VULNERA Pulse

Cacti — Cacti

CVE-2022-46169 / Added: Feb. 16, 2023

CRITICAL CVSS 9.80

Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.

Headlines

• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Jan. 13, 2023 - Most Cacti Installations Unpatched Against Exploited Vulnerability | SecurityWeek.Com

Back to top ↑

Apple — Multiple Products

CVE-2023-23529 / Added: Feb. 14, 2023

CVSS Not Assigned

WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution.

Headlines

• Feb. 17, 2023 - ⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter
• Feb. 17, 2023 - Windows And iOS Security Updates Get Serious—You Have 3 Weeks To Comply, CISA Warns
• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Feb. 16, 2023 - S3 Ep122: Stop calling every breach “sophisticated”! [Audio + Text]
• Feb. 15, 2023 - Apple fixes zero-day vulnerability, other bugs in macOS, iOS
• Feb. 14, 2023 - Apple fixes zero-day spyware implant bug – patch now!
• Feb. 14, 2023 - Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
• Feb. 14, 2023 - Adobe Plugs Critical Security Holes in Illustrator, After Effects Software
• Feb. 14, 2023 - Apple releases security fix for iPhone and Mac zero-day flaw, so update now
• Feb. 14, 2023 - Apple Patches Actively Exploited WebKit Zero-Day Vulnerability 
• Feb. 14, 2023 - iOS 16.3.1—Update Now Warning Issued To iPhone Users
• Feb. 14, 2023 - Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
• Feb. 14, 2023 - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
• Feb. 14, 2023 - Apple fixes the first zero-day in iPhones and Macs this year
• Feb. 13, 2023 - Apple fixes new WebKit zero-day exploited to hack iPhones, Macs

Back to top ↑

Microsoft — Windows

CVE-2023-23376 / Added: Feb. 14, 2023

HIGH CVSS 7.80

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.

Headlines

• Feb. 17, 2023 - Three zero-days require urgent attention for Windows, Exchange
• Feb. 17, 2023 - Windows And iOS Security Updates Get Serious—You Have 3 Weeks To Comply, CISA Warns
• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Feb. 16, 2023 - Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
• Feb. 15, 2023 - Microsoft unveils fixes for more critical security flaws, so patch now
• Feb. 15, 2023 - Microsoft fixes three zero-days in its 75-flaw February Patch Tuesday
• Feb. 15, 2023 - Microsoft Patches Three Zero-Day Bugs This Month
• Feb. 15, 2023 - Major New Windows Security Update: 7 Critical & 3 Zero-Day Threats Confirmed
• Feb. 15, 2023 - Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
• Feb. 15, 2023 - Microsoft patches three exploited zero-days
• Feb. 14, 2023 - 9 New Microsoft Bugs to Patch Now
• Feb. 14, 2023 - Microsoft Patch Tuesday, February 2023 Edition – Krebs on Security
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 fixed actively exploited zero-days
• Feb. 14, 2023 - A diverse set of fixes in February’s Patch Tuesday release
• Feb. 14, 2023 - Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
• Feb. 14, 2023 - Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Back to top ↑

Microsoft — Windows

CVE-2023-21823 / Added: Feb. 14, 2023

HIGH CVSS 7.80

Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation.

Headlines

• Feb. 17, 2023 - Three zero-days require urgent attention for Windows, Exchange
• Feb. 17, 2023 - Windows And iOS Security Updates Get Serious—You Have 3 Weeks To Comply, CISA Warns
• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Feb. 16, 2023 - Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
• Feb. 15, 2023 - Microsoft unveils fixes for more critical security flaws, so patch now
• Feb. 15, 2023 - Microsoft fixes three zero-days in its 75-flaw February Patch Tuesday
• Feb. 15, 2023 - Microsoft Patches Three Zero-Day Bugs This Month
• Feb. 15, 2023 - Major New Windows Security Update: 7 Critical & 3 Zero-Day Threats Confirmed
• Feb. 15, 2023 - Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
• Feb. 15, 2023 - Microsoft patches three exploited zero-days
• Feb. 14, 2023 - 9 New Microsoft Bugs to Patch Now
• Feb. 14, 2023 - Microsoft Patch Tuesday, February 2023 Edition – Krebs on Security
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 fixed actively exploited zero-days
• Feb. 14, 2023 - Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
• Feb. 14, 2023 - Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Back to top ↑

Microsoft — Office

CVE-2023-21715 / Added: Feb. 14, 2023

HIGH CVSS 7.30

Microsoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system.

Headlines

• Feb. 17, 2023 - Three zero-days require urgent attention for Windows, Exchange
• Feb. 17, 2023 - Windows And iOS Security Updates Get Serious—You Have 3 Weeks To Comply, CISA Warns
• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Feb. 16, 2023 - Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
• Feb. 15, 2023 - Microsoft unveils fixes for more critical security flaws, so patch now
• Feb. 15, 2023 - Microsoft fixes three zero-days in its 75-flaw February Patch Tuesday
• Feb. 15, 2023 - Microsoft Patches Three Zero-Day Bugs This Month
• Feb. 15, 2023 - Major New Windows Security Update: 7 Critical & 3 Zero-Day Threats Confirmed
• Feb. 15, 2023 - Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
• Feb. 15, 2023 - Microsoft patches three exploited zero-days
• Feb. 14, 2023 - 9 New Microsoft Bugs to Patch Now
• Feb. 14, 2023 - Microsoft Patch Tuesday, February 2023 Edition – Krebs on Security
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 fixed actively exploited zero-days
• Feb. 14, 2023 - A diverse set of fixes in February’s Patch Tuesday release
• Feb. 14, 2023 - Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
• Feb. 14, 2023 - Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Back to top ↑

Fortra — GoAnywhere MFT

CVE-2023-0669 / Added: Feb. 10, 2023

HIGH CVSS 7.20

Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.

Headlines

• Feb. 17, 2023 - This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs
• Feb. 17, 2023 - Understanding Zero-Day Vulnerabilities and the Clop Ransomware Fallout
• Feb. 16, 2023 - Clop ransomware hackers hit a million US healthcare customers
• Feb. 15, 2023 - Community Health Systems data breach caused by GoAnywhere MFT hack
• Feb. 14, 2023 - Healthcare giant CHS reports first data breach in GoAnywhere hacks
• Feb. 14, 2023 - GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact
• Feb. 11, 2023 - Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flaw
• Feb. 11, 2023 - CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog
• Feb. 11, 2023 - CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
• Feb. 10, 2023 - Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day
• Feb. 10, 2023 - Clop ransomware claims to be behind GoAnywhere zero-day attacks
• Feb. 10, 2023 - GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks

Back to top ↑

Intel — Ethernet Diagnostics Driver for Windows

CVE-2015-2291 / Added: Feb. 10, 2023

HIGH CVSS 7.20

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service.

Headlines

• Feb. 14, 2023 - Enigma info-stealing malware targets the cryptocurrency industry
• Feb. 11, 2023 - Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users
• Feb. 11, 2023 - CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog
• Feb. 11, 2023 - CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
• Feb. 10, 2023 - That dream crypto job offer is probably just malware
• Feb. 9, 2023 - Hackers use fake crypto job offers to push info-stealing malware
• Jan. 11, 2023 - Cybercriminals bypass Windows security with driver-vulnerability exploit
• Jan. 11, 2023 - Scattered Spider hackers use old Intel driver to bypass security

Back to top ↑

TerraMaster — TerraMaster OS

CVE-2022-24990 / Added: Feb. 10, 2023

HIGH CVSS 7.50

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.

Headlines

• Feb. 11, 2023 - CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog
• Feb. 11, 2023 - CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
• Feb. 10, 2023 - US Warns Critical Sectors Against North Korean Ransomware Attacks
• Feb. 10, 2023 - North Korean ransomware attacks on healthcare fund govt operations
• Feb. 10, 2023 - North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations

Back to top ↑

CVE-2023-21689

CRITICAL CVSS 9.80

Actively Exploited Remote Code Execution

Published: Feb. 14, 2023

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

Quotes

• An account with the same name exists in Active Directory. Re-using the account was blocked by security policy
• An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file

Headlines

• Feb. 17, 2023 - This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs
• Feb. 17, 2023 - Three zero-days require urgent attention for Windows, Exchange
• Feb. 15, 2023 - Microsoft patches three exploited zero-days
• Feb. 14, 2023 - 9 New Microsoft Bugs to Patch Now
• Feb. 14, 2023 - A diverse set of fixes in February’s Patch Tuesday release
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

CVE-2022-45789

CRITICAL CVSS 9.80

Remote Code Execution

Published: Jan. 31, 2023

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

Vendor Impacted: Schneider-Electric

Products Impacted: Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp342010

Quotes

• Deep lateral movement lets attackers gain deep access to industrial control systems and cross often overlooked security perimeters, allowing them to perform highly granular and stealthy manipulations as well as override functional and safety limitations
• We are trying to dispel the notion that you hear among asset owners and other parties that Level 1 devices and Level 1 networks are somehow different from regular Ethernet networks and Windows [machines] and that you cannot move through them in very similar ways
• When investigating the patched EnhancedCyberReserve mechanism, we observed that it is still fundamentally broken

Headlines

• Feb. 17, 2023 - This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs
• Feb. 17, 2023 - How hackers can cause physical damage to bridges - Help Net Security
• Feb. 16, 2023 - Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
• Feb. 15, 2023 - ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage 
• Feb. 14, 2023 - OT Network Security Myths Busted in a Pair of Hacks
• Feb. 13, 2023 - PLC vulnerabilities can enable deep lateral movement inside OT networks

CVE-2022-45788

CRITICAL CVSS 9.80

Remote Code Execution

Published: Jan. 30, 2023

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

Vendor Impacted: Schneider-Electric

Products Impacted: Modicon M580 Bmep586040 Firmware, Modicon M580 Bmep582020 Firmware, Modicon M580 Bmep585040c Firmware, Modicon M580 Bmeh586040c Firmware, Modicon M580 Bmeh584040s Firmware, Modicon M580 Bmeh582040 Firmware, Modicon M580 Bmep584040 Firmware, Modicon M580 Bmep581020h Firmware, Modicon M580 Bmeh586040s Firmware, Modicon M580 Bmep585040 Firmware, Modicon M580 Bmep582040h Firmware, Modicon M580 Bmep582040s Firmware, Modicon Mc80 Bmkc8020301 Firmware, Modicon Mc80 Bmkc8020310 Firmware, Modicon Mc80 Bmkc8030311 Firmware, Modicon M580 Bmep582020h Firmware, Ecostruxure Process Expert, Modicon M580 Bmeh586040 Firmware, Modicon M580 Bmep584040s Firmware, Modicon M580 Bmep586040c Firmware, Modicon M580 Bmep582040 Firmware, Modicon M580 Bmep581020 Firmware, Modicon M580 Bmep584020 Firmware, Ecostruxure Control Expert, Modicon M580 Bmeh582040s Firmware, Modicon M580 Bmep583040 Firmware, Modicon M580 Bmep583020 Firmware, Modicon M580 Bmeh584040c Firmware, Modicon M580 Bmeh584040 Firmware, Modicon M580 Bmeh582040c Firmware

Quotes

• Deep lateral movement lets attackers gain deep access to industrial control systems and cross often overlooked security perimeters, allowing them to perform highly granular and stealthy manipulations as well as override functional and safety limitations
• We are trying to dispel the notion that you hear among asset owners and other parties that Level 1 devices and Level 1 networks are somehow different from regular Ethernet networks and Windows [machines] and that you cannot move through them in very similar ways
• When investigating the patched EnhancedCyberReserve mechanism, we observed that it is still fundamentally broken

Headlines

• Feb. 17, 2023 - This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs
• Feb. 17, 2023 - How hackers can cause physical damage to bridges - Help Net Security
• Feb. 16, 2023 - Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
• Feb. 15, 2023 - ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage 
• Feb. 14, 2023 - OT Network Security Myths Busted in a Pair of Hacks
• Feb. 13, 2023 - PLC vulnerabilities can enable deep lateral movement inside OT networks

CVE-2023-23376

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Feb. 14, 2023

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Vendor Impacted: Microsoft

Product Impacted: Windows

Quotes

• An account with the same name exists in Active Directory. Re-using the account was blocked by security policy
• All organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice
• Microsoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system
• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise
• Sophisticated and highly targeted phishing attack
• The attack itself is carried out locally by a user with authentication to the targeted system
• Attack itself is carried out locally by a user with authentication to the targeted system
• Being able to elevate privileges once on a target system is important for attackers seeking to do more damage
• This vulnerability is relatively simple to exploit, utilizes local vectors, and requires low levels of access
• An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file
• Sadly, there’s just a little solid information about this privilege escalation

Headlines

• Feb. 17, 2023 - Three zero-days require urgent attention for Windows, Exchange
• Feb. 17, 2023 - Windows And iOS Security Updates Get Serious—You Have 3 Weeks To Comply, CISA Warns
• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Feb. 16, 2023 - Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
• Feb. 15, 2023 - Microsoft unveils fixes for more critical security flaws, so patch now
• Feb. 15, 2023 - Microsoft fixes three zero-days in its 75-flaw February Patch Tuesday
• Feb. 15, 2023 - Microsoft Patches Three Zero-Day Bugs This Month
• Feb. 15, 2023 - Major New Windows Security Update: 7 Critical & 3 Zero-Day Threats Confirmed
• Feb. 15, 2023 - Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
• Feb. 15, 2023 - Microsoft patches three exploited zero-days
• Feb. 14, 2023 - 9 New Microsoft Bugs to Patch Now
• Feb. 14, 2023 - Microsoft Patch Tuesday, February 2023 Edition – Krebs on Security
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 fixed actively exploited zero-days
• Feb. 14, 2023 - A diverse set of fixes in February’s Patch Tuesday release
• Feb. 14, 2023 - Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
• Feb. 14, 2023 - Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

CVE-2023-21823

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Feb. 14, 2023

Windows Graphics Component Remote Code Execution Vulnerability

Vendor Impacted: Microsoft

Product Impacted: Windows

Quotes

• An account with the same name exists in Active Directory. Re-using the account was blocked by security policy
• All organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice
• Microsoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system
• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise
• Sophisticated and highly targeted phishing attack
• The attack itself is carried out locally by a user with authentication to the targeted system
• Attack itself is carried out locally by a user with authentication to the targeted system
• Being able to elevate privileges once on a target system is important for attackers seeking to do more damage
• This vulnerability is relatively simple to exploit, utilizes local vectors, and requires low levels of access
• An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file
• The Graphics Component bug (CVE-2023-21823) makes me worry on two accounts
• Sadly, there’s just a little solid information about this privilege escalation

Headlines

• Feb. 17, 2023 - Three zero-days require urgent attention for Windows, Exchange
• Feb. 17, 2023 - Windows And iOS Security Updates Get Serious—You Have 3 Weeks To Comply, CISA Warns
• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Feb. 16, 2023 - Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
• Feb. 15, 2023 - Microsoft unveils fixes for more critical security flaws, so patch now
• Feb. 15, 2023 - Microsoft fixes three zero-days in its 75-flaw February Patch Tuesday
• Feb. 15, 2023 - Microsoft Patches Three Zero-Day Bugs This Month
• Feb. 15, 2023 - Major New Windows Security Update: 7 Critical & 3 Zero-Day Threats Confirmed
• Feb. 15, 2023 - Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
• Feb. 15, 2023 - Microsoft patches three exploited zero-days
• Feb. 14, 2023 - 9 New Microsoft Bugs to Patch Now
• Feb. 14, 2023 - Microsoft Patch Tuesday, February 2023 Edition – Krebs on Security
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 fixed actively exploited zero-days
• Feb. 14, 2023 - Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
• Feb. 14, 2023 - Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

CVE-2023-21715

HIGH CVSS 7.30

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Feb. 14, 2023

Microsoft Publisher Security Features Bypass Vulnerability

Vendor Impacted: Microsoft

Product Impacted: Office

Quotes

• An account with the same name exists in Active Directory. Re-using the account was blocked by security policy
• All organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice
• Microsoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system
• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise
• Sophisticated and highly targeted phishing attack
• The attack itself is carried out locally by a user with authentication to the targeted system
• Attack itself is carried out locally by a user with authentication to the targeted system
• Being able to elevate privileges once on a target system is important for attackers seeking to do more damage
• This vulnerability is relatively simple to exploit, utilizes local vectors, and requires low levels of access
• An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file
• Sadly, there’s just a little solid information about this privilege escalation

Headlines

• Feb. 17, 2023 - Three zero-days require urgent attention for Windows, Exchange
• Feb. 17, 2023 - Windows And iOS Security Updates Get Serious—You Have 3 Weeks To Comply, CISA Warns
• Feb. 17, 2023 - CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
• Feb. 16, 2023 - CISA warns of Windows and iOS bugs exploited as zero-days
• Feb. 16, 2023 - Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year
• Feb. 15, 2023 - Microsoft unveils fixes for more critical security flaws, so patch now
• Feb. 15, 2023 - Microsoft fixes three zero-days in its 75-flaw February Patch Tuesday
• Feb. 15, 2023 - Microsoft Patches Three Zero-Day Bugs This Month
• Feb. 15, 2023 - Major New Windows Security Update: 7 Critical & 3 Zero-Day Threats Confirmed
• Feb. 15, 2023 - Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
• Feb. 15, 2023 - Microsoft patches three exploited zero-days
• Feb. 14, 2023 - 9 New Microsoft Bugs to Patch Now
• Feb. 14, 2023 - Microsoft Patch Tuesday, February 2023 Edition – Krebs on Security
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 fixed actively exploited zero-days
• Feb. 14, 2023 - A diverse set of fixes in February’s Patch Tuesday release
• Feb. 14, 2023 - Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days
• Feb. 14, 2023 - Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws
• Feb. 14, 2023 - Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

CVE-2023-0669

HIGH CVSS 7.20

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Feb. 6, 2023

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Vendor Impacted: Fortra

Products Impacted: Goanywhere Managed File Transfer, Goanywhere Mft

Quotes

• The Clop ransomware group exploited this vulnerability and after authenticating the administrative console, declared they stole documents from 130 companies through administrator ports
• As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker
• Upon receiving notification of the security breach, the Company promptly launched an investigation, including to determine whether any Company information systems were affected, whether there was any impact to ongoing operations, and whether and to what extent PHI or PI had been unlawfully accessed by the attacker
• While that investigation is still ongoing, the Company believes that the Fortra breach has not had any impact on any of the Company's information systems and that there has not been any material interruption of the Company's business operations, including the delivery of patient care

Headlines

• Feb. 17, 2023 - This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs
• Feb. 17, 2023 - Understanding Zero-Day Vulnerabilities and the Clop Ransomware Fallout
• Feb. 16, 2023 - Clop ransomware hackers hit a million US healthcare customers
• Feb. 15, 2023 - Community Health Systems data breach caused by GoAnywhere MFT hack
• Feb. 14, 2023 - Healthcare giant CHS reports first data breach in GoAnywhere hacks
• Feb. 14, 2023 - GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact
• Feb. 11, 2023 - Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flaw
• Feb. 11, 2023 - CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog
• Feb. 11, 2023 - CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws