June has seen the release of multiple security updates, with major patches issued for Google’s Chrome and Android, as well as dozens of patches for Microsoft products, including solutions to a zero-day Windows vulnerability that attackers had already exploited. Apple updates were absent at the time of writing, but the month also included some major company-focused patches for Citrix, SAP, and Cisco products.
This is what you need to know about the major patches released over the last month.
Microsoft
The launch of Microsoft Patch Tuesday was quite important in June, including solutions for 55 defects in the tech giant’s products. This patch Tuesday was especially important because it addressed a remote code execution (RCE) problem already exploited in Windows called Follina, of which Microsoft had known at least since May.
Tracked as CVE-2022-30190, Follina, which exploits vulnerabilities in the Windows Support Diagnostic Tool and can be run without opening a document, has already been used by several criminal groups and attackers sponsored by the state.
Three of the vulnerabilities addressed in Patch Tuesday that affect Windows Server are RCE defects and are considered critical. However, the patches seem to be breaking some VPN and RDP connections, so be careful.
Google Chrome
Google Chrome updates keep coming in strong and fast. This is not a bad thing, as the most popular browser in the world is by default one of the most important targets for hackers. In June, Google released Chrome 103 with patches for 14 vulnerabilities, some of which are serious.
Tracked as CVE-2022-2156, the biggest flaw is a problem after using free to Base reported by the Google Project Zero bug search team that could cause arbitrary code execution, the denial of service or data corruption. Worse, when chained with other vulnerabilities, the defect could lead to a total compromise of the system.
Other issues fixed in Chrome include stakeholder vulnerabilities, web application provider, and a Javascript and WebAssembly V8 engine failure.
Google Android
Of the multiple Android security issues that Google fixed in June, the most serious is a critical security vulnerability in the system component that could lead to remote code execution without the need for additional execution privileges, Google said in your Android Security Bulletin.
Google also released updates for its Pixel devices to fix issues in the Android Framework, Media Framework, and System Components.
It seems that Samsung users have been lucky with Android updates lately, with the device maker launching their patches very quickly. The June security update is no different, coming immediately to the Samsung Galaxy Tab S7 series, Galaxy S21 series, Galaxy S22 series and Galaxy Z Fold 2.
Cisco
Software manufacturer Cisco released a patch in June to fix a critical vulnerability in Cisco Secure Email and Web Manager and Cisco Email Security Appliance that could allow a remote attacker to bypass authentication and log in to the web management interface. an affected device.
The issue, tracked as CVE-2022-20798, could explode if an attacker enters something specific on the affected device’s login page, which would provide access to the web-based management interface, Cisco said. .
Citrix
Citrix has issued a warning urging users to fix some major vulnerabilities that could allow attackers to reset administrator passwords. Citrix Application Delivery Management vulnerabilities could lead to system corruption by a remote, unauthenticated user, Citrix said in a security bulletin. “The impact of this may include resetting the administrator password the next time the device is restarted, allowing an attacker with ssh access to connect to the default administrator credentials after the device has been restarted.” , wrote the company.
Citrix recommends that traffic to the Citrix ADM IP address be segmented from standard network traffic. This reduces the risk of exploitation, he said. However, the vendor also urged customers to install the updated versions of the Citrix ADM server and Citrix ADM agent “as soon as possible.”
SAP
Software company SAP has released 12 security patches as part of its June Patch Day, three of which are serious. The first SAP listing refers to an update released on Patch Day in April 2018 and applies to the Google Chromium browser control used by the company’s business customers. Details of this vulnerability are not available, but it has a severity score of 10, so the patch should be applied immediately.
Another important solution addresses an issue with the SAProuter Proxy Server on NetWeaver and the ABAP platform, which could allow an attacker to execute SAProuter administration commands from a remote client. The third major patch fixes a privilege escalation error in SAP PowerDesigner Proxy 16.7.
Splunk Enterprise
Splunk has released some out-of-band patches for its Enterprise product, fixing issues, including a critical vulnerability that could lead to arbitrary code execution.
Labeled CVE-2022-32158, the failure could allow an opponent to compromise an endpoint of the universal forwarder and execute code at other points connected to the deployment server. Fortunately, there is no indication that the vulnerability has been used in any real-world attacks.
Ninja Forms WordPress Connector
Ninja Forms, a WordPress plugin with over a million active installations, has fixed a serious issue that attackers are probably using in the wild. “We discovered a code injection vulnerability that allowed unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that did not serialize the user-supplied content, resulting in the injection of objects “, WordPress security analysts Wordfence Threat. The intelligence team said in an update.
This could allow attackers to execute arbitrary code or delete arbitrary files in places where there was a separate POP string, the researchers said.
The defect has been completely corrected in versions 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4 and 3.6.11. WordPress seems to have performed a forced automatic update for the plugin, so your site may already be using one of the applied versions.
Atlassian
Australian software company Atlassian has released a patch to fix a zero-day crash that is already being exploited by attackers. Tracked as CVE-2022-26134, the RCE vulnerability on the Confluence server and data center can be used for the backdoor of servers exposed to the Internet.
GitLab
GitLab has released patches for versions 15.0.1, 14.10.4 and 14.9.5 for GitLab Community Edition and Enterprise Edition. The updates contain important security fixes for eight vulnerabilities, one of which could allow the account to be taken.
With that in mind, the company “strongly recommends” that all GitLab installations be upgraded to the latest version “as soon as possible.” GitLab.com is already running the pasted version.