Man
Professional
- Messages
- 3,222
- Reaction score
- 907
- Points
- 113
Positive Technologies has compiled a digest of 7 trending mistakes that you need to pay attention to urgently.
In September 2024, Positive Technologies specialists identified 7 key vulnerabilities that have become trending. Among them are security problems in Microsoft, Veeam, VMware, Roundcube Webmail and the WordPress plugin The Events Calendar.
Trending vulnerabilities are the most dangerous security flaws that require urgent solutions or compensatory measures. Such vulnerabilities are either already being exploited by attackers or could be exploited in the near future. Positive Technologies uses data from a variety of sources, such as vulnerability databases, security bulletins, social networks, and public repositories, to identify and analyze such threats.
One of the most significant bugs was a vulnerability in the Windows installer, affecting about a billion devices. CVE-2024-38014 (CVSS score: 7.8) allows attackers to escalate their privileges to SYSTEM, which grants access to malware installation and data modification.
The second issue, CVE-2024-38217 (CVSS score: 5.4), allows you to bypass the Mark of the Web (MotW) security feature to distribute malicious files. Exploitation of the vulnerability requires user participation, and its active use has been recorded since 2018.
A vulnerability in the MSHTML engine CVE-2024-43461 (CVSS score: 8.8) has also been identified, which allows hackers to hide the true file extension, which compromises the data of users who may be tricked into opening a malicious attachment. This vulnerability is especially dangerous when interacting with websites through Internet Explorer.
Among other dangerous vulnerabilities, experts highlight gaps in backup and virtualization solutions. Veeam Backup & Replication vulnerability CVE-2024-40711 (CVSS score: 9.8) allows users to achieve Remote Code Execution (RCE) and take full control of the system.
A similar issue was found in VMware vCenter (CVE-2024-38812 with CVSS: 9.8 score), where a Buffer Overflow error in the DCE Remote Procedure Call Protocol (RPC) can lead to a system compromise by remote code execution.
It should be noted that through a vulnerability in Veeam, cybercriminals can gain access to 2833 servers, and a vulnerability in VMware can affect more than 1900 vCenter hosts.
CVE-2024-37383 (CVSS score: 6.1) has been discovered in the Roundcube Webmail web client, which allows JavaScript code to be executed, which compromises the security of user sessions and access to their accounts. According to Shadowserver, more than 882,000 nodes on the network are running the affected version. To protect yourself, you need to update Roundcube Webmail software versions 1.5 and earlier to version 1.5.7 or higher, versions 1.6 to version 1.6.7 or higher.
In addition, The Events Calendar plugin for WordPress, installed on more than 700,000 sites, also has a SQL injection vulnerability (CVE-2024-8275, CVSS score: 9.8).
An attacker can gain access to a website's database, modify or delete sensitive information, which can lead to data leakage, spoofing, or denial of service (DoS). The affected feature is not enabled by default in the plugin, but it can be used on sites where it is manually called. If your site uses this feature, it is recommended to uninstall or disable it before installing an updated version of the plugin. You will also need to update The Events Calendar to version 6.7.0.
To protect against these threats, users and system administrators are advised to update the software in a timely manner and use patched versions of products.
Source
In September 2024, Positive Technologies specialists identified 7 key vulnerabilities that have become trending. Among them are security problems in Microsoft, Veeam, VMware, Roundcube Webmail and the WordPress plugin The Events Calendar.
Trending vulnerabilities are the most dangerous security flaws that require urgent solutions or compensatory measures. Such vulnerabilities are either already being exploited by attackers or could be exploited in the near future. Positive Technologies uses data from a variety of sources, such as vulnerability databases, security bulletins, social networks, and public repositories, to identify and analyze such threats.
One of the most significant bugs was a vulnerability in the Windows installer, affecting about a billion devices. CVE-2024-38014 (CVSS score: 7.8) allows attackers to escalate their privileges to SYSTEM, which grants access to malware installation and data modification.
The second issue, CVE-2024-38217 (CVSS score: 5.4), allows you to bypass the Mark of the Web (MotW) security feature to distribute malicious files. Exploitation of the vulnerability requires user participation, and its active use has been recorded since 2018.
A vulnerability in the MSHTML engine CVE-2024-43461 (CVSS score: 8.8) has also been identified, which allows hackers to hide the true file extension, which compromises the data of users who may be tricked into opening a malicious attachment. This vulnerability is especially dangerous when interacting with websites through Internet Explorer.
Among other dangerous vulnerabilities, experts highlight gaps in backup and virtualization solutions. Veeam Backup & Replication vulnerability CVE-2024-40711 (CVSS score: 9.8) allows users to achieve Remote Code Execution (RCE) and take full control of the system.
A similar issue was found in VMware vCenter (CVE-2024-38812 with CVSS: 9.8 score), where a Buffer Overflow error in the DCE Remote Procedure Call Protocol (RPC) can lead to a system compromise by remote code execution.
It should be noted that through a vulnerability in Veeam, cybercriminals can gain access to 2833 servers, and a vulnerability in VMware can affect more than 1900 vCenter hosts.
CVE-2024-37383 (CVSS score: 6.1) has been discovered in the Roundcube Webmail web client, which allows JavaScript code to be executed, which compromises the security of user sessions and access to their accounts. According to Shadowserver, more than 882,000 nodes on the network are running the affected version. To protect yourself, you need to update Roundcube Webmail software versions 1.5 and earlier to version 1.5.7 or higher, versions 1.6 to version 1.6.7 or higher.
In addition, The Events Calendar plugin for WordPress, installed on more than 700,000 sites, also has a SQL injection vulnerability (CVE-2024-8275, CVSS score: 9.8).
An attacker can gain access to a website's database, modify or delete sensitive information, which can lead to data leakage, spoofing, or denial of service (DoS). The affected feature is not enabled by default in the plugin, but it can be used on sites where it is manually called. If your site uses this feature, it is recommended to uninstall or disable it before installing an updated version of the plugin. You will also need to update The Events Calendar to version 6.7.0.
To protect against these threats, users and system administrators are advised to update the software in a timely manner and use patched versions of products.
Source
