Multiple Critical Security Vulnerabilities

This week there were four significant disclosures of security vulnerabilities that could lead to serious and widespread impacts to the security of NJCCIC member networks, systems, and information if not addressed by organizations using the affected products.

Microsoft Patches Critical Vulnerability Found in Windows XP, Windows 2003, Windows 7 and Windows Server 2008Microsoft released security patches for two of the widely used but unsupported operating systems, namely Windows XP and Windows Server 2003. The security patches address a critical vulnerability (CVE-2019-0708) that resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. The vulnerability also exists in Windows XP and Windows 2003 that are no longer supported by Microsoft. Exploitation of this vulnerability could mimic the wormlike properties that allowed Wannacry ransomware to rapidly spread across networks in May of 2017. Affected organizations are advised to apply the patches Microsoft has released. More information on this vulnerability can be found on this NJCCIC Advisory.

Intel Discloses Zombieland Flaw
Intel disclosed a chip security flaw called Zombieland that affects almost all Intel chips manufactured after 2011 that, if exploited would allow an attacker to access any data that was recently processed. The flaw’s name is a reference to “zombie load,” which is when a computer processor can’t properly process a load of data and needs to ask for help in order to prevent a crash. More information regarding the flaw can be found at Intel’s site and updated processor microcode released in concert with its partners can be found here.

Cisco Discloses Two Significant Vulnerabilities That Can Severely Impact the Security of Networks Worldwide
Cisco disclosed one unpatched, high-severity vulnerability, called Thrangrycat that impacts millions of Cisco devices, in the logic that handles access control to one of the hardware components in the company’s proprietary Secure Boot implementation. At this time there is no patch for Thrangrycat but Cisco has provided additional details, a list of impacted products, and security guidance that can be found here. Cisco also disclosed a second high-severity vulnerability (CVE 2019-1862) that exists in the web-based user interface (Web UI) of the Cisco IOS XE Software through which an authenticated, remote attacker could execute commands on the underlying Linux shell of an affected device with root privileges. Cisco’s advisory and a link to the patch for this vulnerability can be found here.

Facebook Releases Patch for Serious WhatsApp Vulnerability
Facebook released a security patch to address a vulnerability (CVE 2019-3568) in its popular messaging app, WhatsApp that is used by over 1.5 billion users. The vulnerability could allow users’ phones to be compromised as a result of a buffer overflow in the WhatsApp VOIP stack. More information on the WhatsApp’s security advisory along with a list of affected versions of the app can be found here. Users are strongly encourage to apply the app update.

The NJCCIC recommends that organizations take a proactive approach to vulnerability and patch management and prioritize the application of security patches in accordance with their risk management processes.