NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation

Description:

NGNIX has issued mitigations to address security weaknesses in its LDAP (Lightweight Directory Access Protocol) reference implementation. The NGINX LDAP reference implementation uses LDAP to authenticate users of applications being proxied by NGINX. "NGINX Open Source and NGINX Plus are not themselves affected and no action is needed if you do not use the reference implementation. 

The reference implementation is impacted only under three conditions if the deployments involve- 

• Command-line parameters to configure the Python-based reference implementation daemon 
• Unused, optional configuration parameters, and 
• Specific group membership to carry out LDAP authentication
  

Source:  

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation (thehackernews.com)

Impact: 

An attacker could potentially override the configuration parameters by sending specially crafted HTTP request headers and even bypass group membership requirements to force LDAP authentication to succeed.

Suggestions and Recommendations: 

If you are using LDAP reference implementation to authenticate users, then we strongly recommended applying the fixes. The mitigation can be found here  

Cisco vulnerability lets hackers craft their own login credentials

Description:

Cisco has released a security advisory to warn about a critical vulnerability tracked as CVE-2022- 20695, impacting the Wireless LAN Controller (WLC) software. The security flaw allows remote attackers to log in to target devices through the management interface without using a valid password. The bug involves the improper implementation of the password validation algorithm, making it possible to bypass the standard authentication procedure on non-default device configurations. The products affected by this flaw are those that run Cisco WLC Software 8.10.151.0 or Release 8.10.162.0.

CVE_IDs: 

CVE-2022-20695

Source:  

Cisco vulnerability lets hackers craft their own login credentials (bleepingcomputer.com)

Impact: 

The security flaw allows remote attackers to log in to target devices through the management interface without using a valid password

Suggestions and Recommendations: 

Cisco has addressed this vulnerability, we strongly recommended Applying the latest available security updates

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Description:

Microsoft has addressed a total of 128 security vulnerabilities in its April update among which two of them are Zero-days vulnerabilities. Tracked as CVE-2022-24521 is related to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). The second zero-day, tracked as CVE-2022-26904, also concerns a case of privilege escalation in the Windows User Profile Service. Successful exploitation of this flaw requires an attacker to win a race condition. Another critical flaw related to remote code execution flaws in RPC Runtime Library is tracked as CVE-2022-26809.

CVE_IDs: 

CVE-2022-24521, CVE-2022-26904, CVE-2022- 26809

Source:  

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities (thehackernews.com)

Impact: 

The successful exploitation of the recently disclosed zero-day vulnerabilities lead to privilege escalation.

Suggestions and Recommendations: 

Microsoft has addressed these bugs. We strongly recommended applying all the fixes released by Microsoft.

Google Chrome emergency update fixes zero-day used in attacks

Description:

Google has released emergency patches to address high-severity zero-day vulnerability actively used by threat actors in attacks. Tracked as CVE2022-1364 is a type confusion weakness in V8 JavaScript engine used in Chrome and other Chromium-based browsers like Microsoft Edge, Brave, and Vivaldi. 

Type confusion flaws generally lead to browser crashes following successful exploitation by reading or writing memory out of buffer bounds, attackers can also exploit them to execute arbitrary code

CVE_IDs: 

CVE-2022-1364

Source:  

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw (thehackernews.com)

Impact: 

Successful exploitation of this flaw could lead to browser crashes and possibly lead to executing arbitrary code.

Suggestions and Recommendations: 

Users are recommended to update to the latest version. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.