Black Arrow Cyber Advisory 14 August 2024 – Microsoft, Adobe, Ivanti, SAP, Fortinet, Zoom, Intel and AMD Security Updates

14 Aug

Executive summary

Microsoft’s August Patch Tuesday provides updates to address 89 security issues across its product range, including six actively exploited zero-day vulnerabilities and three publicly disclosed zero-days. In addition to the Microsoft updates this week also saw Adobe fix 72 vulnerabilities across various products, Ivanti addressing a critical vulnerability in their Virtual Traffic Manager product and SAP releasing 25 patches for a variety of products, including 2 for critical vulnerabilities. Also, Fortinet released patches for a number of their different products, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues, and Intel and AMD patched 110 vulnerabilities between them.

Microsoft

Within the 89 addressed security issues, the actively exploited zero-day vulnerabilities include privilege elevations, memory corruption, web security feature bypass and remote code execution. All of which have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. Also, among the updates provided by Microsoft were 8 critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution and information disclosure.

Adobe

This month, Adobe released fixes for 72 vulnerabilities, of which 35 were rated critical, across several of their products. The affected products and their respective vulnerabilities are as follows: Adobe Illustrator (1 critical), Adobe Dimension (3 critical), Adobe Photoshop (1 critical), InDesign (9 critical), Adobe Acrobat Reader (8 critical), Adobe Bridge (2 critical), Adobe Commerce (7 critical), Adobe InCopy (1 critical), Adobe Substance 3D Stager (1 critical), Adobe Substance 3D Sampler (1 critical), Adobe 3D Designer (1 critical). Adobe have specifically warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. At current, Adobe is not aware of any of these vulnerabilities being actively exploited.

Fortinet

Fortinet have released patches for three vulnerabilities impacting FortiOS, FortiAnalyser, FortiManager, FortiProxy, FortiPAM and FortiSwitchManager. At current, Fortinet makes no mention of any of these vulnerabilities being actively exploited. Further details on the vulnerabilities and the patches can be found in the details below.

Ivanti

Ivanti have released a security update to address a critical vulnerability (CVE-2024-7593) in Virtual Traffic Manager (vTM) which could allow an unauthenticated attacker to bypass authentication of the admin panel and create admin users. The issue affects vTM versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1, with fixes available in versions 22.2R1, 22.7R2, and 22.3R3, 22.5R2, and 22.6R2 (all available the week of August 19, 2024). Currently Ivanti is not aware of any of these vulnerabilities being actively exploited however there is a public proof of concept that has been released so it is advised to apply the patches as soon as possible.

SAP

This month, SAP has released 25 patches, which include 17 new releases and 8 updates from previous releases. 2 patches have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including missing authentication checks, server-side request forgery (SSRF), XML injection and Prototype pollution.

Intel and AMD

Intel has published 43 new advisories covering roughly 70 vulnerabilities, including 9 high-severity issues affecting products like Intel NUC and Ethernet Controllers. Exploitation of these vulnerabilities can lead to privilege escalation, information disclosure, and denial of service. Meanwhile, AMD has released patches for 46 vulnerabilities across 8 advisories. Further information on the different vulnerabilities can be found below.

Zoom

This month, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues. CVE-2024-39825 affects Zoom Workplace apps and Rooms clients, allowing authenticated attackers to escalate privileges. CVE-2024-39818 impacts Zoom Workplace apps and Meeting SDKs, enabling authenticated users to access restricted information. Currently Zoom is not aware of any active exploitation but users are advised to update the affected applications.

What’s the risk to me or my business?

There are a large number of actively exploited vulnerabilities which could affect the confidentiality, integrity and availability of the systems. There is also a large quantity of critical and non-critical vulnerabilities that have been addressed in various vendor patches.

What can I do?

The updates should be applied as soon as possible for all the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating. Each vulnerability should be internally assessed and patched following vulnerability management and software/firmware update practices, in line with the risk that the vulnerabilities pose to the underlying systems.

More information:

Microsoft

Further details on other specific updates within this Microsoft patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/

https://www.ghacks.net/2024/08/13/the-windows-security-updates-of-august-2024-are-now-available-bitlocker-recovery-issue-fixed/

Adobe

Further details of the vulnerabilities in Adobe Illustrator can be found here:

https://helpx.adobe.com/security/products/illustrator/apsb24-45.html

Further details of the vulnerabilities in Adobe Dimension can be found here:

https://helpx.adobe.com/security/products/dimension/apsb24-47.html

Further details of the vulnerabilities in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-49.html