TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ The January 2021 Security Update Review

Hacking thezdi.com

Welcome to the new year, and welcome to the first Patch Tuesday of 2021. Take a break from your regularly scheduled activities and join us as we review the details for the latest security offerings from Microsoft and Adobe. 

Adobe Patches for January 2021

This month, Adobe released seven updates addressing eight CVEs in Adobe Campaign Classic, Photoshop, Illustrator, Animate, InCopy, Captivate, and Bridge. Two of these bugs came through the ZDI program. The patch for Campaign Classic fixes a single Server-side request forgery (SSRF) vulnerability. The Photoshop patch fixes a single heap-based buffer overflow. The update for Illustrator corrects a Critical-rated uncontrolled search path element vulnerability. That’s the same story for the Animate and InCopy patches. The update for Captivate also fixes an uncontrolled search path element bug, but this one is only rated Important. The final Adobe patch for January fixes two Out-Of-Bounds (OOB) write bugs in Bridge. None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.

Microsoft Patches for January 2021

For January, Microsoft released patches for 83 CVEs covering Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure. Seven of these CVEs were submitted through the ZDI program. Of these 83 CVEs, 10 are listed as Critical and 73 are listed as Important in severity. According to Microsoft, one bug is publicly known, and one other bug is known to be actively exploited at the time of release.

Let’s take a closer look at some of the more interesting updates for this month, starting with the bug listed as being under active attack:

 -       CVE-2021-1647 - Microsoft Defender Remote Code Execution Vulnerability
This bug in the Microsoft Malware Protection Engine may already be patched on your system as the engine auto-updates as needed. However, if your systems are not connected to the Internet, you’ll need to manually apply the patch. While Microsoft does not state how wide-spread the active attacks are, there is certainly the possibility that this is related to recent news indicating Microsoft networks had been compromised. 

 -       CVE-2021-1648 - Microsoft splwow64 Elevation of Privilege Vulnerability
This bug was publicly disclosed by ZDI after it exceeded our disclosure timeline. It was also discovered by Google, likely because this patch corrects a bug introduced by a previous patch. The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds (OOB) Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref. The previous CVE was being exploited in the wild, so it’s within reason to think this CVE will be actively exploited as well.

 -       CVE-2021-1677 - Azure Active Directory Pod Identity Spoofing Vulnerability
This vulnerability exists in the way that the Azure Active Directory (AAD) pod identity allows users to assign identities to pods in Kubernetes clusters. When an identity is assigned to a pod, the pod can access to the Azure Instance Metadata Service (IMDS) endpoint and get a token of that identity. This could allow an attacker to laterally steal the identities that are associated with different pods. This is also requires more than just a patch to fix. Anyone with an existing installation will need to re-deploy their cluster and use Azure CNI instead of the default Kubernetes.

 -       CVE-2021-1674 – Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
This patch is a bit of a mystery. It carries a relatively high CVSS score (8.8), but without an executive summary, we can only guess what security feature in RDP Core is being bypassed. Short of reversing the patches, we don’t even know how this is different than CVE-2021-1669 - Windows Remote Desktop Security Feature Bypass Vulnerability. What we do know is that RDP has been a popular target in recent memory, and these bugs should be taken seriously. Without any solid information to act on, defenders should assume the worst-case scenario and restrict access to RDP wherever possible.  

Here’s the full list of CVEs released by Microsoft for January 2021. 

CVE Title Severity Public Exploited Type
CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability Critical No Yes RCE
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability Important Yes No EoP
CVE-2021-1665 GDI+ Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability Critical No No RCE
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical No No RCE
CVE-2021-1723 .NET Core and Visual Studio Denial of Service Vulnerability Important No No DoS
CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability Important No No Spoofing
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability Important No No Info
CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1691 Hyper-V Denial of Service Vulnerability Important No No DoS
CVE-2021-1692 Hyper-V Denial of Service Vulnerability Important No No DoS
CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability Important No No Tampering
CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability Important No No Spoofing
CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability Important No No Spoofing
CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1678 NTLM Security Feature Bypass Vulnerability Important No No SFB
CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability Important No No Info
CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability Important No No Info
CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability Important No No SFB
CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability Important No No SFB
CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability Important No No SFB
CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability Important No No DoS
CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability Important No No Info
CVE-2021-1645 Windows Docker Information Disclosure Vulnerability Important No No Info
CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability Important No No RCE
CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability Important No No Info
CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability Important No No Info
CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important No No Info
CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important No No Info
CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important No No Info
CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important No No Info
CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability Important No No SFB
CVE-2021-1669 Windows Remote Desktop Services ActiveX Client Security Feature Bypass Vulnerability Important No No SFB
CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1681 Windows WalletService Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1686 Windows WalletService Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1687 Windows WalletService Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1690 Windows WalletService Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability Important No No EoP
CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability Important No No EoP

Of the remaining Critical-rated patches, five involve remote code execution (RCE) bugs in the Remote Procedure Call (RPC) runtime. What’s really curious is that there are four Important-rated patches for RPC as well. However, the CVSS and other descriptors are all identical. There’s no indication why some are listed as Critical and others are listed as Important. Similarly, there’s a Critical-rated patch for HEVC Video Extensions that is documented the same as the Important-rated patch for HEVC Video Extensions. Either way, you’ll get the update for both through the Microsoft Store. Those who use either the Microsoft Store for Business or the Microsoft Store for Education will be able to get this update through their organizations. Rounding out the Critical-rated patches is an update for Edge and patch for GDI+. 

Moving on to the other patches, the update for the Active Template Library (ATL) stand out. Back in 2009, multiple bulletins and advisories were required to correct a typo. It’s not clear if the situation is that dire with this update, but if you created anything using ATL, you will likely need to apply the patch then recompile your program. That’s also like true for the patch to fix an EoP in the Windows Runtime C++ Template Library.

In looking at the Important-rated bugs that could allow RCE, the SharePoint bug should not be ignored. It does require authentication, but it could allow an authenticated user to take complete control of the system. The patch for Visual Studio also stands out. This update fixes a bug in Cure53 DOMPurify, which is an open-source library used by Visual Studio. The fix for this has been available since September, so you should treat this as though it was publicly disclosed. The remaining code execution bugs cover “Open-and-Own” bugs in Office components. An attacker would need to send a specially crafted file and convince a user to open it with an affected component. That would allow the attacker to execute code of their choice at the level of the logged-on user.

Similar to last month, there are multiple security feature bypasses being fixed this month. In addition to the two already mentioned, there are three impacting the Bluetooth component and one impacting NTLM. CVE-2021-1638 is definitely intriguing as it requires no authentication and no user interaction. The other Bluetooth bugs do require some level of user interaction. The bypass for NTLM requires some level of user interaction but no authentication. Again, without executive summaries, we can only speculate the true severity of these bypasses.

There are a total of 34 EoP bugs getting patches this month. For almost all of these, an attacker would need to log on to a system then execute specially crafted code to elevate their permissions. Most of these are in various Windows, but the ones in Hyper-V and SharePoint stand out. Speaking of SharePoint, this month’s release also includes patches to fix a tampering bug and two spoofing bugs in SharePoint.   

This month includes four patches to correct Denial-of-Service (DoS) bugs. Two of these bugs are in Hyper-V, and one is in .NET Core and Visual Studio. The last of these bugs resides in the Windows CryptoAPI and can be reached remotely. According to the CVSS rating, there is some level of user interaction involved, but no authentication is needed. 

Rounding out this release are 11 patches fixing information disclosure bugs. As expected, most of these cases only lead to leaks consisting of unspecified memory contents. However, the info leak in Windows Docker is a bit more severe. This vulnerability could allow an attacker to decrypt data that was encrypted by the data protection API (DPAPI). It’s not clear if you need to re-encrypt data after applying this patch, but this has been required for similar bugs in the past. Without specifics on the bug, it’s tough to offer specific guidance. The other info disclosure bug that piques curiosity is the bug impacting the Bot Framework SDK. For this component, we’re just told the information leaked is “sensitive information.” Still, if you use the SDK, make sure you get an unaffected version.

Finally, the servicing stack advisory (ADV990001) was revised for multiple versions of Windows. No additional advisories were released this month.

Looking Ahead

The next Patch Tuesday falls on February 9, and we’ll return with details and patch analysis then. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

...


Kompletten Artikel lesen (externe Quelle: https://www.thezdi.com/blog/2021/1/12/the-january-2021-security-update-review)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

The April 2021 Security Update Review

vom 651.5 Punkte
It’s the second Tuesday of the month, which means the latest security updates from Adobe and Microsoft are released. Take a break from your regularly scheduled activities and join us as we review the details for their latest security offerings. Adobe Patch

The January 2021 Security Update Review

vom 619.21 Punkte
Welcome to the new year, and welcome to the first Patch Tuesday of 2021. Take a break from your regularly scheduled activities and join us as we review the details for the latest security offerings from Microsoft and Adobe. Adobe Patches for January 2021This month,

The March 2021 Security Update Review

vom 583.03 Punkte
It’s the third second Tuesday of the year, which means we get the latest security updates from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for their latest security offerings. Adobe Patch

The February 2021 Security Update Review

vom 405.31 Punkte
It’s the second Tuesday of the month, and that means the latest security updates from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings. Adobe Patches for

The May 2021 Security Update Review

vom 384.22 Punkte
It’s the second Tuesday of the month, which means the latest security updates from Adobe and Microsoft are released. Take a break from your regularly scheduled activities and join us as we review the details for their latest security offerings. Adobe Patch

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance

vom 345.42 Punkte
Original release date: January 04, 2018 | Last revised: February 10, 2018Systems Affected CPU hardware implementations Overview On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set o

CentOS Blog: CentOS Community newsletter, February 2020 (#2002)

vom 314.57 Punkte
Dear CentOS enthusiast, After a slowdown over the past few months, the year is off to a busy start. I'm getting the newsletter out a little later than usual, due to having spent last week in Brussels, at FOSDEM. More about this below. Special thanks go to Ama

CentOS Blog: CentOS Community Newsletter, February 2021 (#2102)

vom 287.1 Punkte
Dear CentOS Community, This month's newsletter is running a little late, because I wanted to include the report from our annual FOSDEM CentOS Dojo, which was held last Thursday and Friday. CentOS Dojo at FOSDEM We had 216 registrations, with 164 (75.9

CentOS Blog: CentOS Community Newsletter, April 2021 (#2104)

vom 191.27 Punkte
Dear CentOS Community, Thanks for joining us for another edition of our monthly newsletter. Here's what's happening in the CentOS community. Upcoming CentOS Dojo Yesterday we closed the Call For Presentations (CFP) for the upcoming CentOS Dojo in May, and w

In Which We Go Medieval on Your Cyber Awareness

vom 167.42 Punkte
This weekend I stumbled upon a genius application of mashup playfulness. And of course I got totally sucked in. And made memes. 

USN-3415-2: tcpdump vulnerabilities

vom 161.61 Punkte
Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump

HPR3326: HPR Community News for April 2021

vom 160.29 Punkte
New hosts Welcome to our new hosts: Anonymous Host, Trey. Last Month's Shows Id Day Date Title Host 3304 Thu 2021-04-01 Newsflash 21/01/04 Anonymous Host 3305 Fri 2021-04-02 Nagios part 2 norrist 3306 Mon 2021-04-05 HPR Community News for March 2021 HPR Volunteers

Team Security Diskussion über The January 2021 Security Update Review