Please see Security Advisories for the week ending July 9, 2021
- Cisco Releases Security Updates for Multiple Products
- Microsoft Releases Out-of-Band Security Updates for PrintNightmare
- Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
- CISA Releases Security Advisory for Philips Vue PAC Products
_______________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products. Cisco lists CVE-2021-1359 and CVE-2021-1574/1576 with the highest priority and relegates all other updates to the Cisco Security Advisories page.
Problem
Regarding CVE-2021-1359: a found vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root, this is due to insufficient validation of user-supplied XML input for the web interface.
Regarding CVE-2021-1574/1576: multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These are due to improper authorization enforcement for specific features and for access to log files that contain confidential information.
Implication
An attacker could exploit these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates for CVE-2021-1359 and CVE-2021-1574/1576, respectively.
For a brief overview:
For a full list of Cisco security updates:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Microsoft Releases Out-of-Band Security Updates for PrintNightmare
Situation
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. The updates are cumulative and contain all previous fixes as well as protections for CVE-2021-1675. The updates do not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016—Microsoft states updates for these versions are forthcoming.
Problem
The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which is used to install a printer driver on system. One of the parameters to this function is the DRIVER_CONTAINER object, which contains information about which driver is to be used by the added printer. An attacker can take advantage of the fact that any authenticated user can call RpcAddPrinterDriverEx() and specify a driver file that lives on a remote server. This results in the Print Spooler service spoolsv.exe executing code in an arbitrary DLL file with SYSTEM privileges.
Implication
An attacker can exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note VU #383432 and apply the necessary updates or workarounds.
For a brief overview:
For a more technical overview:
https://www.kb.cert.org/vuls/id/383432
________________________________
Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
Situation
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. However, this patch fails to fully fix the vulnerability. Microsoft’s fix protects Windows servers that are set up as domain controllers or Windows 10 devices that use default settings and installs a new mechanism that allows the requirement of administrative credentials when installing printer software, but PrintNightmare has been shown to work against a much wider range of systems.
Problem
The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which is used to install a printer driver on system. One of the parameters to this function is the DRIVER_CONTAINER object, which contains information about which driver is to be used by the added printer. An attacker can take advantage of the fact that any authenticated user can call RpcAddPrinterDriverEx() and specify a driver file that lives on a remote server. This results in the Print Spooler service spoolsv.exe executing code in an arbitrary DLL file with SYSTEM privileges.
Implication
An attacker can exploit this vulnerability to take control of an affected system.
Need
While the patch is incomplete, it still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability. For the time being, Microsoft encourages Windows users to install both the patch from June and the patch from Tuesday and wait for further guidance.
For a technical overview:
________________________________
CISA Releases Security Advisory for Philips Vue PAC Products
Situation
CISA has released an advisory for multiple vulnerabilities in Philips Clinical Collaboration Platform Portal products. Affected products are:
- Vue PACS: Versions 12.2.x.x and prior
- Vue MyVue: Versions 12.2.x.x and prior
- Vue Speech: Versions 12.2.x.x and prior
- Vue Motion: Versions 12.2.1.5 and prior
Problem
The vulnerabilities found in Philips Vue PAC products can be exploited remotely and have a low attack complexity. Vulnerabilities include Cleartext Transmission of Sensitive Information, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Improper Authentication, and much more.
Implication
An attacker can exploit these vulnerabilities to take over the affected system.
Need
Philips has released a plan and schedule to patch the vulnerabilities. However, certain vulnerabilities won’t be patched until Q1 2022 and releases are subject to country regulations. Please see full article for details.
For more information: https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01