Microsoft issues its latest set of cumulative updates for Windows and other Microsoft products this week, but the March, 2020 Patch Tuesday is notable not only because of the sheer volume of fixes, but because it will prevent one very serious bug in its Server Message Block (SMB) technology (download the patch right now) that could lead to a wide range of different (and potentially wormable) attacks.
This happened more than once in 2020, and one of the examples actually began in 2019 and stretched into the next year. That string of flaws began with CVE-2019-0880, a bug in the splwow64.exe component in Windows that Microsoft patched in July 2019. However, the patch was incomplete and another variant of the flaw emerged in June 2020, followed by two more variants several months later. A similar thing happened with a series of bugs in the Jscript engine in IE, and several bugs in the V8 engine in Chrome.
Microsoft Patch Tuesday updates for February 2020 fix IE 0day flaw
Download: https://urlcod.com/2vGyYC
AFFECTED PRODUCTSAWK-3131A Series: Firmware Version 1.13 or lowerQID Detection Logic:This QID checks for the Vulnerable version of Omron NJ/NX-series Machine Automation Controllers using passive scanning.ConsequenceImproper system access as a higher privilege user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.SolutionCustomers are advised to refer to Moxa MITIGATIONS section MPSA-200203 for affected packages and patching details.Patches MPSA-200203CVE-2020-7692+QID: 241180Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:0560)SeverityUrgent5Recently PublishedQualys ID241180Date PublishedFebruary 9, 2023Vendor ReferenceRHSA-2023:0560CVE ReferenceCVE-2020-7692, CVE-2022-25857, CVE-2022-30946, CVE-2022-30952, CVE-2022-30953, CVE-2022-30954, CVE-2022-36882, CVE-2022-36883, CVE-2022-36884, CVE-2022-36885, CVE-2022-43401, CVE-2022-43402, CVE-2022-43403, CVE-2022-43404, CVE-2022-43405, CVE-2022-43406, CVE-2022-43407, CVE-2022-43408, CVE-2022-43409, CVE-2022-45047, CVE-2022-45379, CVE-2022-45380, CVE-2022-45381CVSS ScoresBase 9.9 / Temporal 8.6DescriptionRed hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments...Security Fix(es): jenkins-plugin/script-security: sandbox bypass vulnerabilities in jenkins. Affected Products: Red Hat openshift container platform 4.10 for rhel 8 x86_64. Red hat openshift container platform 4.10 for rhel 7 x86_64. Red hat openshift container platform for power 4.10 for rhel 8 ppc64le. Red hat openshift container platform for ibm z and linuxone 4.10 for rhel 8 s390x. Red hat openshift container platform for arm 64 4.10 aarch64.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0560 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0560CVE-2022-29599QID: 770174Red Hat OpenShift Container Platform 4.9. Security Update (RHSA-2023:0573)SeverityUrgent5In DevelopmentQualys ID770174Vendor ReferenceRHSA-2023:0573CVE ReferenceCVE-2022-29599CVSS ScoresBase 9.8 / Temporal 8.5DescriptionRed Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
AFFECTED PRODUCTSRCC 972: Firmware Version 15.40 QID Detection Logic:This QID checks for the Vulnerable version of Horner Automation Remote Compact Controller using passive scanningConsequenceSuccessful exploitation of these vulnerabilities could allow an attacker to obtain credentials to the affected device and obtain complete control. SolutionCustomers are advised to refer to CERT MITIGATIONS section ICSA-22-335-02 for affected packages and patching details.Patches ICSA-22-335-02CVE-2019-14870+QID: 502655Alpine Linux Security Update for heimdalSeverityUrgent5In DevelopmentQualys ID502655Vendor ReferenceheimdalCVE ReferenceCVE-2019-14870, CVE-2021-3671, CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640, CVE-2022-45142CVSS ScoresBase 9.8 / Temporal 8.5DescriptionAlpine Linux has released a security update for heimdal to fix the vulnerabilities.Affected versions:Alpine Linux 3.15Alpine Linux 3.16Affected Package versions prior to 7.7.1-r0.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Alpine Linux advisory heimdal for updates and patch information.Patches Alpine Linux heimdal-7.7.1-r0CVE-2022-29599QID: 241183Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2023:0573)SeverityUrgent5In DevelopmentQualys ID241183Vendor ReferenceRHSA-2023:0573CVE ReferenceCVE-2022-29599CVSS ScoresBase 9.8 / Temporal 8.5DescriptionRed hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments...Security Fix(es): maven-shared-utils: command injection via commandline class. Affected Products: Red Hat openshift container platform 4.9 for rhel 8 x86_64. Red hat openshift container platform for power 4.9 for rhel 8 ppc64le. Red hat openshift container platform for ibm z and linuxone 4.9 for rhel 8 s390x. Red hat openshift container platform for arm 64 4.9 aarch64.. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Red Hat security advisory RHSA-2023:0573 for updates and patch information.Patches Red Hat Enterprise Linux RHSA-2023:0573CVE-2022-41853QID: 160456Oracle Enterprise Linux Security Update for hsqldb (ELSA-2023-12103)SeverityUrgent5Recently PublishedQualys ID160456Date PublishedFebruary 9, 2023Vendor ReferenceELSA-2023-12103CVE ReferenceCVE-2022-41853CVSS ScoresBase 9.8 / Temporal 8.5DescriptionOracle Enterprise Linux has released a security update for hsqldb to fix the vulnerabilities.Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation allows an attacker to compromise the system.SolutionTo resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:ELSA-2023-12103Patches Oracle Linux ELSA-2023-12103CVE-2022-37436+QID: 753658SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0322-1)SeverityUrgent5In DevelopmentQualys ID753658Vendor ReferenceSUSE-SU-2023:0322-1CVE ReferenceCVE-2022-37436, CVE-2022-36760, CVE-2006-20001CVSS ScoresBase 9 / Temporal 7.8DescriptionSUSE has released a security update for apache2 to fix the vulnerabilities.Affected product(s):SUSE Linux Enterprise Server 15 SP4SUSE Linux Enterprise Server for SAP Applications 15 SP4ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to SUSE security advisory SUSE-SU-2023:0322-1 for updates and patch information.Patches SUSE Enterprise Linux SUSE-SU-2023:0322-1CVE-2022-37436+QID: 753653SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2023:0321-1)SeverityUrgent5In DevelopmentQualys ID753653Vendor ReferenceSUSE-SU-2023:0321-1CVE ReferenceCVE-2022-37436, CVE-2022-36760, CVE-2006-20001CVSS ScoresBase 9 / Temporal 7.8DescriptionSUSE has released a security update for apache2 to fix the vulnerabilities.Affected product(s):SUSE Linux Enterprise Server 15 SP2SUSE Linux Enterprise Server for SAP Applications 15 SP2SUSE Linux Enterprise Server for SAP Applications 15 SP2SUSE Linux Enterprise Server 15 SP3SUSE Linux Enterprise Server for SAP Applications 15 SP3SUSE Linux Enterprise Server for SAP Applications 15 SP3ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to SUSE security advisory SUSE-SU-2023:0321-1 for updates and patch information.Patches SUSE Enterprise Linux SUSE-SU-2023:0321-1CVE-2022-47929+QID: 354736Amazon Linux Security Advisory for kernel : ALAS2-2023-1932SeverityUrgent5Recently PublishedQualys ID354736Date PublishedFebruary 9, 2023Vendor ReferenceALAS2-2023-1932CVE ReferenceCVE-2022-47929, CVE-2023-0394, CVE-2022-3643, CVE-2023-23455, CVE-2022-45934CVSS ScoresBase 10 / Temporal 8.7DescriptionGuests can trigger nic interface reset/abort/crash via netback it is possible for a guest to trigger a nic interface reset/abort/crash in a linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) Assumption in the rest of the linux network stack that packet protocol headers are all contained within the linear section of the skb and some nics behave badly if this is not the case. This has been reported to occur with cisco (enic) and broadcom netxtrem ii bcm5780 (bnx2x) though it may be an issue with other nics/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (( CVE-2022-3643) an issue was discovered in the linux kernel through 6.0.10. L2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via l2cap_conf_req packets. (( CVE-2022-45934) in the linux kernel before 6.1.6, a null pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. (( CVE-2022-47929) a null pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the linux kernel. This flaw causes the system to crash. (( CVE-2023-0394) atm_tc_enqueue in net/sched/sch_atm.c in the linux kernel through allows attackers to cause a denial of serviceConsequenceSuccessful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.SolutionPlease refer to Amazon advisory: ALAS2-2023-1932 for affected packages and patching details, or update with your package manager.Patches amazon linux 2 ALAS2-2023-1932CVE-2022-22294QID: 730724ZFAKA SQL Command VulnerabilitySeverityCritical4In DevelopmentQualys ID730724Vendor ReferenceCVE-2022-22294CVE ReferenceCVE-2022-22294CVSS ScoresBase 9.8 / Temporal 8.8DescriptionZFAKA is a free, safe, stable and efficient card issuance system.Affected Versions:ZFAKA v1.4.3 and earlier.QID Detection logic:This QID checks for the vulnerable versions of ZFAKA via querying 'product' endpoint.Consequencean attacker can use to complete SQL injection in the foreground and add a background administrator account.SolutionUpdate the product to ZFAKA v1.4.4 to fix the issue.Patches CVE-2022-22294CVE-2022-0947QID: 591342ABB Arctic Wireless Gateway Firewall Vulnerability (2NGA001253)SeverityCritical4In DevelopmentQualys ID591342Vendor Reference2NGA001253CVE ReferenceCVE-2022-0947CVSS ScoresBase 9.8 / Temporal 8.5DescriptionAFFECTED PRODUCTSARG600A1220NA, ARG600A1230NA, ARG600A1240NA, ARG600A1260NA, ARG600A2622NA, ARG600A2625NA: from firmware version 2.4.0 up to firmware version 3.4.10ARP600A2200NA, ARP600A2220NA, ARP600A2250NA, ARP600A2260NA, ARP600A2651NA, ARP600A2560NA: from firmware version 2.4.0 up to firmware version 3.4.10ARR600A3201NA, ARR600A3202NA, ARR600A3221NA, ARR600A3222NA, ARR600A3251NA, ARR600A3252NA, ARR600A3261NA, ARR600A3262NA: from firmware version 2.4.0 up to firmware version 3.4.10ARC600A2325NA, ARC600A2323NA, ARC600A2324NA: from firmware version 2.4.0 up to firmware version 3.4.10QID Detection Logic:This QID checks for the Vulnerable version of Omron NJ/NX-series Machine Automation Controllers using passive scanningConsequenceAn attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system node. Alternatively, the attacker could run a dictionary attack against the WHMI or CLI login for trying to get access to the device. The exploit would require that the attacker has access to the system network, by connecting to the network either directly or through a public IP address that the device may have.SolutionCustomers are advised to refer to ABB MITIGATIONS section 2NGA001253 for affected packages and patching details.Patches 2NGA001253CVE-2022-31765QID: 591338Siemens SCALANCE and RUGGEDCOM Products Privilege Escalation Vulnerability (ICSA-22-286-11, SSA-552702)SeverityCritical4In DevelopmentQualys ID591338Vendor ReferenceSSA-552702CVE ReferenceCVE-2022-31765CVSS ScoresBase 8.8 / Temporal 7.9DescriptionSuccessful exploitation of this vulnerability could allow low privileged attackers to escalate privileges.QID Detection Logic:This QID checks for the Vulnerable version of Siemens SCALANCE and RUGGEDCOM Products using passive scanningConsequenceSuccessful exploitation of this vulnerability could allow low privileged attackers to escalate privileges.SolutionCustomers are advised to refer to CERT MITIGATIONS section SSA-552702 for affected packages and patching details.Patches SSA-552702CVE-2019-7574+QID: 181548Debian Security Update for libsdl2 (DLA 3314-1)SeverityCritical4Recently PublishedQualys ID181548Date PublishedFebruary 9, 2023Vendor ReferenceDLA 3314-1CVE ReferenceCVE-2019-7574, CVE-2019-7636, CVE-2020-14410, CVE-2019-7635, CVE-2019-7575, CVE-2019-13626, CVE-2019-7578, CVE-2020-14409, CVE-2019-7573, CVE-2019-13616, CVE-2021-33657, CVE-2019-7638, CVE-2022-4743, CVE-2019-7572, CVE-2019-7576, CVE-2019-7577CVSS ScoresBase 8.8 / Temporal 7.7DescriptionDebian has released a security update for libsdl2 to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionRefer to Debian security advisory DLA 3314-1 for updates and patch information.Patches Debian DLA 3314-1CVE-2022-42898QID: 160454Oracle Enterprise Linux Security Update for krb5 (ELSA-2023-12104)SeverityCritical4Recently PublishedQualys ID160454Date PublishedFebruary 9, 2023Vendor ReferenceELSA-2023-12104CVE ReferenceCVE-2022-42898CVSS ScoresBase 8.8 / Temporal 7.7DescriptionOracle Enterprise Linux has released a security update for krb5 to fix the vulnerabilities.Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation allows an attacker to compromise the system.SolutionTo resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:ELSA-2023-12104Patches Oracle Linux ELSA-2023-12104CVE-2021-3638+QID: 160453Oracle Enterprise Linux Security Update for virt:kvm_utils (ELSA-2023-12108)SeverityCritical4Recently PublishedQualys ID160453Date PublishedFebruary 9, 2023Vendor ReferenceELSA-2023-12108CVE ReferenceCVE-2021-3638, CVE-2021-3631, CVE-2022-1050, CVE-2022-3165, CVE-2022-4172CVSS ScoresBase 8.8 / Temporal 7.7DescriptionOracle Enterprise Linux has released a security update for virt:kvm_utils to fix the vulnerabilities.Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation allows an attacker to compromise the system.SolutionTo resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:ELSA-2023-12108Patches Oracle Linux ELSA-2023-12108CVE-2022-4017QID: 150646WordPress Booster for Woocommerce Plugin: Cross-Site Resource Forgery (CSRF) Vulnerability(CVE-2022-4017)SeverityCritical4In DevelopmentQualys ID150646Vendor ReferenceWPScanCVE ReferenceCVE-2022-4017CVSS ScoresBase 8.8 / Temporal 7.7DescriptionBooster for WooCommerce is an addon plugin for WooCommerce designed to enhance its functionality through the use of various modules that site owners can enable and disable at any point.The plugins contain either flawed or absent Cross-Site Request Forgery (CSRF) checks in multiple locations, creating a security vulnerability where attackers can manipulate logged-in users into performing unwanted actions through CSRF attacks.Affected Versions:The Booster for WooCommerce WordPress plugin before 6.0.1QID Detection Logic:This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.ConsequenceSuccessful exploitation would lead attackers to inject HTML or JavaScript via a cross-site scripting, which can help the attacker carry out further attacks and obtain sensitive information.SolutionCustomers are advised to upgrade to Booster for WooCommerce 6.0.1 or later version to remediate this vulnerability.For more information regarding this vulnerability please refer WPScan Security Advisory. Patches WPScanCVE-2022-46285QID: 905402Common Base Linux Mariner (CBL-Mariner) Security Update for libXpm (13249)SeverityCritical4In DevelopmentQualys ID905402Vendor ReferenceMariner_2.0_13249CVE ReferenceCVE-2022-46285CVSS ScoresBase 8.6 / Temporal 7.9DescriptionCBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.CBL-Mariner has NOT released a security update for libXpm to fix the vulnerabilities.ConsequenceSuccessful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.SolutionPatch is NOT available for the package. 2ff7e9595c
コメント