Welcome to the TrustedSec Tech Brief where we go over the top news for the second week of September.

News:

Microsoft Patch Tuesday

CVE: CVE-2024-38014

Affected Product: Windows Installer

CVSS: 7.8 (Base score) / 7.2 (Temporal score)

POC: No

Exploited: Yes

Description: An elevation of privilege vulnerability in Windows Installer, classified as important severity.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-38014

CVE: CVE-2024-38217

Affected Product: Windows Mark of the Web

CVSS: 5.4 (Base score) / 5.0 (Temporal score)

POC: Yes

Exploited: Yes

Description: A security feature bypass vulnerability in Windows Mark of the Web, classified as important severity.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-38217

CVE: CVE-2024-38226

Affected Product: Microsoft Publisher

CVSS: 6.8

POC: No

Exploited: Yes

Description: A security feature bypass vulnerability in Microsoft Publisher. No further details provided in the document.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-38226

CVE: CVE-2024-43491

Affected Product: Microsoft Windows Update

CVSS: 9.8 (Base score) / 9.1 (Temporal score)

POC: No

Exploited: Yes

Description: A remote code execution vulnerability in Microsoft Windows Update, classified as critical severity. It is associated with a use-after-free weakness. It only affects Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-43491

8 other critical rated updates for the month:

CVE-2024-38018 - Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38119 - Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

CVE-2024-38175 - Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability

CVE-2024-38194 - Azure Web Apps Elevation of Privilege Vulnerability

CVE-2024-38216 - Azure Stack Hub Elevation of Privilege Vulnerability

CVE-2024-38220 - Azure Stack Hub Elevation of Privilege Vulnerability

CVE-2024-43464 - Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-43477 - Microsoft Entra ID Elevation of Privilege Vulnerability

SonicWall Vulnerability Possibly Exploited in Ransomware Attacks

https://www.securityweek.com/critical-sonicwall-vulnerability-possibly-exploited-in-ransomware-attacks/

https://www.cve.org/CVERecord?id=CVE-2024-40766

Vulnerabilities:

CVE: CVE-2024-29847

Affected Product: Ivanti Endpoint Manager (EPM) versions 2024 and 2022 SU5 and earlier

CVSS: 10.0

POC: No

Exploited: No

Description: A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-29847

CVE: CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, CVE-2024-34785

Affected Product: Ivanti Endpoint Manager (EPM) versions 2024 and 2022 SU5 and earlier

CVSS: 9.1

POC: No

Exploited: No

Description: Multiple unspecified SQL injection vulnerabilities that allow a remote authenticated attacker with admin privileges to achieve code execution.

Links:

https://nvd.nist.gov/vuln/detail/CVE-2024-32840

https://nvd.nist.gov/vuln/detail/CVE-2024-32842

https://nvd.nist.gov/vuln/detail/CVE-2024-32843

https://nvd.nist.gov/vuln/detail/CVE-2024-32845

https://nvd.nist.gov/vuln/detail/CVE-2024-32846

https://nvd.nist.gov/vuln/detail/CVE-2024-32848

https://nvd.nist.gov/vuln/detail/CVE-2024-34779

https://nvd.nist.gov/vuln/detail/CVE-2024-34783

https://nvd.nist.gov/vuln/detail/CVE-2024-34785

Note: As with previous responses, these links are placeholders and may not be active for these future CVEs. In a real-world scenario, you would need to verify and update these links with the actual NVD entries when they become available.

CVE: CVE-2024-41869

Affected Product: Adobe Acrobat Reader and Adobe Acrobat

CVSS: 7.8

POC: Yes

Exploited: Yes (in-the-wild proof-of-concept exploit)

Description: A critical "use after free" vulnerability that could lead to remote code execution when opening a specially crafted PDF document. The flaw allows a program to access data in a memory location that has already been freed or released, potentially enabling execution of malicious code if an attacker can store code in that memory location.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-41869

CVE: CVE-2024-7591

Affected Product: Progress LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor

CVSS: 10.0

POC: No

Exploited: No

Description: An improper input validation vulnerability allowing unauthenticated, remote attackers to access LoadMaster's management interface using a specially crafted HTTP request and execute arbitrary system commands on vulnerable endpoints.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-7591

CVE: CVE-2024-37288

Affected Product: Kibana version 8.15.0

CVSS: 9.9

POC: No

Exploited: No

Description: A deserialization flaw in the Amazon Bedrock Connector of Kibana that can lead to arbitrary code execution when parsing a YAML document containing a crafted payload.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-37288

CVE: CVE-2024-37285

Affected Product: Kibana versions 8.10.0 to 8.15.0

CVSS: 9.1

POC: No

Exploited: No

Description: A YAML deserialization vulnerability that can lead to arbitrary code execution, requiring specific Elasticsearch indices privileges and Kibana privileges for exploitation.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-37285