Security Wrap-Up (March 30th, 2021)

  • 30 March 2021
  • 0 replies

Userlevel 6

Welcome back to the last Security Wrap-Up of March! Some interesting pieces of news to share, so let’s take a look -

Another critical RCE flaw discovered in SolarWinds Orion platform

On Thursday, SolarWinds released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, including two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Most notable is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the test alert actions features available in the Orion Web Console. The second issue concerns a high-risk vulnerability that could be leveraged by an adversary to achieve RCE in the Orion Job Scheduler. The update also handles two additional bugs, including a high-severity stored cross-site scripting (XSS) vulnerability in the “add custom tab” within customize view page and a reverse tabnabbing and open redirect vulnerability in the custom menu item options page, both of which require an Orion admin account for successful exploitation.

Patched Linux bugs nix Spectre mitigations

Two Linux bugs patched this month could allow hackers to sidestep mitigations for the infamous Spectre vulnerability. ICYMI, Spectre is a flaw in speculative execution in Intel, ARM, and AMD processors that first came to light in 2018. Patches for CVEs 2020-27170 and 2020-27171 were published on March 17th and versions of Linux available on March 20th contain the patch. “The most likely scenario where these vulnerabilities could be exploited is in a situation where multiple users have access to a single affected computer - as could be the case in workplace situations,” wrote Symantec.

OpenSSL releases patches for two high-severity security vulnerabilities

Tracked as CVE-2021-3449 and CVE-2021-3450, both vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. According to an advisory published by OpenSSL, CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious “ClientHello” message during the handshake between the server and a user. Alternatively, CVE-2021-3450 relates to an X508_V_FLAG_X509_STRICT flag that enables additional security checks of certificates present in a certificate chain. While this flag is not set by default, an error in implementation meant that OpenSSL failed to check that “non-CA certificates must not be able to issue other certificates,” resulting in a certificate bypass.

Microsoft offers up to $30k for Teams bugs

A new bug-bounty program created by Microsoft offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most potential to expose Teams user data. Researchers can claim five scenario-based awards under the new Apps Bounty Program, ranging from $6,000 to $30,000, with the highest payouts available for “vulnerabilities that have the highest potential impact on customer privacy and security,” said Microsoft.

Have any additional news to share? Add it down below!

0 replies

Be the first to reply!