Cisco Releases Security Updates

Original release date: May 16, 2018

• Digital Network Architecture Center Static Credentials Vulnerability
• Digital Network Architecture Center Authentication Bypass Vulnerability
• Digital Network Architecture Center Unauthorized Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna

Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis

Meeting Server Media Services Denial-of-Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms

Identity Services Engine EAP TLS Certificate Denial-of-Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap

IoT Field Network Director Cross-Site Request Forgery Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd

Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol (DHCP) client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system. See whether below command syntax will be the root cause of this problem?

For more details, please refer below url for reference.

Bug 1567974 – (CVE-2018-1111) – Command injection vulnerability in the DHCP client NetworkManager integration script

https://bugzilla.redhat.com/show_bug.cgi?id=1567974

Coming GDPR data protection policy penality drive me to draft this sharepoint point vulnerability discussion topic. Microsoft Dynamics CRM and Microsoft SharePoint are two powerful enterprise applications and very popular in the business world. As a matter of fact many enterprise firm integrate their dataware house platform to Microsoft sharepoint system. However Microsoft sharepoint architecture contained fundemental design weakness. You can take a look with your Active directory server and sharepoint server architecture. A common solution installed both web and sharepoint server in the same place (product design limitation). The system architect will install a proxy server as a front end to improve the isolation level. Refer to attached diagram, the sharepoint vulnerabiities merge with Win32k Elevation of Privilege Vulnerability will be compromise whole sharepoint system. The effective day of New GDPR data protection policy will be held on 25th May 2018. The company will be sentence if they are fail to data protection policy. The penality is that for lesser offences, the fine will be halved to €10million, or up to 2 percent of the offending organization’s annual revenue. So we must be stay alert!

Reference:

CVE-2018-8155 | Microsoft SharePoint Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155

CVE-2018-8168 | Microsoft SharePoint Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8168

CVE-2018-8156 | Microsoft SharePoint Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156

CVE-2018-8149 | Microsoft SharePoint Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8149

CVE-2018-8164 | Win32k Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8164

Have you watch a movie Saturday night fever. From technology world point of view, they are every night fever. As times go by, Cloud computing, single sign-on system become a base in technology world. Even though security expert concern about the data privacy matters or single sign-on unforeseen cyber security issues.  A intangible force driven the world agree the technology silently. We do not have the right to say no, right? Application developers or CSO must be staying alert of your PHP language application. The design weakness of the PHP looks possible transform himself become a culprit. And thus create trouble to your web application. Should you have interest to know more. Please refer to below url for reference.

CVE-2018-10548:

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

https://www.securityfocus.com/bid/104019

#76248 Malicious LDAP-Server Response causes Crash:

https://bugs.php.net/bug.php?id=76248

Microsoft Patch Tue transform to weekly routine security process. As far as I know, IT technical experts are busy for change management control schedule (time window) weekly. For the evaluation of each vulnerability most likely will be do a quick walk-through. As a  matter of fact, engage the patch updating exercise looks time consuming. IT Dept will be do the patch management out of office hour, earlier morning or Sunday morning. But think it over, our existing business world seems operate in 24 hours. Another new round of patch announcement will be held on coming Tue.  And therefore implement managed security services become a significant pathway.

Remark: We are all under demanding competitions environment!

CredSSP updates for CVE-2018-0886

My security focus for Microsoft Patch Tue this week will be observe the vulnerability of Credential Security Support Provider protocol. Regarding to my observation, vendor doing 3 times of security enhancement last 3 months. For details, please refer to diagram above.

The spectra and meltdown vulnerabilities found this year bring the people focus to CPU design architecture. As a matter of fact, memory management looks critical today because of APT attack. Heterogeneous systems that integrate a multicore CPU and a GPU on the same die are ubiquitous. On these systems, both the CPU and GPU share the same physical memory as opposed to using separate memory dies.

In order to avoid Credential Theft , what is the Secure practice?

1. Prevent network logon for local accounts
2. Prevent credentials from remaining in-memory when connecting remotely (out of IT operation control)
3. Prevent access to in-memory credentials (Control by application developers)
4. Leverage protected users and control privileged users

In short, please refer to Microsoft official announcement for reference.

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886

How I met your Java debugger is not a new hacking technique. It announced in 2014. Hacker is able to turn any open JDWP service into reliable remote code execution. But it can only execute in inside compartment (exploit inside). JDWP is one component of the global Java debugging system, called the Java Platform Debug Architecture. Hardware storage vendor (Netapp) found vulnerabiliy on their product. A design weakness of Java Platform Debug Architecture with their products cause local code execution vulnerability in OnCommand Unified Manager (Linux 7.2 and above). Vendor (Netapp) provides remediation, for more detail please refer below url for reference.

https://security.netapp.com/advisory/ntap-20180425-0001/