The second half of 2022 saw a surge in zero-day vulnerabilities, and with it many new threats. To help you stay informed and secure, we’ve compiled a list of the top vulnerabilities exploited “in the wild” during this period. Keep up to date with the latest threats and ensure you take the necessary steps to protect your business and data with Gcore.
Threat actors exploiting multiple CVEs against Zimbra Collaboration Suite
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files. By bypassing authentication, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. This is possible due to two zero-day vulnerabilities actors’ use in a chain: CVE-2022-37042 and CVE-2022-27925. The widespread exploitation of these vulnerabilities was reported on August 10, 2022, by researchers at Volexity.
Impact: Critical
How to fix:
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://wiki.zimbra.com/wiki/Security_Center
Microsoft Windows Support Diagnostic Tool (MSDT) remote code rxecution Vulnerability
CVE-2022-34713 is a zero-day vulnerability that is actively being exploited in the wild. Microsoft has scored this “variant of” DogWalk as an important vulnerability. According to researchers at Zero Day Initiative, this vulnerability can be exploited remotely via social engineering, as a threat actor would need to convince a user to click a link or open a document.
Microsoft has given this bug a low complexity value, meaning it can be exploited easily and does not require advanced system privileges to execute. Furthermore, this bug allows code execution when MSDT uses the URL protocol from a calling application, including Microsoft Word. Whether this vulnerability results from a failed patch or something new is still being researched.
Impact: Critical
How to fix: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34713
Zero-day vulnerability in Apex One
CVE-2022-40139 is a severe vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service. It allows a remote user to compromise the affected system. The vulnerability arises from improper input validation within the rollback functionality, allowing a remote authenticated user with access to the administrative console to force the agent into downloading unverified rollback components. This poses a severe security risk and is actively exploited in the wild.
Impact: High
How to fix:
- https://www.cybersecurity-help.cz/vdb/SB2022091318
- https://success.trendmicro.com/solution/000291528
Windows Network File System remote code execution vulnerability
CVE-2022-34715 is a vulnerability in Windows Network File System, rated between 8.5 to 9.8 in severity by Microsoft, and is considered critical by researchers. To exploit this vulnerability, a remote, unauthenticated attacker would need to make a specially crafted call to an affected NFS server, giving the attacker code execution at elevated privileges. It is critical for customers who use NFS to test and deploy the fix quickly.
Impact: Critical/High
How to fix:
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5016627
Windows Common Log File System Driver vulnerability
CVE-2022-37969 is a vulnerability that allows a local user to escalate privileges on the system. This vulnerability exists due to a boundary error within the Windows Common Log File System Driver. A local, unprivileged user can trigger memory corruption and execute arbitrary code with SYSTEM privileges by running a specially crafted program. It is important to note that this vulnerability is currently actively exploited in the wild.
Impact: High
How to fix: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969
Zero-day vulnerability in Microsoft Exchange Server
CVE-2022-41082 is a vulnerability that allows a remote user to execute arbitrary code on the target system due to insecure input validation when processing serialized data. A remote user with access to PowerShell Remoting on vulnerable Exchange systems can pass specially crafted data to the application and execute arbitrary code on the target system. If successfully exploited, this vulnerability may completely compromise the vulnerable system.
Impact: Critical
How to fix:
- https://www.cybersecurity-help.cz/vdb/SB2022093001
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41040 is a vulnerability in the Exchange OWA Autodiscover service that allows a remote user to perform SSRF (Server-Side Request Forgery) attacks. This vulnerability is caused by inadequate validation of user-supplied input, allowing a malicious user to send a specially-crafted HTTP request that tricks the application into initiating requests to arbitrary systems. This vulnerability could enable a remote attacker to execute arbitrary code on the target system if successfully exploited. It is important to note that this vulnerability is actively exploited in the wild.
Impact: Critical
How to fix:
- https://www.cybersecurity-help.cz/vdb/SB2022093001
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040
Stay secure with Gcore
To ensure your safety from zero-day vulnerabilities, Gcore Next-Generation WAF is the perfect solution. It will inform you of potential threats and secure your data. With it, you can rest assured that your information is safe and secure from malicious attacks, including zero-day exploits. NG-WAF offers the following features:
- SLA 99.99%
- Protection from 0-day attacks and OWASP Top 10
- Security Rules, Triggers, Scanner Configuration
- Dynamic AI and ML-powered analysis by Active Threat Verification
- Website, API, web application, and bot protection
- False positive rate is less than 0.01%
- Advanced logging with detailed threat info
Stay secure with Gcore!