Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
Description:
Microsoft has disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region.
According to the Microsoft Security Response Centre report. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases.
The Windows maker described the security vulnerability as affecting PostgreSQL Flexible Server instances deployed using the public access networking option.
Source:
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
Impact:
Successful exploitation of the critical flaws could have enabled an adversary to gain unauthorized read access to other customers' PostgreSQL databases, effectively circumventing tenant isolation
Suggestions and Recommendations:
According to MSRC, no action is required by customers. To minimize the exposure, customers are recommended to enable private network access when setting up their Flexible Server instance
New Core Impact Backdoor Delivered via VMWARE Vulnerability
Description:
An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems.
Tracked as CVE-2022-22954, the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager.
Attack chains exploiting the flaw involve the distribution of a PowerShell-based stager, which is then used to download a next-stage payload called PowerTrash Loader that, in turn, injects the penetration testing tool, Core Impact, into memory for follow-on activities
CVE_IDs:
- · CVE-2022-22954
Source:
Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor (thehackernews.com)
Impact:
Successful exploitation of CVE-2022-22954 allows an attacker to execute code remotely
Suggestions and Recommendations:
The issue has been patched by the virtualization services provider on April 6, 2022. We strongly recommend the users, to apply the patches as the flaw is being exploited in the wields.
Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System
Description:
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.
The vulnerabilities are rooted in a systemd component called networkd-dispatcher, a daemon program for the network manager system service that's designed to dispatch network status changes.
CVE_IDs:
- CVE-2022-29799
- CVE-2022-29800
Source:
Nimbuspwn: New Root Privilege Escalation Found in Linux | eSecurityPlanet
Impact:
The flaws can be chained together to gain root privileges on Linux systems. This allows attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.
Suggestions and Recommendations:
The flaw has been patched and we strongly recommended to apply the patches.
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Description:
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models. The flaws enable malicious actors to deploy and execute firmware implants on the affected devices.
The CVE-2021-3971, and CVE-2021-3972 affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. CVE-2021-3970 vulnerability allows arbitrary read/write from/into SMRAM, which can lead to the execution of malicious code with SMM privileges and potentially lead to the deployment of an SPI flash implant.
CVE_IDs:
- CVE-2021-3970
- CVE-2021-3971
- CVE-2021-3972
Source:
- New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops (thehackernews.com)
- When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops | WeLiveSecurity
Impact:
Successful exploitation of the flaws could permit an attacker to disable SPI flash protections or Secure Boot, effectively granting the adversary the ability to install malware that can survive system reboots
Suggestions and Recommendations:
Lenovo has already issued patches for multiple laptop models. We strongly recommend applying the patches to fix the issues. Laptop models that have reached the end-of-life will remain unpatched