Weekly threat roundup: Windows 10, Adobe, and SonicWall VPNs

The most dangerous and pressing cyber security exploits from the week gone by

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Wormable CVSS 9.8-rated flaw - Microsoft’s Patch Tuesday

Although this week’s Patch Tuesday was a much smaller package than we have come to expect in recent months, with just 87 security fixes released, there were still patches for 11 ‘critical’ exploits among them.

The highlight of the bunch was a wormable flaw in the TCP/IP component of Windows 10 and Windows Server 2019 that, if exploited, could allow an attacker to run code on target systems remotely, and compromise an entire network. This flaw, tagged CVE-2020-16898, was rated 9.8 on the CVSS severity scale.

Another major exploit fixed as part of the wave of updates include a remote code execution bug found in Windows Hyper-V, tagged CVE-2020-16891. This was among bugs fixed in Microsoft Office, Azure Functions, Microsoft Exchange Server, and Adobe Flash player, among other Microsoft software.

Two critical bugs in Adobe’s Magento platform

Nine security vulnerabilities in Adobe’s ecommerce platform, branded Magento, were fixed on Thursday. These included two critical vulnerabilities, file upload allow list bypass and SQL injection flaws, tagged CVE-2020-24407 and CVE-2020-24400 respectively.

The former could have allowed a hacker to execute arbitrary code on targeted systems, while the latter, if exploited, would grant arbitrary read or write access to a database. Both require administrative privileges to execute, however.

Both the Magento Commerce and Magento Open Source platforms were affected by all nine bugs, the company confirmed, including versions 2.3.5-p1 and earlier versions as well as 2.4.0 and earlier versions of both platforms.

Zero-Click Linux Bluetooth flaws

A set of zero-click vulnerabilities in the Linux Bluetooth software can allow an unauthorised attacker to remotely execute arbitrary code, with kernel privileges, on vulnerable devices, according to security engineer Andy Nguyen.

Three flaws, collectively known as BleedingTooth, are present in the open-source BlueZ protocol stack, which provides support for the core Bluetooth layers and protocols on systems running Linux. Intel and Google have both provided advisories detailing the nature of the potential exploit.

Related Resource

2020 cyber security outlook report

Behaviours in the battle between modern attacker and defender

Download now

The first, tagged CVE-2020-12351, is a heap-based type confusion present in the Logical Link Control and Adaptation Protocol (L2CAP) of the standard, and can be exploited to send malicious packets and cause denial of service, or even arbitrary code execution. The second, tagged CVE-2020-12352, concerns improper access controls and may allow an attacker to enable information disclosure. The third, meanwhile, tagged CVE-2020-24490, centres on improper buffer restrictions in BlueZ, and may cause denial of service.

SonicWall VPNs under threat by RCE bug

Patches have been released for a critical vulnerability in the SonicOS operating system that runs SonicWall virtual private network (VPN) appliances.

The 9.4-rated vulnerability on the CVSS scale is a denial of service flaw that is caused by a buffer overflow and can allow hackers to potentially execute arbitrary code on systems running the vulnerable OS.

The flaw in approximately 800,000 of the network security appliances affected can be triggered by an unauthenticated HTTP request involving a custom protocol handler, according to researchers from Tripwire. An unskilled attacker can use the flaw to cause a persistent state of denial of service, or possibly even execute arbitrary code remotely.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
CMS platforms succumb to KashmirBlack botnet as businesses rush online
Security

CMS platforms succumb to KashmirBlack botnet as businesses rush online

22 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020