Microsoft Patch Tuesday takes center stage in this week’s vulnerability news, with a notable SharePoint Server vulnerability that’s been seen alongside Qakbot malware. Additionally, VMware has four issues to patch in its Workstation and Fusion products, and the IEEE standard for Wi-Fi has a network name vulnerability that affects all operating systems and Wi-Fi clients. Federal agencies have until June 6 to patch D-Link router vulnerabilities.
This doubles as your weekly reminder to check your IT vendors’ security bulletins regularly and patch every vulnerability as soon as you learn about it. Always prioritize creating a patch plan if your security teams haven’t developed a methodology already.
May 10, 2024
Vulnerability in Python Package Affects AI Models
Type of vulnerability: Template injection in Python package.
The problem: Researcher Patrick Peng discovered and wrote a blog post about a vulnerability in the llama_cpp_python dependency. Llama is a Python package designed to support large language models. When exploited, the vulnerability allows an attacker to create a malicious template in Llama, leading to remote code execution or a denial-of-service (DoS) attack. This vulnerability affects natural language processing applications.
The vulnerability is tracked as CVE-2024-34359 and has a severity rating of 4.0.
The fix: Download your currently running version to version v0.2.72 of llama_cpp_python, which fixes this vulnerability.
May 14, 2024
Microsoft Patch Tuesday Sees Over 60 Patch Opportunities
Type of vulnerability: Multiple, including remote code execution and privilege escalation.
The problem: Microsoft had more than 60 vulnerabilities to announce and patch in May’s Patch Tuesday update. Among the highlights is an elevation of privilege vulnerability in the Desktop Windows Manager Core Library, which allows a threat actor to escalate privileges. This one has been active in the wild; SecureList found it to be in use with Qakbot and other strains of malware.
Microsoft SharePoint Server also had a remote code execution (RCE) vulnerability with a CVSS rating of 8.8. According to Arctic Wolf, a malicious user with Site Owner permissions or higher “could upload a specially crafted file onto a targeted SharePoint Server. Subsequently, they could generate tailored API requests to trigger the deserialization of the file’s parameters, which enables RCE within the SharePoint Server’s context.”
The fix: Check out Microsoft’s vulnerability update guide and other resources from the vendor to determine whether your products need to be updated.
4 VMware Vulnerabilities Affect Workstation & Fusion
Type of vulnerability: Multiple, including information disclosure and use-after-free.
The problem: VMware has disclosed vulnerabilities in its Workstation Pro/Player and Fusion products:
- CVE-2024-22267: Use-after-free vulnerability in the vbluetooth device could allow a threat actor to execute code when they have local administrative privileges on a virtual machine.
- CVE-2024-22268: Heap buffer overflow vulnerability in the Shader functionality of Workstation and Fusion allows hackers to perform DoS without needing admin access to virtual machines.
- CVE-2024-22269: Information disclosure vulnerability in the vbluetooth device allows threat actors with admin privileges on a VM to view privileged data in hypervisor memory.
- CVE-2024-22270: Information disclosure vulnerability in Host Guest File Sharing allows threat actors with admin privileges on a VM to view privileged data in hypervisor memory.
The CVSS severity ranges from 7.1-9.3 amongst the four vulnerabilities.
The fix: Upgrade to Workstation version 17.5.2 and Fusion 13.5.2.
If your business is looking for a standardized method of identifying vulnerabilities in your IT infrastructure, check out our guide to the best vulnerability scanners, including Tenable, Invicti, and Nmap.
IEEE Standard for SSIDs Affects All Operating Systems
Type of vulnerability: SSID confusion.
The problem: A vulnerability in the IEEE 802.11 standard for Wi-Fi allows threat actors to connect to a spoofed network that’s masquerading as the true network. This attack can occur on any operating system and Wi-Fi client.
The network name, or SSID, isn’t always properly protected during the handshake process, and IEEE 802.11 doesn’t always require authentication for SSID during a Wi-Fi session. This means threat actors can spoof the network name and trick users into connecting to a malicious network.
It’s also possible that your VPN app will automatically disable the VPN once your device connects to a supposedly trusted Wi-Fi network, according to the researchers at Top10VPN.
The fix: Mitigations are limited for an issue within a Wi-Fi standard. Use always-active VPN connections and never reuse the same credentials for an SSID.
May 16, 2024
Agencies Have June 6 Deadline to Patch D-Link Routers
Type of vulnerability: Multiple, including cross-site forgery and information disclosure.
The problem: Two vulnerabilities compromise multiple D-Link routers, a month after thousands of D-Link NAS devices were affected by a command injection vulnerability.
CVE-2014-100005 is a cross-site forgery vulnerability that affects DIR-600 routers. CVE-2021-40655 is an information disclosure vulnerability that allows an attacker to forge a request and steal credentials; it affects DIR-605 routers. Note that some DIR-600 devices are end of life, so D-Link won’t release any firmware updates for these.
The DIR-X4860 routers also have a vulnerability that permits remote unauthenticated attackers to escalate privileges and run commands as root once they’ve gained access to the HNAP port.
The Central Information Security Agency (CISA) has given federal agencies a deadline of June 6 to patch their routers.
The fix: Check D-Link’s security bulletins for specific patch instructions for your products. Additionally, replace all D-Link end-of-life devices, especially the DIR-600L line of routers.
May 17, 2024
New Chrome Vulnerability Requires Browser Upgrade
Type of vulnerability: Out-of-bounds write.
The problem: This new Chrome vulnerability is an out-of-bounds write in Chrome V8, Chrome’s JavaScript engine. It affects Chrome versions prior to 124.0.6367.207. By exploiting the vulnerability, an attacker could remotely execute an out-of-bounds memory write, using a specifically designed HTML page to do so.
We addressed CVE-2024-4671 in last week’s recap, but this one — CVE-2024-4761 — also needs to be patched. The vulnerability received a high Chromium severity rating.
The fix: Upgrade to the most recent version of Google Chrome immediately. Your computer may do this on its own, but if not, click the three vertical dots on the top right of your browser and select the Update option.
Read next:
- Vulnerability Recap 5/13/24 – F5, Citrix & Chrome
- Best Vulnerability Management Software & Systems in 2024
