Weekly threat roundup: Atlassian, Microsoft Office, Zoho ManageEngine

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Atlassian Confluence is under attack

US officials have warned businesses that a vulnerability in the Atlassian Confluence workplace collaboration platform is being exploited on a massive scale.

Although Atlassian has issued a patch for the critical flaw tracked as CVE-2021-26084, researchers have detected mass scanning and exploit activity from hackers in a number of regions, including China and Brazil. Atlassian hasn’t revealed the exploit mechanism, although it’s described the flaw as a Confluence Server Websork OGNL injection.

The bug, rated 9.8 out of ten on the CVSS threat severity scale, lies in the Atlassian Confluence Server and Confluence Data Center products and can allow an unauthorised attacker to execute arbitrary code on either. Confluence Cloud, which is hosted on public cloud environments, isn’t affected.

Microsoft users targeted with malicious Office files

Hackers are exploiting a vulnerability in the browser engine that powers Internet Explorer to target Windows users with malicious Microsoft Office documents.

The flaw, tracked as CVE-2021-40444, is a remote code execution zero-day embedded in MSHTML, an engine also known as Trident, and is rated 8.8 out of ten on the CVSS threat severity scale. This bug is under limited and targeted exploitation, according to the firm.

Exploitation involves an attacker crafting a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. These are small programmes for Internet Explorer and other Windows apps used to add more functionality to the core software. Once an attacker’s written the malicious ActiveX control, they would then need to convince a victim to open the malicious file.

HAProxy susceptible to HTTP request smuggling attacks

A critical flaw in HAProxy, a widely-used open source load balancer and proxy server, can be exploited to smuggle HTTP requests. This might lead to hackers accessing sensitive data and launching a variety of attacks, according to researchers with JFrog Security.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point insideFree download

This integer overflow vulnerability, tracked as CVE-2021-40346, exists in HAProxy 2.0 through 2.5 in the htx_add_header() component and can allow an attacker to tamper with the way a site processes a sequence of HTTP requests. This abuses parsing inconsistencies between how front-end and band-end servers process the HTTP requests.

The consequences of a successful attack include gaining access to sensitive data, executing unauthorised commands or modifying data, hijacking user sessions, and exploiting a reflected cross-site scripting (XSS) vulnerability without user interaction.

CISA warns that Zoho ManageEngine is being targeted

The US cybersecurity and infrastructure agency (CISA) has revealed that a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus is being exploited in the wild.

ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) system for Active Directory and cloud applications that allows IT admins to enforce two-factor authentication (2FA) across their systems.

Tracked as CVE-2021-40539, this vulnerability is described as an authentication bypass flaw that can lead to remote code execution. Zoho has described it as a “critical issue”, given that it allows attackers to gain unauthorised access to the product through REST API endpoints by sending a specially crafted request.

Customers can protect themselves against attacks by updating ADSelfService Plus to the latest build, 6114.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021