Netizen: August Vulnerability Review
Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from July that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2022-30222 has been given a CVSSv3 score of 8.4/10. This Windows Shell Remote Code Execution Vulnerability allows an unauthenticated threat actor to execute code on an affected system by interacting with the login screen with a specific input. This vulnerability is especially worrisome since attackers targeting this CVE require no user involvement and have little complexity to their attack parameters. Prioritize patching this vulnerability immediately if you use RDP in your environment. For more on this vulnerability, check out this link.
CVE-2022-24545 has been given a CVSSv3 score of 5.1/10. This vulnerability actively exploits a Remote Code Execution vulnerability affecting Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022. The vulnerability itself stems from having enabled the registry key “DisableRestrictedAdmin.” Currently, no patch exists, the safest course of action is to, securely enable Remote Desktop Connection. For more on this vulnerability, check out this link.
CVE-2022-30216 has been given a CVSSv3 score of 8.8/10. This vulnerability is a low complexity Windows Server service tampering vulnerability. An authenticated attacker could use this CVE to upload a certificate to the service server. Microsoft has identified this issue as a major one that needs to be patched immediately, given the low complexity and minimal credentials required to activate that exploit. If an attacker was able to a certificate on the target server, the attacker could then pivot and perform remote code execution on the desired targets. For more on this vulnerability, check out this link.
CVE-2022-25762 has been given a CVSSv3 score of 8.6/10. This vulnerability affects Apache Tomcat versions 9.0.0.M1 to 9.0.2o and 8.5.0 to 8.5.75. A remote attacker can potentially utilize this CVE to compromise the data confidentiality, integrity, and availability of the affected system. “If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.” For more on this vulnerability, check out this link.
Google Chrome Vulnerabilities:
Google disclosed five high threat level vulnerabilities in July, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479, CVE-2022-2480, and CVE-2022-2481. If successfully exploited, one of the most severe of these vulnerabilities could allow for arbitrary code execution via a logged-on user. If the user’s privileges are high enough, a threat actor could create new accounts with full user rights, install programs, view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Affected users are being urged to update Chrome to the newest version immediately. For more on these vulnerabilities, check out this link.
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact