Please see Security Advisories for the week ending July 30, 2021
- CISA Announces Vulnerability Disclosure Policy Platform
- Apple Releases Security Updates
- Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks
_______________________________
CISA Announces Vulnerability Disclosure Policy Platform
Situation
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new vulnerability disclosure policy (VDP) platform for US federal civilian agencies.
Implication
CISA's VDP platform works as a central portal through which federal agencies can receive and triage security vulnerabilities disclosed by researchers and members of the general public in agency websites and other Internet-connected assets. It enables researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis.
Need
For more details visit the CISA blog post on Vulnerability Disclosure Policy (VDP) Platform.
https://www.cisa.gov/blog/2021/07/29/cisa-announces-new-vulnerability-disclosure-policy-vdp-platform
________________________________
Apple Releases Security Updates
Situation
Apple has released security updates to address a vulnerability in multiple products.
Problem
One product is macOS Big Sur 11.5.1; a memory corruption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. The other product is iOS and iPadOS 14.7.1; a memory corruption issue was addressed with improved memory handling. An application may also be able to execute arbitrary doe with kernel privileges.
Implication
An attacker could exploit this vulnerability to take control of an affected device.
Need
CISA encourages users and administrators to review the security update page for the following products and apply the necessary updates
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/07/27/apple-releases-security-updates
For a more technical overview:
https://support.apple.com/en-us/HT212622
&
https://support.apple.com/en-us/HT212623
________________________________
Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks
Situation
On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) to address a NTLM Relay Attack named PetitPotam
Problem
Relay attacks are similar to man-in-the-middle attacks, where the attacker initiates communication between both parties and relays information between the two without manipulating the information. PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks. To prevent NTLM Relay Attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication make use of protections such as Extended Protection for Authentication (EPA) or signing features such as SMB signing.
Implication
An attacker could exploit this vulnerability to exfiltrate sensitive information.
Need
CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations.
For a brief overview:
For a more technical overview: