CyberScotland Bulletin

Microsoft released its monthly security update Tuesday 8^th February 2022, disclosing 51 vulnerabilities across its suite of products.

This Patch Tuesday, the breakdown of vulnerabilities includes only 1 “moderate” rating, with the remaining labelled as “important”. This month has been one of the few times that no critical vulnerability has been published. Additionally, no vulnerabilities this time around have been found to be actively exploited.

One vulnerability addressed is a zero-day that has been classified as CVE-2022-21989. This issue relates to a privilege escalation bug in Windows Kernel. In Microsoft’s FAQ, they advised that an attack could be preformed from a low privilege AppContainer. A malicious actor could elevate privileges and execute code or access resources.

Overall, Microsoft’s February release address vulnerabilities in Windows, Microsoft Edge, Microsoft Office and Office Components, SQL Server, Visual Studio Code and Microsoft teams, among others.

More information can be found with this link: thehackernews.com

This month, Google has addressed 11 security issues in the Chrome web browser, one of which is a zero-day being actively exploited. The vulnerability, classified as CVE-2022-0609, is a use-after-free vulnerability in it’s animation component. Use-after-free refers to an issue where an attacker can cause a program to crash, use unexpected values, or execute malicious code.

The main 8 issues in this patch are highlighted in the release update found with this link: Chrome Releases

Chrome users are therefore highly recommended to update their browser to it’s latest version, which is currently 98.0.4758.102.

Apple has released security updates for iOS, iPadOS, macOS, and Safari, which address a zero-day vulnerability being actively exploited. The flaw relates to the WebKit browser engine, in which attackers can execute arbitrary code after processing malicious web content.

The vulnerability is classified as CVE-2022-22620, and relates to a use-after-free exploit, allowing an attacker can cause a program to crash, use unexpected values, or execute malicious code. The company noted in a statement that they are “aware of a report that this issue may have been actively exploited”.

The separate security updates which patch this issue are as follows:

• iOS 15.3.1
• iPadOS 15.3.1
• macOS Monterey 12.2.1

It is recommend that Apple users update all their devices to their latest versions to mitigate this vulnerability. A guide on updating devices can be found at support.apple.com and further information on the issue is discussed at threatpost.com.

A number of critical vulnerabilities relating to Cisco Small Business RV Series Routers have been patched by Cisco. Exploits such as privilege escalation, denial of service, and execution of malicious code are possible on affected devices. Proof-of-concept code also exists which can be used to target several of these known vulnerabilities, according to the company.

Three of the discovered issues have been given the highest severity rating possible, and are highlighted below.

• CVE-2022-20699
• CVE-2022-20700
• CVE-2022-20708

Cisco have highlighted that there are no current workarounds that address any of these vulnerabilities, and software updates have since been released to patch the issues.

A full list of the affected products and associated vulnerabilities can be found at tools.cisco.com. Software updates should be applied to any affected routers as soon as possible.

The Cyber Security Information Sharing Partnership is a joint initiative between government and industry to share cyber threat information in a secure and confidential environment.

Organisations that are proactive in their approach for the management and handling of cyber security should consider joining CiSP to keep up with emerging threats.

Your organisation can register to join CiSP here. If your organisation is looking for a sponsor please contact the Cyber Resilience Unit at the Scottish Government at cyberresilience@gov.scot

When your organisation has joined, you can register as an individual here.