The US cyber security authority CISA warns of some security gaps that have only recently been discovered. Cyber criminals are already actively attacking them.
The US cyber security authority CISA has observed attacks on security gaps, some of which have only recently become known. Hence she has the gaps in the Known Exploited Vulnerabilities Catalog recorded. For US authorities, this means that they now have little time to install any patches that may be available.
Patch multiple products quickly
The recently added vulnerability that cybercriminals are now targeting is found in Palo Alto firewalls’ PAN-OS operating system. The vulnerability allows a reflected denial-of-service (RDoS) attack, which attackers can use to make it appear as if it originated from the Palo Alto firewalls. The PA, VM and CN versions are affected, i.e. hardware appliances, virtual machines and containers with PAN-OS; updated software is available for this (CVE-2022-0028, CVSS 8.6risk “high“). By September 12, US authorities must install these.
The CVE-2017-15944 vulnerability, which is five years old, enables the execution of foisted code in PAN-OS when combined with other errors. A few days ago, CISA added this and the following vulnerabilities to the catalog of exploited security gaps. Authorities are requested to seal them by September 8th.
SAP administrators should also import the updates from the February patch day of this year at the latest. The closed vulnerability CVE-2022-22536 allows attackers so-called HTTP request smuggling. Attackers are also targeting vulnerabilities in Apple’s iOS and macOS. They enable the execution of injected malicious code and escalation of rights in the system (CVE-2022-32893, CVE-2022-32894).
Cyber criminals also exploit gaps in Microsoft’s Active Directory that were closed on the May patch day to escalate their rights (CVE-2022-26923). By abusing a vulnerability in the Microsoft Windows Runtime, they also smuggle in malicious code (CVE-2022-21971). The February Windows Updates fix this security-related bug.
Since the aforementioned vulnerabilities are attacked in the wild, administrators should quickly download and install the updates provided by the manufacturers.
