Known Actively Exploited Vulnerabilities Round-up (05.07.24-11.07.24)

This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.

This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.

 

CVE-2024-38080

Category: Numeric & Calculation Errors

 

Versions Affected:

  • Microsoft Windows 11 Version 23H2 for x64-based Systems prior to release 10.0.22631.3880
  • Microsoft Windows 11 Version 23H2 for ARM64-based Systems prior to release 10.0.22631.3880
  • Microsoft Windows 11 Version 22H2 for x64-based Systems prior to release 10.0.22621.3880
  • Microsoft Windows 11 Version 22H2 for ARM64-based Systems prior to release 10.0.22621.3880
  • Microsoft Windows 11 version 21H2 for ARM64-based Systems prior to release 10.0.22000.3079
  • Microsoft Windows 11 version 21H2 for x64-based Systems prior to release 10.0.22000.3079
  • Microsoft Windows Server 2022 (Server Core installation) prior to release 10.0.20348.2582
  • Microsoft Windows Server 2022 prior to release 10.0.20348.2582
  • Microsoft Windows Server 2022 23H2 Edition (Server Core installation) prior to release 10.0.25398.1009

 

 

Vulnerability Summary:

A vulnerability in Microsoft’s Hyper-V hypervisor allows for the unauthorised elevation of privileges from low-security to high-security context. Microsoft provided little additional information on the flaw in its release notes at the time of writing (2024-07-10).

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviours such as memory allocation, copying, concatenation, etc.

 

Official Fix & Remediation Guidance:

Customers are advised to upgrade to the latest version of Microsoft Windows via one of the following methods:

  • This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
  • To get the standalone package for this update, go to the Microsoft Update Catalog website.
  • You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

 

NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.

 

 

CVE-2024-38112

Category: User Interface (UI) Security Issues

 

Versions Affected:

  • Microsoft Windows 10 for 32-bit Systems prior to release 10.0.10240.20710
  • Microsoft Windows 10 for x64-based Systems prior to release 10.0.10240.20710
  • Microsoft Windows 10 Version 1607 for 32-bit Systems prior to release 10.0.14393.7159
  • Microsoft Windows 10 Version 1607 for x64-based Systems prior to release 10.0.14393.7159
  • Microsoft Windows 10 Version 1809 for 32-bit Systems prior to release 10.0.17763.6054
  • Microsoft Windows 10 Version 1809 for ARM64-based Systems prior to release 10.0.17763.6054
  • Microsoft Windows 10 Version 1809 for x64-based Systems prior to release 10.0.17763.6054
  • Microsoft Windows 10 Version 21H2 for 32-bit Systems prior to release 10.0.19044.4651
  • Microsoft Windows 10 Version 21H2 for ARM64-based Systems prior to release 10.0.19044.4651
  • Microsoft Windows 10 Version 21H2 for x64-based Systems prior to release 10.0.19044.4651
  • Microsoft Windows 10 Version 22H2 for 32-bit Systems prior to release 10.0.19045.4651
  • Microsoft Windows 10 Version 22H2 for ARM64-based Systems prior to release 10.0.19045.4651
  • Microsoft Windows 10 Version 22H2 for x64-based Systems prior to release 10.0.19045.4651
  • Microsoft Windows 11 version 21H2 for ARM64-based Systems prior to release 10.0.22000.3079
  • Microsoft Windows 11 version 21H2 for x64-based Systems prior to release 10.0.22000.3079
  • Microsoft Windows 11 Version 22H2 for ARM64-based Systems prior to release 10.0.22621.3880
  • Microsoft Windows 11 Version 22H2 for x64-based Systems prior to release 10.0.22621.3880
  • Microsoft Windows 11 Version 23H2 for ARM64-based Systems prior to release 10.0.22631.3880
  • Microsoft Windows 11 Version 23H2 for x64-based Systems prior to release 10.0.22631.3880
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 prior to release 6.0.6003.22769
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 prior to release 6.0.6003.22769
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) prior to release 6.0.6003.22769
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) prior to release 6.0.6003.22769
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 prior to release 6.0.6003.22769
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 prior to release 6.0.6003.22769
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) prior to release 6.0.6003.22769
  • Microsoft Windows Server 2012 R2 prior to release 6.3.9600.22074
  • Microsoft Windows Server 2012 R2 (Server Core installation) prior to release 6.3.9600.22074
  • Microsoft Windows Server 2016 prior to release 10.0.14393.7159
  • Microsoft Windows Server 2016 (Server Core installation) prior to release 10.0.14393.7159
  • Microsoft Windows Server 2019 prior to release 10.0.17763.6054
  • Microsoft Windows Server 2019 (Server Core installation) prior to release 10.0.17763.6054
  • Microsoft Windows Server 2022 prior to release 10.0.20348.2582
  • Microsoft Windows Server 2022 (Server Core installation) prior to release 10.0.20348.2582
  • Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) prior to release 10.0.25398.1009

 

 

Vulnerability Summary:

A vulnerability exists in the MSHTML (Trident) rendering engine, which is pivotal for rendering web content in Internet Explorer and other applications via embedded web browser controls. The primary flaw stems from inadequate sanitisation within the MSHTML library of URL links to malicious content originates from a trusted source.

By using special mhtml: and !x-usc: URI schemes within the URL configuration directive of a URL file, attackers are both (a) able to obfuscate the true origin of a URL and (b) make the vulnerability easier to exploit by causing it to be opened in the less secure (legacy) “Internet Explorer” browser, which is less protective against such spoofing vulnerabilities, rather than the user’s default browser. Even though IE has been proclaimed “retired and out-of-support,” technically speaking, IE is still part of the Windows OS.

Similar techniques have previously been used in exploits of vulnerability CVE-2021-40444.

 

Official Fix & Remediation Guidance:

Customers are advised to upgrade to the latest version of Microsoft Windows via one of the following methods:

  • This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
  • To get the standalone package for this update, go to the Microsoft Update Catalog website.
  • You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

 

NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.

 

 

CVE-2024-23692

Category: Template Injection

 

Versions Affected:

  • Rejetto HTTP File Server version 2.x up to and including version 2.3m

 

 

Vulnerability Summary:

The server is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. The template engine has its own custom expression language. Since an attacker can influence input into a template before it is processed, then the attacker can invoke arbitrary expressions, i.e. perform injection attacks.

The server accepts raw user input via the search parameter and then passes it unsanitised as part of the concatenated string for an {.exec|”+cmd+”.} statement. Although by default content provided is sanitised, it fails to account for encoded percent symbols. This allows an attacker to embed any symbol in the content being processed via a sequence such as %25x%25symbol-name%25.

 

Official Fix & Remediation Guidance:

As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. The vendor advises that “Version 2.3-2.4 is dangerous and should not be used anymore. A security vulnerability was found allowing an attacker to control your computer. There is currently no known official fix for version 2”.

It is recommended all users to update to HFS 3, or migrate to an alternative platform.

 

 

CVE-2024-3596 (a.k.a Blast-RADIUS)*

Category: Cryptographic Failure

 

Versions Affected:

BlastRADIUS is the result of a fundamental design flaw and is said to impact all standards-compliant RADIUS clients and servers. Anyone using MAC address authentication, or RADIUS for administrator logins to switches is vulnerable.

 

Vulnerability Summary:

The RADIUS protocol is commonly used over the insecure UDP transport protocol. Additionally, the security of RADIUS is reliant on a hash that’s derived using the MD5 algorithm, which has been deemed cryptographically broken as of December 2008 owing to the risk of collision attacks. The RADIUS protocol also allows certain Access-Request messages to have no integrity or authentication checks.

In combination, this means that the Access-Request packets can be subjected to what’s called a “chosen prefix” request forgery attack against MD5 Response Authenticator signature that makes it possible to modify the response packet such that it passes all of the integrity checks for the original response.

 

Official Fix & Remediation Guidance:

System administrators of networks using RADIUS should check with vendors for a patch against this vulnerability (patches implementing mitigations have been implemented by all RADIUS implementations that we are aware of), and follow best practices for RADIUS configuration.

NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.

 

*Although not yet highlighted by CISA this week, this critical exploit in RADIUS protocol also attracted significant attention after being widely exploited by attackers.

 


 

The two Microsoft vulnerabilities at the top of this article were featured in this month’s ‘Patch Tuesday‘. To keep up to date with future high-profile patches for critical exploits from vendors including Microsoft and Google, add the next Patch Tuesday to your calendar now – 13th August 2024.

 

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

About Appcheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses
URLs

Get in touch