Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
Home > Security Advisories > Security Advisory Roll Up: Week Ending March 12, 2021

Security Advisory Roll Up: Week Ending March 12, 2021

Please see Security Advisories for the week ending March 12, 2021

  • Microsoft Releases March 2021 Security Updates
  • Palo Alto Networks Security Advisories - March 2021
  • F5 Security Advisory for RCE Vulnerabilities in BIG-IP, BIG-IQ
  • Apple Releases Security Updates for WebKit
  • Updates on Microsoft Exchange Server Vulnerabilities
  • SAP Releases March 2021 Security Updates

________________________________

Microsoft Releases March 2021 Security Updates

Situation

Microsoft has released its monthly security updates for March 2021. These updates address vulnerabilities in the following Microsoft software:

  • Application Virtualization
  • Azure
  • Azure DevOps
  • Azure Sphere
  • Internet Explorer
  • Microsoft ActiveX
  • Microsoft Exchange Server
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office PowerPoint
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Windows Codecs Library
  • Power BI
  • Role: DNS Server
  • Role: Hyper-V
  • Visual Studio
  • Visual Studio Code

A complete list in the links below.

Problem

Microsoft has released fixes for 44 vulnerabilities, within a list of different products some if exploited could allow a remote attacker to compromise and control the system and further dig into a company’s infrastructure.

Implication 

Microsoft has fixed a variety of different vulnerabilities with the impact depending on the product and vulnerability. The most severe of which could allow a remote attacker to take control of the affected system.

Need

Microsoft recommends updating all affected Microsoft software as soon as possible to protect against these vulnerabilities.

For a brief overview:

https://us-cert.cisa.gov/ncas/current-activity/2021/03/10/microsoft-releases-march-2021-security-updates

For a more detailed overview:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar

________________________________

Palo Alto Networks Security Advisories - March 2021

Situation

Palo Alto Networks has discovered and patched several vulnerabilities for its Cortex XSOAR software.

Problem

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup.

This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration.

Implication 

Failure to patch could result in loss of control of affected systems. Possible compromise of system and network integrity.

Need

This issue is fixed in Cortex XSOAR 5.5.0 build 98622, Cortex XSOAR 6.0.1 build 830029, Cortex XSOAR 6.0.2 build 98623, Cortex XSOAR 6.1.0 build 848144, and all later Cortex XSOAR versions.

After you upgrade the Cortex XSOAR appliance, you must configure a new private key for SAML SSO integration. Clear the server system logs using the instructions provided in the Workarounds and Mitigations section to remove any potentially logged secrets.

For a more detailed overview:

https://security.paloaltonetworks.com/CVE-2021-3034

________________________________

F5 Security Advisory for RCE Vulnerabilities in BIG-IP, BIG-IQ

Situation

F5 has discovered and patched several vulnerabilities impacting its BIG-IP and BIG-IQ devices.

Problem

F5 has discovered and patched several vulnerabilities to address remote code execution impacting its BIG-IP and BIG-IQ devices. An attacker could exploit these vulnerabilities to take control of an affected system.

Implication 

Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.

Need

Because of the severity of these vulnerabilities, F5 recommends that all customers install fixed software as soon as possible. All seven vulnerabilities are fixed in the following BIG-IP versions: 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, and 11.6.5.3. CVE-2021-22986 also affects BIG-IQ, and this is fixed in 8.0.0, 7.1.0.3, and 7.0.0.2.

For a brief overview:

https://us-cert.cisa.gov/ncas/current-activity/2021/03/10/f5-security-advisory-rce-vulnerabilities-big-ip-big-iq

For a more detailed overview:

https://support.f5.com/csp/article/K02566623

________________________________

Apple Releases Security Updates for WebKit

Situation

Apple has released security updates to address a WebKit vulnerability (CVE-2021-1844) in multiple products.

Problem

This WebKit vulnerability (CVE-2021-1844) is caused by a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Implication 

If an attacker is able to successfully exploit this WebKit vulnerability it could allow them to take control of the affected system.

Need

Apple is encouraging all affected device users and administrators to update as soon as possible. Additional information can be found in the link below

For a brief overview:

https://us-cert.cisa.gov/ncas/current-activity/2021/03/09/apple-releases-security-updates

________________________________

Updates on Microsoft Exchange Server Vulnerabilities

Situation

CISA has observed active exploitations on Microsoft Exchange Server. Attackers are seen using public tools to identify vulnerable Exchange Servers to target.

Problem

Active exploitation of Microsoft Exchange Server vulnerabilities have been observed by multiple security organizations.

CVE-2021-26855: unauthenticated attacker can send arbitrary HTTP requests and authenticate as the Exchange Server. This allows the attacker to gain mailbox access.

CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: attackers can then perform remote code execution

Implication 

Successful exploitation of the vulnerabilities allows unauthenticated attackers to execute arbitrary code, allowing persistence and exfiltration.

Need

  1. Create a forensic image of system
  1. Microsoft recommends investigating for signs of compromise starting from Jan 1, 2021 to present.
    1. Microsoft has released a script to scan Exchange log files for IOCs: https://github.com/microsoft/CSS-Exchange/tree/main/Security
  2. If running Exchange 2013, 2016, and 2019, immediately apply patches.
  3. If unable to apply patches: https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

For a brief overview:

 https://us-cert.cisa.gov/ncas/alerts/aa21-062a

________________________________

SAP Releases March 2021 Security Updates

Situation

SAP has released security updates for SAP Solution Manager, SAP Business Client, SAP NetWeaver, SAP 3D Visual Enterprise Viewer, and more.

Problem

SAP has addressed vulnerabilities ranging from medium to high, such as code injection, missing authorization checks, insecure deserialization, and improper input validation.

Implication 

Attackers exploiting these vulnerabilities could compromise the affected SAP products.

Need

If you use SAP products, make sure to apply the security updates.

For a more detailed overview:

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107

soc-as-a-service ebook

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience
+ +