Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates
Executive summary
Microsoft’s July Patch Tuesday provides updates to address 143 security issues across its product range, including two actively exploited zero-day vulnerabilities (CVE-2024-38080 and CVE-2024-38112). The exploited zero-day vulnerabilities are a privilege escalation vulnerability in Hypervisor (CVE-2024-38080) and a spoofing vulnerability (CVE-2024-38112), both of which have been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. Also, among the updates provided by Microsoft were 5 critical vulnerabilities.
In addition to the Microsoft updates this week also saw Adobe fix 7 vulnerabilities across various products, Citrix have also addressed multiple vulnerabilities including a critical in NetScaler Console.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker with access, to gain SYSTEM privileges or use malicious sites and spoof them to appear trusted. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of Windows and Adobe products impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.
Technical Summary
Microsoft
CVE-2024-38080 – This vulnerability is an integer overflow affecting Hyper-V. If successfully exploited it allows an attacker to gain SYSTEM privileges on the host machine, however initial access to the local machine is required to exploit the flaw.
CVE-2024-38112 – This vulnerability is a spoofing vulnerability which affects Windows MSHTML Platform and can be exploited with a specially crafted HTML file. If successfully exploited it will allow an attacker to render malicious content as trusted, misleading users to divulge sensitive information like login credentials or to install malware.
Adobe
This month, Adobe released fixes for a total of 7 vulnerabilities across several of its products. Out of these, 6 were rated as critical. The affected products and their respective vulnerabilities are as follows: Adobe Premier Pro had 1 critical vulnerability, Adobe Bridge also had 1 critical vulnerability, and Adobe InDesign had 4 critical vulnerabilities. Currently, Adobe is not aware of any active exploitation of these vulnerabilities. The types of vulnerabilities addressed include arbitrary code execution and memory leaks.
Citrix
Citrix have released patches to fix multiple security vulnerabilities including a critical and high vulnerability in the NetScaler Console and Agent product. The critical vulnerability (CVE-2024-6235) if successfully exploited is an improper authorisation bug that could allow attackers to access sensitive information.
While Citrix has not stated that any of these vulnerabilities are being exploited in the wild, Black Arrow advises that organisations update the affected appliances as soon as possible. The affected products can be found below in the further information section.
Further details on Windows specific updates within this patch Tuesday can be found here:
https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/
Further details of the vulnerabilities addressed in Adobe Premiere Pro can be found here: https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html
Further details of the vulnerabilities addressed in Adobe Bridge can be found here:
https://helpx.adobe.com/security/products/bridge/apsb24-51.html
Further details of the vulnerabilities addressed in Adobe InDesign can be found here:
https://helpx.adobe.com/security/products/indesign/apsb24-48.html
Further details of the vulnerabilities addressed in Citrix NetScaler can be found here:
Further information on US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog can be found here:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity