Please see Security Advisories for the week ending March 18, 2022
- Drupal Releases Security Updates
- TLStorm vulnerability found in APC Smart-UPS devices
- ISC Releases Security Advisories for BIND
- Apple Releases Security Updates for Multiple Products
- Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols
- Google Releases Security Updates for Chrome
- Updated: Kubernetes Hardening Guide
_______________________________
OpenSSL Releases Security Updates
Situation
OpenSSL has released security updates addressing a vulnerability affecting multiple versions of OpenSSL.
Problem
OpenSSL has patched a High severity vulnerability found in the modular square root function, that can allow an infinite loop for non-prime moduli.
Implication
An attacker could exploit this vulnerability to cause a denial-of-service condition.
Need
The CISA recommends users and administrators to review the OpenSSL security advisory and apply the necessary updates.
For a more technical overview:
https://www.openssl.org/news/secadv/20220315.txt
________________________________
Drupal Releases Security Updates
Situation
Drupal has released security updates to address vulnerabilities found in Drupal 9.2 and 9.3.
Problem
The vulnerabilities found are caused by Drupal using the CKEditor library for WYSIWYG editing. These vulnerabilities can allow an attacker to exploit a Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
The CISA recommends users and administrators to review Drupal Advisory and apply the necessary updates.
For a more technical overview:
https://www.drupal.org/sa-core-2022-005
________________________________
TLStorm vulnerability found in APC Smart-UPS devices
Situation
Three vulnerabilities have been found in Schneider Electric’s APC Smart-UPS devices.
Problem
These three vulnerabilities are being tracked under the same name TLStorm. Two of these vulnerabilities are found in the TLS implementation on the device that can allow TLS authentication bypass and TLS buffer overflow, the third vulnerability allows unsigned firmware to be installed on the device.
Implication
If an attacker successfully exploits some of these vulnerability it can allow them take over the device or damage the device by manipulating the power consumption.
Need
It is recommended to the latest patch release or apply the necessary work arounds to protect against these vulnerabilities. Additional information can be found in the link below.
For a more technical overview:
https://www.theregister.com/2022/03/09/tlstorm_apc_ups_critical_zero_days/
________________________________
ISC Releases Security Advisories for BIND
Situation
The Internet Systems Consortium (ISC) has released security advisories that address four vulnerabilities found in multiple versions of ISC Berkeley Internet Name Domain (BIND).
Problem
The four vulnerabilities patched in BIND include DoS from specifically crafted TCP packets, INSIST failure in query_dname, assertion failure on delayed DS lookup, and DNS forwarder cache poisoning. These vulnerabilities range from Medium to High severity and can all be exploited remotely.
Implication
A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition on the affected device.
Need
The CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates and workarounds to BIND.
CVE-2022-0396: DoS from specifically crafted TCP packets
https://kb.isc.org/docs/cve-2022-0396
CVE-2022-0635: DNAME insist with synth-from-dnssec enabled
https://kb.isc.org/docs/cve-2022-0635
CVE-2022-0667: Assertion failure on delayed DS lookup
https://kb.isc.org/docs/cve-2022-0667
CVE-2021-25220: DNS forwarders – cache poisoning vulnerability
https://kb.isc.org/docs/cve-2021-25220
________________________________
Apple Releases Security Updates for Multiple Products
Situation
Apple has released security updates to address vulnerabilities in multiple products.
Problem
Several Apple products contain vulnerabilities.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Apple security page and apply the necessary updates.
For a brief overview:
https://content.govdelivery.com/accounts/USDHSCISA/bulletins/30f21b3
For a more technical overview:
https://support.apple.com/en-us/HT201222
________________________________
Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols
Situation
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols.
Problem
The actors exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges.
Implication
Attackers that exploited vulnerable systems were able to run arbitrary code that could be used to exfiltrate data and compromise data integrity.
Need
CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability.
For a brief overview:
https://content.govdelivery.com/accounts/USDHSCISA/bulletins/30f040f
For Information on General Russian state-sponsered Malicious Cyber Activity:
https://www.cisa.gov/uscert/russia
For a more technical overview & additional mitigation recommendations:
________________________________
Google Releases Security Updates for Chrome
Situation
Google has released Chrome versions 99.0.4844.74 for Windows, Mac and Linux.
Implication
These versions address vulnerabilities that an attacker could exploit to take control of an affected system.
Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
For a brief overview:
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/16/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html
________________________________
Updated: Kubernetes Hardening Guide
Situation
NSA and CISA have updated their Kubernetes Hardening Guide, originally released in August 2021.
Problem
Kubernetes has three common sources of compromise: supply chain risks, malicious threat actors, and insider threats. The guide outlines ways to address these issues.
Implication
Kubernetes is a highly used open source system and any compromise can lead to massive damage to an organization.
Need
NSA and CISA recommends:
- Scan containers and Pods for vulnerabilities or misconfigurations.
- Run containers and Pods with the least privileges possible.
- Use network separation to control the amount of damage a compromise can cause.
- Use firewalls to limit unneeded network connectivity and use encryption to protect confidentiality.
- Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
- Capture and monitor audit logs so that administrators can be alerted to potential malicious activity.
- Periodically review all Kubernetes settings and use vulnerability scans to ensure risks are appropriately accounted for and security patches are applied.
For a more technical overview: