IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Weekly threat roundup: Cisco, Windows, Google Cloud VMs

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Cisco flaw abused after PoC posted online

Hackers are exploiting a vulnerability in Cisco’s Adaptive Security Appliance (ASA) after researchers published a proof-of-concept (PoC) for successful exploitation online last week.

The vulnerability tracked as CVE-2020-3580 was originally patched in October 2020, alongside CVE-2020-3581 through to CVE-2020-3583. It concerns flaws in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software.

Tenable researchers have detected attackers abusing the flaw to remotely launch cross-site scripting (XSS) attacks a few days after researchers with Positive Technologies published the PoC. As of July 2020, there were 85,000 ASA/FTD devices distributed across the business landscape.

Netgear routers susceptible to takeover

Microsoft researchers have detailed three vulnerabilities affecting Netgear DGN-2200v1 series routers that hackers can exploit to seize control of devices and gain network access.

The three HTTP authentication security flaws, which were patched in December 2020, are considered critical security issues and range on the CVSS threat severity scale from 7.1 to 9.4 out of ten. They affect routers running firmware versions 1.0.0.60 or earlier.

These vulnerabilities allow hackers to access router management pages using an authentication bypass, which could let them gain control over the router and glean credentials that have been saved by launching side-channel attacks.

Microsoft Edge Translator embedded with uXSS flaw

The Microsoft Edge translation tool is embedded with a universal XSS flaw that allows cyber criminals to execute malicious code on a victim’s web browser.

To trigger the exploit, CyberXplore researchers inserted malicious JavaScript into web pages, alongside text in a foreign language. When the tool either automatically translated the text, or was activated through a prompt, the browser re-rendered the page, but failed to render the image tag, which triggered an error event and activated the malicious function.

The vulnerability, which has now been patched, was tracked as CVE-2021-34506 and is classed as moderately severe. The researchers who discovered the flaw, Vansh Devgan and Shivam Kumar Singh, believe a critical designation would be more appropriate, though. This is because they claim it can trigger XSS on any page across the internet.

Alarms raised over Windows print spooler flaw

Researchers have inadvertently endangered Windows users by releasing a PoC exploitation for an unpatched flaw in the Print Spooler component.

Microsoft had initially fixed a flaw as part of its 8 June Patch Tuesday round of updates, tracked as CVE-2021-1675 and referred to then as a Print Spooler bug. Microsoft upgraded the severity of this vulnerability from a privilege escalation to a remote code execution flaw (RCE) on 21 June.

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

This prompted Sangfor researchers to publish a PoC exploitation for a print spooler RCE bug earlier than expected, having originally planned to discuss their work at the Black Hat conference in August. Their exploit was for an entirely different vulnerability, however, from that which Microsoft fixed in June.

It prompted the researchers to delete their PoC, although the code was downloaded and republished elsewhere. There’s no patch currently available, with Sophos urging users to disable the Print Spooler on vulnerable machines until Microsoft develops a fix.

Bug grants root access to Google Cloud VMs

Researcher Imre Rad has uncovered a flaw that cyber criminals can exploit to gain root access to virtual machines (VMs) running on Google Cloud.

Any prospective attack would abuse a weakness in Google’s Infrastructure as a Service (IaaS) product, known as the Google Compute Engine. The vulnerability lies in the random number generator of the ISC DHCP server used by default.

There are two phases to any potential attack. First, attackers must overload a victim’s VM with DHCP traffic to force it to use a malicious metadata server, instead of an official Google one. Then, once the VM is tied with the malicious server, the attacker can send across their SSH public key and gain root access to the VM.

Although Rad reported the bug to Google, the firm hasn’t yet confirmed whether it’s working on a fix. Until then, he's recommended that users refrain from using DHCP, or that they set up a firewall rule to ensure DHCP communication comes from the specified Google metadata server.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022