CERT/CC

You all know by now about the #log4j CVE-2021-44228 that affects lots of Java applications, right? No? Well that extra sleep must be nice! We've published a vulnerability note with details: kb.cert.org/vuls/id/930724 We link to PowerShell and Python3 scanners to find jar files too.

We have been communicating our findings to and collaborating with Pulse Secure. They have published more details about the Integrity Checker Tool (ICT) here: kb.pulsesecure.net/articles/Pulse…

Since the Pulse Connect Secure ICT has been public since March, it would be wise to assume that attackers have worked around it by now. Yes, run the ICT if you haven't already by now. No, a clean ICT report doesn't necessarily mean you're fine.

It is important to realize that the Pulse Secure Integrity Checker Tool (ICT) and the PCS factory reset functionality can both be subverted by an attacker on a compromised PCS device. If we can do this, assume that attackers can do this as well. 🤔

If you have a Pulse Connect Secure system and did not immediately apply the instantaneous XML workaround published on April 20, assume compromise until you can prove otherwise. Run the PCS Integrity Assurance package as soon as possible (requires reboot). kb.pulsesecure.net/articles/Pulse…

@cscart We have a vulnerability report that we would like to share with you. How would you like to receive vulnerability reports?

This is not a drill - patch your Exchange Servers ASAP We're seeing active exploitation by #HAFNIUM microsoft.com/security/blog/…

We've published vulnerability note VU#490028 about Zerologon / CVE-2020-1472. Windows Domain controllers without the August update from Microsoft are vulnerable to complete domain takeover by an unauthenticated attacker. Samba DCs < 4.8 affected by default kb.cert.org/vuls/id/490028

Citrix vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP. Impacts include system compromise by an unauthenticated user on the management network. support.citrix.com/article/CTX276…

Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate @PaloAltoNtwks’ proactive response to this vulnerability. security.paloaltonetworks.com/CVE-2020-2021

@p1onk @zmanion The CERT/CC has a form to report vulnerabilities: kb.cert.org/vuls/report/

Microsoft has released ADV200006 about an 0day vulnerability being exploited in the wild in Microsoft Windows Adobe Type Manager Type 1 font parsing. There are almost as many workarounds provided as there are attack vectors! kb.cert.org/vuls/id/354840/

Microsoft has released updates for this issue: portal.msrc.microsoft.com/en-US/security…

Disable SMB compression and block SMB both inbound AND outbound to help prevent exploitation of an unpatched "wormable" vulnerability in Microsoft Windows SMBv3. kb.cert.org/vuls/id/872016/ ADV200005 CVE-2020-0796 VU#872016

VU#338824 Microsoft Internet Explorer is being actively exploited in the wild using a new unpatched vulnerability in the Scripting Engine. Disable access to JScript.dll as a workaround. kb.cert.org/vuls/id/338824/

If you use "Disable all macros without notification" in Microsoft Office for Mac, you may be in for an unpleasant surprise. XLM macros in SYLK (.SLK) content will run without any prompting. This allows for arbitrary code execution without any clicks. kb.cert.org/vuls/id/125336/

Any device that has a software stack associated with it may become unsafe when it has outlived its support life span. It's Time to Retire Your Unsupported Things insights.sei.cmu.edu/cert/2019/10/i…

CVE Celebrates 20 Years! #October162019_CVE_Celebrates_20_Years" target="_blank" rel="nofollow noopener">cve.mitre.org/news/archives/…! #cve #cveentries #cveids #cna #vulnerabilities #cybersecurity

@todb Indeed. But guess what happens to a narrowly-targeted attack that suddenly has a patch available?

It's important to note that these updates are NOT currently being deployed via Windows Update or Microsoft Update. Despite being actively exploited in the wild, manual actions must be taken to receive the fixes.