A focus of Cybersecurity Awareness Month is on patching software in a timely manner. But we recognize that there are many patches being released each week, and it can become difficult to prioritize the critical updates to make first. We’ve simplified that for you in the below post. Read on for this month’s critical vulnerabilities and patches, curated for you by the Antigen team.
CVE-2021-22048 – VMware vCenter Server
- vCenter Server contains a privilege escalation vulnerability. This is within the Integrated Windows Authentication feature (IWA).
- Patch: Not yet released
- Workaround: Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication.
- Advisory: https://www.vmware.com/security/advisories/VMSA-2021-0025.html
CVE-2022-40684 – Fortinet Authentication Bypass
- This security flaw (CVE-2022-40684) allows attackers to bypass the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances.
- This is being ACTIVLY EXPLOITED, Pease patch ASAP!!!
- Patch:
- Please upgrade to FortiOS version 7.2.2 or above
- Please upgrade to FortiOS version 7.0.7 or above
- Please upgrade to FortiProxy version 7.2.1 or above
- Please upgrade to FortiProxy version 7.0.7 or above
- Please upgrade to FortiSwitchManager version 7.2.1 or above
- Advisory: https://www.fortiguard.com/psirt/FG-IR-22-377
CVE-2022-36067 – vm2 JavaScript Sandbox
- A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine.
- This is a very commonly embedded package. Please check your application dependencies.
- Patch: This vulnerability was patched in the release of version 3.9.11 of vm2.
- Advisory: https://github.com/advisories/GHSA-mrgp-mrhc-5jrq
CVE-2022-41040 & CVE-2022-41082 – Zero-day RCE/SSRF Vulnerabilities in Microsoft Exchange Server
- Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.
- Patch: Not yet released
- Mitigation: There have been several revisions to the migrations please review the advisories below to ensure the most recent one is being applied.
- Advisory:
