Weekly threat roundup: Windows 10, Adobe, and SonicWall VPNs

The most dangerous and pressing cyber security exploits from the week gone by

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Wormable CVSS 9.8-rated flaw - Microsoft’s Patch Tuesday

Although this week’s Patch Tuesday was a much smaller package than we have come to expect in recent months, with just 87 security fixes released, there were still patches for 11 ‘critical’ exploits among them.

The highlight of the bunch was a wormable flaw in the TCP/IP component of Windows 10 and Windows Server 2019 that, if exploited, could allow an attacker to run code on target systems remotely, and compromise an entire network. This flaw, tagged CVE-2020-16898, was rated 9.8 on the CVSS severity scale.

Another major exploit fixed as part of the wave of updates include a remote code execution bug found in Windows Hyper-V, tagged CVE-2020-16891. This was among bugs fixed in Microsoft Office, Azure Functions, Microsoft Exchange Server, and Adobe Flash player, among other Microsoft software.

Two critical bugs in Adobe’s Magento platform

Nine security vulnerabilities in Adobe’s ecommerce platform, branded Magento, were fixed on Thursday. These included two critical vulnerabilities, file upload allow list bypass and SQL injection flaws, tagged CVE-2020-24407 and CVE-2020-24400 respectively.

The former could have allowed a hacker to execute arbitrary code on targeted systems, while the latter, if exploited, would grant arbitrary read or write access to a database. Both require administrative privileges to execute, however.

Both the Magento Commerce and Magento Open Source platforms were affected by all nine bugs, the company confirmed, including versions 2.3.5-p1 and earlier versions as well as 2.4.0 and earlier versions of both platforms.

Zero-Click Linux Bluetooth flaws

A set of zero-click vulnerabilities in the Linux Bluetooth software can allow an unauthorised attacker to remotely execute arbitrary code, with kernel privileges, on vulnerable devices, according to security engineer Andy Nguyen.

Three flaws, collectively known as BleedingTooth, are present in the open-source BlueZ protocol stack, which provides support for the core Bluetooth layers and protocols on systems running Linux. Intel and Google have both provided advisories detailing the nature of the potential exploit.

Related Resource

2020 cyber security outlook report

Behaviours in the battle between modern attacker and defender

Download now

The first, tagged CVE-2020-12351, is a heap-based type confusion present in the Logical Link Control and Adaptation Protocol (L2CAP) of the standard, and can be exploited to send malicious packets and cause denial of service, or even arbitrary code execution. The second, tagged CVE-2020-12352, concerns improper access controls and may allow an attacker to enable information disclosure. The third, meanwhile, tagged CVE-2020-24490, centres on improper buffer restrictions in BlueZ, and may cause denial of service.

SonicWall VPNs under threat by RCE bug

Patches have been released for a critical vulnerability in the SonicOS operating system that runs SonicWall virtual private network (VPN) appliances.

The 9.4-rated vulnerability on the CVSS scale is a denial of service flaw that is caused by a buffer overflow and can allow hackers to potentially execute arbitrary code on systems running the vulnerable OS.

The flaw in approximately 800,000 of the network security appliances affected can be triggered by an unauthenticated HTTP request involving a custom protocol handler, according to researchers from Tripwire. An unskilled attacker can use the flaw to cause a persistent state of denial of service, or possibly even execute arbitrary code remotely.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

What is a web filter?
cyber security

What is a web filter?

24 Sep 2021
100 million IoT devices affected by zero-day flaw
Internet of Things (IoT)

100 million IoT devices affected by zero-day flaw

24 Sep 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
HP Wolf Security: Threat insights report
Whitepaper

HP Wolf Security: Threat insights report

24 Sep 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
London ranks second to Silicon Valley as world's best startup hub
startups

London ranks second to Silicon Valley as world's best startup hub

22 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021