June saw the release of several security updates, with major fixes released for Google’s Chrome and Android, as well as dozens of fixes for Microsoft products, including fixes for a Windows zero-day vulnerability that attackers had previously exploited . Apple updates were absent at the time of writing, but the month also included some major enterprise-focused patches for Citrix, SAP and Cisco products.
Here’s what you need to know about the major fixes released over the past month.
Microsoft’s Patch Tuesday release was pretty hefty in June, including fixes for 55 flaws in the tech giant’s products. This Patch Tuesday was particularly important because it addressed a remote code execution (RCE) issue already exploited in Windows called Follina, which Microsoft had been aware of since at least May.
Tracked as CVE-2022-30190, Follina, which takes advantage of Windows Support Diagnostic Tool vulnerabilities and can run without needing to open a document, has already been used by several criminal groups and state-sponsored attackers.
Three of the vulnerabilities addressed in Patch Tuesday affecting Windows Server are RCE flaws and are classified as critical. However, the patches seem to break some VPN and RDP connections, so be careful.
Google Chrome updates continue to be thick and fast. This is not a bad thing, because the most popular browser in the world is by default one of the main targets of hackers. In June, Google released Chrome 103 with fixes for 14 vulnerabilities, some of which are serious.
Tracked as CVE-2022-2156, the biggest flaw is a use-after-release issue in Base reported by Google’s Project Zero bug tracking team that could lead to arbitrary code execution, denial of service or data corruption. Worse still, when chained with other vulnerabilities, the flaw can result in a complete system compromise.
Among multiple Android security issues Google patched in June, the most serious is a critical security vulnerability in system component that could lead to remote code execution without additional execution privileges, Google said in its bulletin. android security.
Google has also released updates for its Pixel devices to fix issues in Android Framework, Media Framework, and System Components.
Samsung users seem to have had good luck with Android updates lately, with the device manufacturer rolling out its patches very quickly. The June security update is no different, immediately hitting the Samsung Galaxy Tab S7 series, Galaxy S21 series, Galaxy S22 series, and Galaxy Z Fold 2.
Software maker Cisco released a patch in June to address a critical vulnerability in Cisco Secure Email and Web Manager and Cisco Email Security Appliance that could allow a remote attacker to bypass authentication and log into the management interface Web of an affected device.
The issue, identified as CVE-2022-20798, could be exploited if an attacker types something specific on the affected device’s login page, which would provide access to the web-based management interface, Cisco said.
Citrix has issued a warning urging users to patch some major vulnerabilities that could allow attackers to reset administrator passwords. Vulnerabilities in Citrix Application Delivery Management could lead to system corruption by an unauthenticated remote user, Citrix said in a security bulletin. “The impact of this may include resetting the admin password on the next device reboot, allowing an attacker with ssh access to log in with the default admin credentials after the restarting the device,” the company wrote.
Citrix recommends that traffic to the Citrix ADM IP address be segmented from standard network traffic. This decreases the risk of exploitation, he said. However, the vendor also urged customers to install the updated versions of Citrix ADM Server and Citrix ADM Agent “as soon as possible.”
Software company SAP released 12 security patches as part of its June Patch Day, three of which are serious. The first one listed by SAP concerns an update released on April 2018 Patch Day and applies to the control of the Google Chromium browser used by the company’s client companies. Details of this vulnerability are not available, but it has a severity score of 10, so the fix should be applied immediately.
Another major fix concerns an issue in the SAProuter proxy in NetWeaver and ABAP Platform, which could allow an attacker to run SAProuter administration commands from a remote client. The third major patch fixes a privilege escalation bug in SAP PowerDesigner Proxy 16.7.
Splunk has released out-of-band patches for its Enterprise product, fixing issues including a critical-rated vulnerability that could lead to the execution of arbitrary code.
Tagged CVE-2022-32158, the flaw could allow an adversary to compromise a Universal Forwarder endpoint and execute code on other endpoints connected to the deployment server. Fortunately, there is no indication that the vulnerability has been used in any real attacks.
Ninja Forms WordPress Plugin
Ninja Forms, a WordPress plugin with over a million active installs, fixed a serious issue that is likely being used by attackers in the wild. “We discovered a code injection vulnerability that allowed unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that deserialized user-supplied content, causing the injection objects,” WordPress security analysts Wordfence Threat said. The intelligence team said in an update.
This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a distinct POP string was present, the researchers said.
The flaw has been fully patched in versions 18.104.22.168, 3.1.10, 3.2.28, 22.214.171.124, 126.96.36.199, 188.8.131.52, and 3.6.11. WordPress appears to have performed a forced auto-update for the plugin, so your site may already be using one of the patched versions.
Australian software company Atlassian has released a patch to fix a zero-day flaw already exploited by attackers. Tracked as CVE-2022-26134, the RCE vulnerability in Confluence Server and Data Center can be used to hijack Internet-facing servers.
GitLab has released fixes for versions 15.0.1, 14.10.4, and 14.9.5 for GitLab Community Edition and Enterprise Edition. The updates contain important security fixes for eight vulnerabilities, one of which could allow account takeover.
With that in mind, the firm “strongly recommends” that all GitLab installations be upgraded to the latest version “as soon as possible.” GitLab.com is already running the patched version.