NOTIFIED: Microsoft & VMware Security Vulnerabilities
By CDI Security
The team at CDI is constantly monitoring for any and all vulnerabilities being exploited across the IT industry. Our experts routinely research and assess the security landscape and reach out to our clients when a patch is needed.
Below are recent notifications that all IT business leaders should be aware of:
Microsoft (High Priority)
In total, three Zero-Day vulnerabilities have been found and patches must be made immediately. Two of these vulnerabilities are actively exploited out in the wild.
“Follina” Zero-Day, Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Microsoft recommends installing the June 2022 cumulative Windows updates immediately. This vulnerability is being actively exploited.
Windows LSA-spoofing (CVE-2022-26925)
Rated an 8.1 on the Common Vulnerability Scoring System (CVSS), this bug is being actively exploited. An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM.
Windows Hyper-V Denial of Service Vulnerability (CVE-2022-22713)
Attackers with access to a privileged account may potentially be able to operate applications designed to crash. Proper input validation is addressed in this update.
VMware (High Priority)
CISA expects threat actors to quickly develop a capability to exploit these two newly released vulnerabilities in the following VMware products: Workspace ONE Access, Identify Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, and vRealize Suite Lifecycle Manager
Authentication Bypass Vulnerability (CVE-2022-22972)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Privilege Escalation Vulnerability (CVE-2022-229973)
VMware Workspace ONE Access and Identify Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’.