problem
If named.conf attempts to respond over UDP with a response that is larger than the current effective interface maximum transmission unit (MTU), and if response-rate limiting (RRL) is active, an assertion failure is triggered (resulting in termination of the named server process).
Implication
A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
Need
CISA encourages users and administrators to review ISC advisory CVE-2021-25218 and apply the necessary updates or workarounds.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/isc-releases-security-advisory-bind
For a more technical overview:
https://kb.isc.org/v1/docs/cve-2021-25218
________________________________
Google Releases Security Updates for Chrome
Situation
Google has released Chrome version 92.0.4515.159 for Windows, Mac, and Linux.
Problem
This updated addresses a range of vulnerabilities, including CVE-2021-30598: Type Confusion in V8, CVE-2021-30599: Type Confusion in V8, CVE-2021-30600: Use after free in Printing, CVE-2021-30601: Use after free in Extensions API, CVE-2021-30602: Use after free in WebRTC, CVE-2021-30603: Race in WebAudio, and High CVE-2021-30604: Use after free in ANGLE.
Implication
This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/08/18/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html
________________________________
Apple Releases Security Update for iCloud on Windows
Situation
Apple has released a security update to address two vulnerabilities found in iCloud for Windows
Problem
The two vulnerabilities (CVE-2021-30779 and CVE-2021-30785) that were patched could allow iCloud, when processing for a specially crafted image, to perform an arbitrary code execution.
Implication
If an attacker is able to successfully exploit these vulnerabilities it could allow them to take control of the affected device.
Need
Apple recommends updating the latest version of iCloud on the Windows operating system to protect against these vulnerabilities. Patch notes and additional information can be found in the links below.
Apple’s security patch notes iCloud for Windows: