IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Weekly threat roundup: Atlassian, Microsoft Office, Zoho ManageEngine

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Atlassian Confluence is under attack

US officials have warned businesses that a vulnerability in the Atlassian Confluence workplace collaboration platform is being exploited on a massive scale.

Although Atlassian has issued a patch for the critical flaw tracked as CVE-2021-26084, researchers have detected mass scanning and exploit activity from hackers in a number of regions, including China and Brazil. Atlassian hasn’t revealed the exploit mechanism, although it’s described the flaw as a Confluence Server Websork OGNL injection.

The bug, rated 9.8 out of ten on the CVSS threat severity scale, lies in the Atlassian Confluence Server and Confluence Data Center products and can allow an unauthorised attacker to execute arbitrary code on either. Confluence Cloud, which is hosted on public cloud environments, isn’t affected.

Microsoft users targeted with malicious Office files

Hackers are exploiting a vulnerability in the browser engine that powers Internet Explorer to target Windows users with malicious Microsoft Office documents.

The flaw, tracked as CVE-2021-40444, is a remote code execution zero-day embedded in MSHTML, an engine also known as Trident, and is rated 8.8 out of ten on the CVSS threat severity scale. This bug is under limited and targeted exploitation, according to the firm.

Exploitation involves an attacker crafting a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. These are small programmes for Internet Explorer and other Windows apps used to add more functionality to the core software. Once an attacker’s written the malicious ActiveX control, they would then need to convince a victim to open the malicious file.

HAProxy susceptible to HTTP request smuggling attacks

A critical flaw in HAProxy, a widely-used open source load balancer and proxy server, can be exploited to smuggle HTTP requests. This might lead to hackers accessing sensitive data and launching a variety of attacks, according to researchers with JFrog Security.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point insideFree download

This integer overflow vulnerability, tracked as CVE-2021-40346, exists in HAProxy 2.0 through 2.5 in the htx_add_header() component and can allow an attacker to tamper with the way a site processes a sequence of HTTP requests. This abuses parsing inconsistencies between how front-end and band-end servers process the HTTP requests.

The consequences of a successful attack include gaining access to sensitive data, executing unauthorised commands or modifying data, hijacking user sessions, and exploiting a reflected cross-site scripting (XSS) vulnerability without user interaction.

CISA warns that Zoho ManageEngine is being targeted

The US cybersecurity and infrastructure agency (CISA) has revealed that a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus is being exploited in the wild.

ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) system for Active Directory and cloud applications that allows IT admins to enforce two-factor authentication (2FA) across their systems.

Tracked as CVE-2021-40539, this vulnerability is described as an authentication bypass flaw that can lead to remote code execution. Zoho has described it as a “critical issue”, given that it allows attackers to gain unauthorised access to the product through REST API endpoints by sending a specially crafted request.

Customers can protect themselves against attacks by updating ADSelfService Plus to the latest build, 6114.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Raspberry Pi launches next-gen Pico W microcontroller with networking support

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022