Exposures, Exposed! Weekly Round-up August 12 – August 17

Feeling the summer heat? Chill out with Exposures, Exposed! - your summer survival guide to dodging digital danger. Our squad of cyber sleuths dives deep into the cool virtual ocean to fish out the freshest security tips. Don't let the heat get to your defenses – Exposures, Exposed! is your shade in the blazing cyber sun.

Here’s what we’ve got for you this week:

Critical SAP Vulnerabilities Patched

SAP has released 17 new patches as well as eight updated security patches, including two high-severity vulnerabilities rated "hot news." The most critical issues impact BusinessObjects Business Intelligence and Build Apps, potentially allowing attackers to gain full system access or execute malicious code. Additionally, four other high-severity vulnerabilities were addressed, including an XML injection flaw, a prototype pollution bug, and an information disclosure issue. Organizations are urged to prioritize applying these patches to protect against potential attacks.

The Takeaway: Review SAP's August 2024 security notes and apply the necessary patches immediately to mitigate the risk of exploitation. Learn more here.

Critical Outlook Vulnerability Patched

Researchers have discovered and reported a critical vulnerability in Microsoft Outlook, designated CVE-2024-38173. This form injection Remote Code Execution (RCE) flaw could allow attackers to execute malicious code without user interaction, potentially leading to data breaches. Similar to a previous vulnerability patched in July, CVE-2024-38173 poses a significant risk to organizations. Microsoft has addressed this issue in their August 2024 patch cycle.?

The Takeaway: To protect against this threat, users and organizations are urged to install the latest Microsoft Outlook updates immediately, implement robust email security measures, and educate employees about the dangers of opening suspicious emails. Additionally, hardening systems by blocking outbound SMB and enforcing Kerberos authentication is recommended. Learn more here .

Kubernetes Flaw Exposes Clusters to Attacks

A vulnerability in Kubernetes’ git-sync project could allow attackers to execute commands or steal data from affected clusters. The flaw, discovered by Akamai researcher Tomer Peled, impacts default Kubernetes installations across major cloud platforms. While no official patch exists, organizations can mitigate risks by enhancing monitoring, auditing git-sync pods, and implementing Open Policy Agent rules.?

The Takeaway: Organizations using Kubernetes should prioritize monitoring git-sync activity and implement additional security measures to protect against potential attacks. Learn more here .

GitHub Artifacts Leak Access Tokens

A security researcher discovered sensitive access tokens within build artifacts of popular GitHub repositories. The tokens, including those for cloud services, could allow attackers to compromise projects and infrastructure. GitHub's recent change to allow artifact downloads during workflow execution has exacerbated the issue. Developers must carefully review artifact contents and consider alternative methods for storing sensitive data.

The Takeaway: Organizations using GitHub Actions should prioritize artifact security, limit token exposure, and carefully evaluate the risks associated with the new artifacts feature. Learn more here .

Critical Windows Vulnerability Opens Door to Full Control

A critical security flaw in Windows operating systems allows attackers complete control over affected devices. The vulnerability, tracked as CVE-2024-38063, can be exploited remotely without requiring user interaction. Microsoft has released patches but strongly recommends users apply them immediately or disable IPv6 as a temporary measure.?

The Takeaway: Windows users must install the August 2024 security update or disable IPv6 to protect against this critical vulnerability. Learn more here .

SolarWinds Patches Critical Web Help Desk Flaw

SolarWinds has issued a patch for a critical remote code execution vulnerability in its Web Help Desk platform. The flaw, tracked as CVE-2024-28986, could allow attackers to execute commands on affected systems. While SolarWinds states authentication is required for exploitation, the vulnerability's severity necessitates immediate patching. All Web Help Desk customers should upgrade to version 12.8.3 and apply the hotfix.

The Takeaway: SolarWinds Web Help Desk users must install the latest patch to protect against potential exploitation of CVE-2024-28986. Learn more here .

Microsoft Warns of Critical OpenVPN Flaws

Microsoft researchers have uncovered multiple vulnerabilities in OpenVPN that could be exploited by attackers to gain full control of targeted systems. The flaws, now patched in OpenVPN 2.6.10, could be combined to create dangerous attack chains. While the vulnerabilities require user authentication, Microsoft warns that once credentials are compromised, attackers can leverage these flaws to escalate privileges, execute code remotely, and establish persistent control over infected systems. The company strongly urges users to update OpenVPN immediately.

The Takeaway: Update OpenVPN to version 2.6.10 or later to protect against critical vulnerabilities that could allow attackers to take complete control of systems. Learn more here .

Critical AWS Vulnerabilities Exposed?

Security researchers have uncovered critical vulnerabilities in multiple Amazon Web Services (AWS) services, including CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar. These flaws could have allowed attackers to execute malicious code, steal data, and even take over entire accounts. The vulnerabilities were exploited through two primary attack vectors: Shadow Resource and Bucket Monopoly. While AWS has addressed these issues, organizations must remain vigilant and implement strong security measures.

The Takeaway: Review and update AWS security configurations, implement strong access controls, and monitor for suspicious activity to protect against potential threats. Learn more here .

Azure Health Bot Flaws Patched Before Exploitation

Researchers discovered two critical vulnerabilities in Microsoft's Azure Health Bot that could have allowed attackers to escalate privileges and access sensitive data. The flaws were promptly addressed by Microsoft before any exploitation occurred. The vulnerabilities highlighted the potential risks associated with AI-powered healthcare services and the importance of robust security measures.

The Takeaway: While the vulnerabilities in Azure Health Bot have been patched, organizations should remain vigilant about the security of their AI systems and adopt best practices to protect sensitive data. Learn more here .

Fortinet, Zoom Patch Critical Vulnerabilities

Fortinet and Zoom have released security updates addressing multiple vulnerabilities in their respective software products. Fortinet patched three flaws affecting its FortiOS, FortiAnalyzer, FortiManager, FortiProxy, FortiPAM, and FortiSwitchManager platforms, including two that could lead to privilege escalation.?

Zoom addressed 15 vulnerabilities, with two classified as high-severity, which could allow attackers to escalate privileges or access restricted information. Both companies have confirmed that there is no evidence of these vulnerabilities being exploited in the wild.

The Takeaway: Users of Fortinet and Zoom products should prioritize installing the latest security patches to protect against potential attacks. Learn more here.

That’s all for this week – have any exposures to add to our list? Let us know!