Microsoft has released patches for the four zero-days exploited in the attacks (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065), discovered during the subsequent investigation. These bugs were observed by Microsoft Threat Intelligence Center (MSTIC) since January 2021. The OS giant, said that Hafnium operators used the four Exchange zero-days as part of a multi-part attack chain to … Continue reading “Microsoft Exchange Server Remote Code Execution Vulnerabilities (4 zero days – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)”
Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks
Overview Microsoft released out-of-band updates today that fix seven critical vulnerabilities in Microsoft Exchange Server. According to the Microsoft Security Response Center, four of these seven vulnerabilities are used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Description Today Microsoft releases several security updates for Microsoft Exchange Server to address … Continue reading “Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks”
VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)
Overview On February 23, 2021, VMware released an update to fix three vulnerabilities – CVE-2021-21972, CVE-2021-21973, and CVE-2021-21974. Out of these, CVE-2021-21972 is a critical remote code execution vulnerability with the highest CVE score (9.8). The bug exists in the vROPs (vRealize Operations) plugin of VMware vCenter Server. Successful exploitation of this vulnerability could allow … Continue reading “VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)”
Google Chrome Multiple Vulnerabilities (CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157)
Recently, on 16th Feb, 2021, Google released a stable update to address a number of CVEs – CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156 and CVE-2021-21157. Multiple vulnerabilities were discovered in Google Chrome that allowed an attacker to create a security problem, which has not been specified by the publisher yet. No POC or … Continue reading “Google Chrome Multiple Vulnerabilities (CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157)”
Microsoft Windows Privilege Escalation Vulnerability (CVE-2021-1732)
On the second Patch Tuesday of 2021, Microsoft published advisories to address 56 new security vulnerabilities. Of these, nine were rated as critical and one is actively exploited in the wild. Elevation of Privileges in Windows Kernel (CVE-2021-1732) This bug is in the Windows Win32k operating system kernel. It allows a logged-in user to execute … Continue reading “Microsoft Windows Privilege Escalation Vulnerability (CVE-2021-1732)”
Google Chrome Heap Buffer Overflow Vulnerability (CVE-2021-21148)
Overview On 4th February 2021, Google released an update to fix a critical heap buffer overflow vulnerability (CVE-2021-21148) in the Chrome browser. It has been fixed in Chrome version 88.0.4324.150 for Windows, Mac, and Linux OS. The vulnerability was found in Google’s open-source JavaScript and WebAssembly engine called V8. Successful exploitation of this vulnerability could … Continue reading “Google Chrome Heap Buffer Overflow Vulnerability (CVE-2021-21148)”
SolarWinds Full System Control Vulnerabilities (CVE-2021-25274, CVE-2021-25275, CVE-2021-25276)
Three critical vulnerabilities were observed in SolarWinds products. All these severe bugs allow remote code execution with high privileges. At the time of this blog being published, there has been no active PoC in the wild. CVE-2021-25274 – MSMQ Remote Code Execution SolarWinds Collector Service uses MSMQ (Microsoft Message Queue), and it doesn’t set permissions … Continue reading “SolarWinds Full System Control Vulnerabilities (CVE-2021-25274, CVE-2021-25275, CVE-2021-25276)”
SonicWall SMA 100 Series 10.X Zero-Day Vulnerability
SonicWall is one of the latest IT security vendors, after Microsoft, FireEye, and Malwarebytes, to confirm a breach in recent weeks. All vendors disclosed cyberattacks related to the massive SolarWinds attack campaign targeting major US government agencies and businesses. SonicWall has issued a security advisory addressing a patch for the zero-day vulnerability used in attacks … Continue reading “SonicWall SMA 100 Series 10.X Zero-Day Vulnerability”
DNSpooq vulnerability (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)
Dnsmasq is a widely used open-source Domain Name System (DNS) forwarding application commonly installed on routers, operating systems, access points, and other networking equipment. Multiple organizations, operating systems and products were affected by the DNSpooq vulnerability. Attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks on affected … Continue reading “DNSpooq vulnerability (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)”
SAP Solution Manager Missing Authentication Vulnerability (CVE-2020-6207)
Tracked as CVE-2020-6207, an age-old critical vulnerability with a CVSS score of 10 has come into the limelight at the start of 2021. The vulnerability belongs to SAP Solution Manager version 7.2 (March 2020), for which SAP released a patch in March 2020. SolMan is a centralized application used to manage on-premises, hybrid, and cloud … Continue reading “SAP Solution Manager Missing Authentication Vulnerability (CVE-2020-6207)”