Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Updates. Show all posts

Critical Security Flaw Discovered in Ivanti Virtual Traffic Manager


 

Ivanti, a leading company in network and security solutions, has issued urgent security updates to address a critical vulnerability in its Virtual Traffic Manager (vTM). The flaw, identified as CVE-2024-7593, carries an alarming severity with a CVSS score of 9.8 out of 10, signalling its potential risk to users.

Authentication Bypass Could Lead to Rogue Admin Access

The vulnerability arises from an incorrect implementation of the authentication algorithm in Ivanti vTM, excluding specific versions (22.2R1 and 22.7R2). This flaw allows remote attackers to bypass authentication processes, enabling them to create unauthorized administrative users. This could grant cybercriminals full control over the management interface, posing daunting risks to the affected systems.

Affected Versions and Immediate Actions

The vulnerability impacts several versions of Ivanti vTM, including 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1. Ivanti has responded by releasing patched versions—22.2R1, 22.7R2, and upcoming fixes for 22.3R3, 22.5R2, and 22.6R2, expected during the week of August 19, 2024. As a temporary measure, the company recommends that users limit admin access to the management interface or restrict it to trusted IP addresses to mitigate the risk of unauthorised access.

Despite no confirmed incidents of this vulnerability being exploited in the wild, the availability of a proof-of-concept (PoC) code increases the urgency for users to apply the latest patches to safeguard their systems.

Additional Vulnerabilities Addressed in Neurons for ITSM

In addition to the vTM flaw, Ivanti has also patched two serious vulnerabilities in its Neurons for ITSM product. The first, CVE-2024-7569, is an information disclosure vulnerability with a CVSS score of 9.6. It affects Ivanti ITSM on-premises and Neurons for ITSM versions 2023.4 and earlier, allowing attackers to obtain sensitive information, including OIDC client secrets, through debug data.

The second flaw, CVE-2024-7570, rated 8.3 on the CVSS scale, involves improper certificate validation. This vulnerability enables a remote attacker in a man-in-the-middle (MITM) position to craft a token that could grant unauthorised access to the ITSM platform as any user. These issues have been resolved in the latest patched versions of 2023.4, 2023.3, and 2023.2.

Further adding to the urgency, Ivanti has also addressed five high-severity vulnerabilities (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, and CVE-2024-37373) in its Avalanche product. These flaws could potentially lead to denial-of-service (DoS) conditions or even remote code execution if exploited. Users are strongly advised to update to version 6.4.4, which includes fixes for these issues.

These security updates highlight the critical practicality of staying current with patches and updates, especially for systems as vital as traffic management and IT service management platforms. Ivanti's quick response to these vulnerabilities is crucial in helping organisations protect their digital infrastructure from potentially devastating attacks. Users are urged to implement the recommended updates without delay to combat any risks posed by these newly discovered flaws.


Performance Hit Experienced By File Copying Due to Windows 11 22H2

 


According to reports, Microsoft began rolling out Windows 11 version 22H2 last month, just a few months after announcing it. The experience has not been completely smooth as one might think. 

"22H2 has a performance problem when copying large files from a remote computer to a Windows 11 computer or when copying files on a local drive," explains Ned Pyle, Principal Program Manager at Windows Server engineering.

There have been several reports of users reporting that the update failed with an error code of "0x800f0806". Interestingly enough, one of our Neowin members was able to figure out a workaround for this problem. There are also the usual suspects, like printer problems as a result of a revised printer policy that leads to printers not being detected after the 2022 Update, which can result in a lot of frustration. 

There was another related issue that caused Microsoft to block the whole update on affected devices due to this problem. Afterward, Microsoft issued a warning to IT admins on the issue, stating that provisioning for Windows 11 22H2 is currently broken, as it discovered the existence of this issue.

Additionally, the Redmond-based firm revisited another problem that was resulting in the massive slow-down in the speed at which large files could be copied remotely on 22H2 systems as a result of a power failure. 

There have been reports that speeds are around 40% lower than expected, according to the company. Although users are experiencing more performance issues than before, the situation seems to be getting increasingly problematic.

Earlier this week, Microsoft released KB5017389 preview cumulative update for Windows operating systems. This update included the fixes for this issue as well as a free trial of the update for those who have not yet downloaded it. The support document provides more information regarding this issue and also offers a free trial of the release.

It might take longer than expected for Windows 11 version 22H2 to copy large files with multiple gigabytes (GB) to complete the task as previously thought.

Despite the newly acknowledged issue, Microsoft added that Windows devices that are used in small or personal networks are less likely to be affected by it than those used for business networks.

A workaround is available for this issue, it has also been reported that Microsoft has shared a workaround for customers who are affected by the known issue after updating their devices to Windows 11 22H2.

There are several ways in which impacted users can mitigate the performance hit of file copying over SMB by using file copy tools that do not use a cache manager (buffered I/O) such as any of the freeware applications available on the Internet.

To resolve this issue, Microsoft is currently investigating and working on a solution to address it. As part of a future release, the issue will be addressed in a more detailed way, and this will be included in a more detailed update. 

It has been more than two years since Microsoft released Windows 11 22H2, and they have now added compatibility holds to make sure the upgrade is no longer available on some systems, due to printer problems or blue screens.

As part of this week's announcement, Microsoft confirmed that the Windows 11 2022 Update is also causing provisioning issues, which is causing Windows 11 endpoints to be partially configured and not complete the installation process. 

After entering a new deployment phase on Tuesday, October 4, Windows 11 22H2 is now available to all seekers on qualifying devices, and it has been installed on some of the devices already.

Trend Micro Flaw Being Actively Exploited

 

The cybersecurity firm Trend Micro disclosed that the threat actors are once again using security solutions as attack vectors and this time attackers are deliberately leveraging a vulnerability in its antivirus solutions, identified as CVE-2020-24557, to gain admin rights on Windows systems. 

Apex One and OfficeScan XG enterprise security products are affected by the CVE-2020-24557 vulnerability. The issue resides in the logic that controls access to the Misc folder, it could be manipulated by an attacker to escalate privileges and execute code in the context of SYSTEM. An attacker may use the bug to exploit a specific product folder to temporarily disable protection, abuse a specific Windows feature, and gain privilege escalation, according to experts. 

According to the advisory published by Tenable, “A vulnerability in Trend Micro Apex One on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.” 

Microsoft researcher Christopher Vella reported the flaw to Trend Micro via the Zero-Day Initiative programme in 2020, and the security firm addressed it in August 2020. Now, the security company has updated its security warning, acknowledging that the bug is being actively exploited in the wild by attackers and urging customers to install security updates. 

“Known vulnerabilities in Apex One, Apex One SaaS and OfficeScan agents could elevate privileges, allow an attacker to manipulate certain product folders to temporarily disable security features or to temporarily disable certain Windows features. It may be abused.” states the update published. 

JPCert also issued a warning about the above vulnerability, which has affected the following items and versions: 
– Trend Micro Apex One 2019 before Build 8422 
– Trend Micro Apex One as a Service prior to Build 202008 
– OfficeScan prior to XG SP1 Build 5702

In the advisory published by the JPCert, it stated “Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro.” 

“We have confirmed attacks that exploit known vulnerabilities in the following products. Each patch that has already been released supports it, so if you have not applied it, please apply it as soon as possible.” stated the cybersecurity firm. 

Other vulnerabilities in the Apex One and OfficeScan XG security products, such as CVE-2019-18187, CVE-2020-8467, and CVE-2020-8468 have previously been revealed and some of them have been exploited by nation-state actors in real-world attacks.

WhatsApp to Allow Users to Sync Chat Between iOS and Android


When switching devices from Android to iOS or the other way round, users were not able to retain the chat histories despite the backup option as WhatsApp didn’t provide a means to synchronize chat histories between the two platforms. Although, for the iOS users the chat histories are backed up on the iCloud and similarly, for Android, Google’s cloud gets the work done as long as the platform remains unchanged, having a method to drag the backup to a new platform would add a lot more convenience to both the universes.

Facebook-owned WhatsApp has been working on a new feature aiming to resolve the issue pertaining to the syncing of chats across platforms; the company is planning to come up with a functionality that will allow users to use a single phone number, i.e., one account on multiple devices, as per the sources.

Reports suggest that WhatsApp could allow users to use a single account on four different devices simultaneously. However, as per the idea revolving around this new feature, a Wi-Fi facility will become a must for users as a lot of data will be required for the uploading and downloading of all the multimedia along with the messages, while syncing the chat histories between devices.

Notably, the development came in the wake of users' complaints and demand regarding being able to use one account on multiple devices. Once WhatsApp will securely copy the chat history to the other device, users will finally be able to use their account from it. During the process, the encryption keys will be changed and all active chats will be notified about the same.

Referencing from the report by WABetainfo, “When the user wants to use WhatsApp on a second device, there is the need to copy the chat history. In this case, WhatsApp always requires a Wi-Fi connection, because it may use a large amount of your data plan,”

“Note that any message will be delivered to all your family devices, so your chat history will be always synced across platforms, and when you use or remove a device, your encryption key changes,”

“In this case, WhatsApp Desktop was used for the test, but it will work on a second mobile device too, but it’s really possible that WhatsApp will allow mobile devices to be connected to your main device later than WhatsApp Desktop. Note that, using this feature, an Internet connection on your device will no longer be needed to use WhatsApp Desktop,” read the report. 

StrandHogg is Back and Stronger As a More Sophisticated Vulnerability


Android is vulnerable anew owing it to a new vulnerability which goes by the name of “StrandHogg 2.0”

That is right. StrandHogg is back and now has affected numerous Android devices putting over a Billion Android devices in jeopardy.

The vulnerability is a pretty typical way aids hackers disguise illegitimate applications as legitimate ones with the ultimate aim of making them grant permissions which could end up releasing really important information.

The posing applications then find a way to the users’ sensitive data that too in real-time. Surprisingly, the worst part about the vulnerability is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device.

This vulnerability is referenced as “CVE-2020-0096” and is known by the name “StrandHogg 2.0”. This version aids the hackers to make more sophisticated attacks.

As of last year StrandHogg was already listening in on conversations and recording them, accessing login credentials, read/sending unwanted texts and with complete control of the photo album, call logs, and contacts.

Allegedly, StrandHogg 2.0 excepting the latest version of the Android 10 OS, exists on most Android devices.

As per sources, the Google website has it that from a minimum of 2 Billion Android users, just 16% of them have updated to Android 10 hence the rest are allegedly vulnerable.

To fight or prevent any mishap that could be caused by StrandHogg 2.0, steer clear off pop up notifications asking permission for sending notifications, messages, or other related things and applications asking to log in again despite being already logged in.

Due to the Coronavirus Pandemic, not as per usual, Google will be releasing its Android 11 Beta version via an online conference at the Google I/O. Reportedly this conference is scheduled for June 3, 2020.

Sources mention that this conference will be a fresh source for many new updates and news about official events. The schedule for the launching of Android 11 has been released and according to it Android 11 will undergo 3 Beta releases in the upcoming months that are June, July, and August. Word has it that the official version would finally hash out in or near October.


Firefox Now Set To Utilize BITS for Downloading New Software Updates


Mozilla Firefox is all set to utilize the Windows Background Intelligent Transfer Service, or BITS, to download the software updates in the background, this initial phase in the possible release of a standalone "Update Agent" that will perform updates despite when the browser's closed.
Presently Firefox will look for the new updates when the user opens the browser and either show a notification that an update is available or automatically install it.

Mozilla developers are likewise taking a shot at an independent application written in Rust called "Update Agent" which will discreetly run while checking for new browser updates notwithstanding when Firefox isn't open. For the users who don't run Firefox every now and again, it'll make it simpler for them to receive the new updates.

The purpose behind the Update Agent being planned as a 'background process’ which will remain running even after the browser is closed to download and apply updates is to make updating progressively helpful for everybody and lessen the time to get the new updates for users who aren't all around bolstered by the present update process since they don't run Firefox very much or they do not have an access to a proper internet connection.

This technique makes Firefox progressively secure, as regardless of whether a user immediately installs the update when prompted to do so, despite everything it comes up with an open door for a vulnerability which could be exploited before the update as well as its security fixes, can be installed.

For Windows users, Mozilla will utilize the Windows Background Intelligent Transfer Service, or BITS, since it enables updates to be downloaded in a manner that can be recovered if a download ends or is paused for reasons unknown. This enables the update to keep downloading where it left off when it can and spare time completing the update.

As the Update Agent application isn't prepared as of yet and requires a few different bugs to be settled with first, Mozilla is empowering BITS in Firefox with the goal that the browser can start utilizing the support and service of download browser updates.


Firefox BITS preferences


While the Mozilla developers are effectively taking a shot at this venture, with the goal that they can positively finish it sooner rather than later, then again in the Firefox Nightly build, Mozilla has included two new flags that can be utilized to test downloading software updates through BITS. Users can thus enable this test by setting the app.update.BITSenabled and app.update.BITS.inTrialgroup preferences to true in about:config.