Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from April that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2024-29988
The CVE-2024-29988, identified as a Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability, represents a significant threat as it allows for security feature bypass, specifically targeting Windows versions ranging from 10 to 11 and various Windows Server versions. Classified under CWE-693 (Protection Mechanism Failure), the vulnerability facilitates unauthorized actions by circumventing security measures designed to block untrusted and potentially harmful files. Microsoft’s Common Vulnerability Scoring System (CVSS) has assigned it a high severity score of 8.8, indicating serious implications. The CVSS vector breakdown illustrates that the vulnerability can be exploited remotely (AV:N), with low attack complexity (AC:L), requires no privileges (PR:N), and requires user interaction (UI:R), affecting confidentiality, integrity, and availability at a high level (C:H/I:H/A:H). This vulnerability has been actively exploited in the wild, as evidenced by its listing in CISA’s Known Exploited Vulnerabilities Catalog, underscoring the urgency for mitigation. Microsoft has issued patches for affected systems, ranging from security updates for various Windows 10 and Windows 11 editions to Windows Server versions. Users and administrators are urged to apply these updates before the May 21, 2024, deadline set by CISA’s directive BOD 22-01 to mitigate risks associated with this vulnerability. Further details and patch links are available on Microsoft’s official advisory page.
CVE-2024-26234
CVE-2024-26234, identified as a Proxy Driver Spoofing Vulnerability, affects various Microsoft products, posing a medium threat with a CVSS base score of 6.7. This vulnerability, classified under CWE-284 (Improper Access Control), allows attackers to spoof proxy driver communications, potentially leading to unauthorized access and manipulation of network traffic. The CVSS vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H suggests that the exploitation requires high privileges but no user interaction, and occurs locally, implying that an attacker needs access to the host system to exploit this flaw. In the context of CVE-2024-26234, the CVSS vector element “AV:L” stands for “Attack Vector: Local.” This component of the CVSS (Common Vulnerability Scoring System) score specifies how the vulnerability can be exploited. The “Local” attack vector indicates that the vulnerability can only be exploited with local access to the system. This means the attacker needs either physical access to the device or must already have access through some other legitimate means, such as an authenticated user account. This local requirement significantly limits how easily the vulnerability can be exploited compared to vulnerabilities with a network-based attack vector (“AV:N”), which can be exploited remotely over a network. The local attack vector requires the attacker to have more specific conditions met, such as being in the physical vicinity of the vulnerable device or having compromised it in some other way to gain local user access. As a result, while the impact of exploiting this vulnerability might be severe, the risk of exploitation is generally lower because of the physical or local access required. The implication of this vulnerability is significant as it affects integrity and confidentiality at a high level, posing a risk to data security and system control. Microsoft has recognized the seriousness of this vulnerability by including it in their advisories and providing updates for affected systems, although specific patch details were not disclosed in the summary provided. Users and administrators are advised to monitor Microsoft’s updates closely and apply necessary patches to mitigate the risks associated with this vulnerability. Given the high privileges required for exploitation, organizations should also ensure that access controls and user permissions are strictly managed to prevent unauthorized system access. For more information on this vulnerability, refer to NIST’s documentation here.
CVE-2024-20678
CVE-2024-20678 details a significant vulnerability involving the Remote Procedure Call (RPC) Runtime that allows for remote code execution. This vulnerability, which Microsoft has categorized with a high severity CVSS score of 8.8, permits unauthorized remote execution of code by an attacker. The CVSS vector, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, illustrates the nature of the threat: it is remotely exploitable (AV:N) with low attack complexity (AC:L) and low privilege requirements (PR:L), and it doesn’t require user interaction (UI:N). The potential impact on confidentiality, integrity, and availability is rated high (C:H/I:H/A:H), indicating that an exploit could lead to substantial data breach, data manipulation, and service disruption. Classified under CWE-843 (Access of Resource Using Incompatible Type or ‘Type Confusion’), the vulnerability arises when the RPC runtime improperly handles memory operations, leading to type confusion that an attacker can exploit to execute arbitrary code on the victim’s system. This type of vulnerability is particularly dangerous because it can be exploited to take complete control of the affected system. Given its severity and the nature of RPC as a critical component in many Windows environments, organizations are urged to apply any available patches from Microsoft promptly. This vulnerability is under active analysis and further details, including mitigation steps, are likely to be provided by Microsoft through their advisory page. As always, maintaining up-to-date systems and being vigilant about security updates are crucial in preventing potential exploits of such vulnerabilities. For more information, refer to Microsoft’s advisory page here.
CVE-2024-29063
CVE-2024-29063 exposes a high-severity information disclosure vulnerability in Azure AI Search, rated with a CVSS base score of 7.3 by Microsoft. This vulnerability is attributed to the use of hard-coded credentials (CWE-798), which can lead to unauthorized access and the potential leakage of sensitive information managed by Azure AI Search services. According to the CVSS vector, CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L, the vulnerability can be exploited with local access (AV:L), low attack complexity (AC:L), and low privilege requirements (PR:L), and it does not require user interaction (UI:N). The impact is primarily on confidentiality and integrity, both rated high (C:H/I:H), while the impact on availability is considered low (A:L). The presence of hard-coded credentials often means that an attacker who gains access to these credentials can read or modify data intended to be protected, potentially leading to significant security incidents, especially in environments where sensitive data is processed or stored. Given the vulnerability’s characteristics and its potential to compromise data integrity and confidentiality, it is crucial for organizations using Azure AI Search to prioritize patching this vulnerability. Microsoft typically provides updates or mitigation guidelines via their advisory pages, which should be closely monitored and applied to prevent exploitation. Additionally, organizations should review and adjust their security configurations to minimize the use of hard-coded credentials and improve overall security posture. For more information, refer to Microsoft’s advisory page here.
CVE-2024-21071
CVE-2024-21071 represents a critical vulnerability in the Oracle Workflow component of Oracle E-Business Suite, specifically affecting the Admin Screens and Grants UI. The supported versions that are vulnerable range from 12.2.3 to 12.2.13. This vulnerability is particularly concerning due to its ease of exploitation; it allows a high privileged attacker with network access via HTTP to fully compromise Oracle Workflow. Such an attack could also potentially affect additional products beyond the initially targeted one, due to scope change, leading to a broader security compromise. The severity of this vulnerability is underscored by its CVSS 3.1 base score of 9.1, which places it in the critical category. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) details the threat as follows: it is exploitable remotely with low attack complexity (AC:L) and no user interaction required (UI:N). However, the exploitation requires high privileges (PR:H), which somewhat limits the range of potential attackers. The scope (S:C) suggests the vulnerability’s impact may extend beyond the initially compromised component. The implications for confidentiality, integrity, and availability are all rated high (C:H/I:H/A:H), indicating that successful exploitation could lead to significant data breaches, unauthorized data modifications, and potentially severe service disruptions. Given the high criticality of this vulnerability, organizations utilizing affected versions of Oracle E-Business Suite are advised to promptly apply the fixes provided by Oracle. The official advisory, which details the vulnerability and the necessary remediation steps, can be found on Oracle’s website. Monitoring updates from Oracle and implementing recommended security measures are crucial steps in mitigating the risks associated with CVE-2024-21071. Organizations should also review their access controls to minimize the number of users with high-level privileges, further reducing the risk of exploitation. For more information about this vulnerability, please refer to the CVE documentation here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
