Active Enterprise Exploits in the Wild
CISA has added thirteen new vulnerabilities as known exploits which should be patched ASAP and I have included some critical patches from Microsoft. Everything below is based on evidence that threat actors are actively exploiting the vulnerabilities listed below.
These types of vulnerabilities may be a frequent attack vector by malicious actors. Regular patch updates cycles should already be part of your organization’s playbook to mitigate risk.
How do you handle emergency VS regular patch cycles, do you have a process built to quickly address critical CVE’s?
| Microsoft Updates | |
| CVE-2021-43890 | This Windows AppX Installer Spoofing zero-day vulnerability is publicly known and under exploitation by Emotet, Trickbot, and Bazaloader malware families. |
| CVE-2021-41333 | This Windows Print Spooler Elevation of Privilege vulnerability has been made public and has low attack complexity. |
| CVE-2021-43880 | This security flaw is described as a Windows Mobile Device Management Elevation of Privilege (EoP) vulnerability that allows local attackers to delete targeted files on a system. |
| CVE-2021-43893 | Reported by Google Project Zero this issue is described by Microsoft as an EoP in the Windows Encrypting File System (EFS). |
| CVE-2021-43240 | NTFS Set Short Name elevation of privilege bug, has proof-of-concept exploit code available and is known publicly. |
| CVE-2021-43883 | NTFS Set Short Name elevation of privilege bug, has proof-of-concept exploit code available and is known publicly. |
| CISA Vulnerablity List | |
| CVE-2021-44228 | Apache Log4j Remote Code Execution Vulnerability |
| CVE-2021-44515 | Zoho Corp. Desktop Central Authentication Bypass Vulnerability |
| CVE-2021-44168 | Fortinet FortiOS Arbitrary File Download |
| CVE-2021-35394 | Realtek Jungle SDK Remote Code Execution Vulnerability |
| CVE-2020-8816 | Pi-Hole AdminLTE Remote Code Execution Vulnerability |
| CVE-2020-17463 | Fuel CMS SQL Injection Vulnerability |
| CVE-2019-7238 | Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability |
| CVE-2019-13272 | Linux Kernel Improper Privilege Management Vulnerability |
| CVE-2019-10758 | MongoDB mongo-express Remote Code Execution Vulnerability |
| CVE-2019-0193 | Apache Solr DataImportHandler Code Injection Vulnerability |
| CVE-2017-17562 | Embedthis GoAhead Remote Code Execution Vulnerability |
| CVE-2017-12149 | Red Hat Jboss Application Server Remote Code Execution Vulnerability |
| CVE-2010-1871 | Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability |