Exposures, Exposed! Weekly Round-up September 30 – October 6

Welcome to "Exposures, Exposed!" – your essential guide to safeguarding your digital world. As the season shifts and the air fills with the anticipation of autumn’s arrival, our dedicated experts are here to help you navigate the hidden vulnerabilities that lie beneath the surface. Join us as we reveal the digital threats that, like the unseen challenges of the year ahead, require your attention and preparedness.

Here’s what we’ve got for you this week:

Microsoft’s September Patch Tuesday Fixes Zero-Day Vulnerabilities

Microsoft’s September 2024 Patch Tuesday addresses 79 vulnerabilities, including four zero-day flaws. Two of the zero-days, affecting Microsoft Office and Windows Mark of the Web, were actively exploited. The update also fixes critical issues like CVE-2024-43491, a Windows Servicing Stack Remote Code Execution vulnerability with a CVSS score of 9.8.?

Six other critical vulnerabilities, including remote code execution flaws in SharePoint Server and Windows NAT, were patched. Microsoft urges users to update their systems immediately, particularly for high-risk zero-days and critical flaws that could enable remote code execution or privilege escalation.

The Takeaway: Users should install the latest Microsoft updates to address critical vulnerabilities and secure their systems from potential exploits. Learn more here .

NVIDIA Releases Patch for Critical AI Infrastructure Flaw

On Wednesday, NVIDIA released updates to address a critical vulnerability in its NVIDIA Container Toolkit. This flaw, tracked as CVE-2024-0132, poses a significant risk to AI infrastructure and underlying data, with a CVSS score of 9.0. Organizations using the Toolkit are urged to apply the patch immediately.?

The NVIDIA Container Toolkit, used for GPU-accelerated containers, is affected up to version 1.16.1. The vulnerability allows threat actors to perform a container escape, potentially gaining full root privileges over the host system. This flaw impacts shared environments, compromising both integrity and confidentiality.

Researchers estimate that one-third of cloud environments are affected. Exploitation involves a malicious image enabling attackers to execute arbitrary commands with root privileges.

The Takeaway: Organizations should prioritize applying the patch or use alternative protective measures. Learn more here .

CISA Warns of Exploited Flaws in SAP and Routers

The US cybersecurity agency CISA has issued a warning about years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers that are being exploited in the wild.?

The most severe flaw, CVE-2019-0344, affects SAP Commerce Cloud, allowing attackers to execute arbitrary code. Other vulnerabilities include a Null pointer dereference issue in the Gpac multimedia framework (CVE-2021-4043) and an OS command injection flaw in D-Link DIR-820 routers (CVE-2023-25280).?

The D-Link vulnerability remains unpatched as the affected model was discontinued. CISA has added these flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to address them by October 21.

The Takeaway: Organizations should prioritize reviewing CISA's KEV catalog and apply necessary mitigations immediately. Learn more here .

Google Releases Critical Chrome Update for Security Fixes

Google has issued a critical security update for its Chrome browser, addressing several high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, version 129.0.6668.89/.90 for Windows and Mac, and 129.0.6668.89 for Linux, is rolling out worldwide.

The most severe vulnerabilities include an integer overflow (CVE-2024-7025), insufficient data validation in Chrome’s IPC library (CVE-2024-9369), and an issue in the V8 JavaScript engine (CVE-2024-9370). These flaws, reported by external security researchers, highlight the importance of collaboration in maintaining browser security.

The Takeaway: Chrome users should update their browsers without delay to protect against these vulnerabilities. Updates are automatic, but users can manually check by navigating to the “About Google Chrome” section in their settings. Learn more here .

Forescout Unveils 14 Vulnerabilities in DrayTek Routers

Cybersecurity firm Forescout Technologies released its DRAY:BREAK report, revealing 14 vulnerabilities in DrayTek routers that affect over 700,000 devices globally. The flaws expose routers to potential attacks like remote code execution, espionage, data exfiltration, and denial of service. The vulnerabilities include CVE-2024-0132, which scored a critical 10 on the CVSS scale. These issues impact various router models, some of which are end-of-life, making them more difficult to patch.

DrayTek routers, widely used by businesses and residential customers, were also flagged in recent FBI and CISA advisories.?

The Takeaway: Forescout recommends immediate patching and applying mitigation measures, such as disabling unnecessary remote access, enabling two-factor authentication, and monitoring for unusual activity to reduce exposure to these vulnerabilities. Learn more here .

Researcher Discloses Less Critical Linux Vulnerabilities

On Sept 26th, security researcher Simone Margeritelli (@evilsocket) disclosed the discovery of 4 zero-day vulnerabilities in the Common UNIX Printing System (CUPS). CUPS is a popular open-source printer support package used by Linux and Unix-like operating systems.?

The flaw was originally assigned a CVSS score of 9.9, sparking concern across the cybersecurity community. However, subsequent analysis revealed that the issue, primarily related to vulnerabilities in OpenPrinting's CUPS, was less severe than anticipated.

Four vulnerabilities were identified: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. These flaws involve IPP attribute sanitization and command execution. While exploitation could result in remote code execution, factors such as manual service enabling and limited system exposure reduce the risk.

The Takeaway: Admins should mitigate risks by blocking UDP port 631 and DNS-SD traffic, to protect vulnerable systems. Learn more in our in depth write up.

CISA Warns of Critical Vulnerabilities in Optigo Switches

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two critical vulnerabilities in Optigo Networks' ONS-S8 Spectra Aggregation Switch, impacting all versions up to 1.3.7. These vulnerabilities, identified as CVE-2024-41925 and CVE-2024-45367, pose a risk of remote code execution and authentication bypass, with a CVSS v4 score of 9.3.

The flaws allow attackers to bypass authentication and execute arbitrary code with low attack complexity, threatening critical infrastructure sectors. One flaw arises from improper filename control, while the other involves weak authentication enforcement.?

Optigo Networks has not yet released a patch.

The Takeaway: Organizations using ONS-S8 switches must implement CISA's mitigation steps - including isolating management traffic, encrypting communications, and whitelisting authorized devices - to safeguard critical infrastructure. Learn more here .

That’s all for this week – have any exposures to add to our list? Let us know!

Read our blog - 9 Reasons CTEM Needs to be in Your 2025 Budget: