PAN-OS CRITICAL VULNERABILITY

Priority: Critical Executive Summary: Palo Alto Networks have released details of a critical vulnerability affecting PAN-OS, the operating system which runs on all Palo Alto next-generation firewalls [1]. The vulnerability, CVE-2020-2021, can allow attackers to bypass authentication, meaning an attacker can log into a server as an administrator. This means that a threat actor who […]

SMBLEED AND MICROSOFT PATCH TUESDAY

Priority: Critical Executive Summary: Researchers at ZecOps have publicly disclosed a Proof of Concept (PoC) for a vulnerability that they discovered in SMBv3 whilst investigating SMBGhost [1]. They have named this vulnerability SMBleed (CVE-2020-1206). Although, by itself, exploiting the vulnerability only achieves information disclosure, the researchers have combined the attacks of SMBleed (as advised yesterday) […]

WINDOWS REMOTE CODE EXECUTION VULNERABILITY

Priority: High Executive Summary: Microsoft have revealed details of two vulnerabilities in the Adobe Type Manager Library which are being actively exploited in the wild [1]. The vulnerabilities, which Microsoft have said are being exploited in a “limited” capacity, allow for remote code execution. However, supported versions of Windows 10 with AppContainer setup will contain […]

INTEL GRAPHICS DRIVER VULNERABILITIES AND LOAD VALUE INJECTION

Priority: High Executive Summary: Intel have released an advisory detailing 17 vulnerabilities in their Windows graphics drivers [1]. These would allow an attacker to perform privilege escalation, perform a denial of service (DoS) attack and/or enable information disclosure. These vulnerabilities exist due to various issues in the graphics drivers, including buffer overflow flaws and improper […]

CISCO DISCOVERY PROTOCOL VULNERABILITIES

Priority: High Executive Summary: Armis (an IoT security company) discovered and disclosed five Cisco zero-day vulnerabilities which have been named (as a collective) ‘CDPwn’. They were discovered in the Cisco Discovery Protocol (CDP) [1-6] and consist of four remote code execution (RCE) vulnerabilities and a denial of service (DoS) vulnerability. These vulnerabilities impact a large […]

WINDOWS CRYPTOAPI VULNERABILITY

Priority: High Executive Summary: Microsoft’s latest Patch Tuesday includes a fix to address a vulnerability in Windows CryptoAPI, specifically in crypt32.dll, which implements “Certificate and Cryptographic messaging functions in the CryptoAPI”. This would allow an attacker to spoof a code-signing certificate, enabling them to sign malicious executables, masquerade as legitimate websites and perform man-in-the-middle attacks […]

WIDESPREAD TOR SCANNING

Priority: High Executive Summary: On 30th October 2019 between 20:18 and 23:22 BST, ITC’s SIEM service picked up a heavy, unexpected surge in connection attempts to our customers from Tor node IPs. To understand volumes, ITC typically observe only a few of these events a day, however in this instance there were several thousand detections […]

INTERNET EXPLORER CRITICAL VULNERABILITY

Priority: High Executive Summary: Microsoft have released an emergency security update for Internet Explorer following the discovery of a remote code execution vulnerability in the product [1]. The vulnerability, which is known to affect at least versions 9-11 of Internet Explorer, is caused by an issue in how the web browser’s scripting engine handles objects […]

MICROARCHITECTURE DATA SAMPLING

Priority: High Executive Summary: Intel have publicly disclosed a set of vulnerabilities involving side-channel attacks which allow microarchitecture data sampling (MDS), affecting Intel microprocessors. The four vulnerabilities are similar to Spectre/Meltdown in nature. The issue exists in Intel’s implementation of simultaneous multithreading, named Hyper-Threading. Microprocessor performance is improved by splitting a single physical processor core […]

REMOTE DESKTOP SERVICES ‘WORMABLE’ VULNERABILITY

Priority: High Executive Summary: Microsoft have addressed a remote code execution vulnerability found in their Remote Desktop Services (formally known as Terminal Services in Windows Server 2008 and earlier) affecting older versions of Windows prior to Windows 8. The security flaw, CVE-2019-0708, allows an attacker to send maliciously crafted packets towards a device running Remote […]