This week's threats include a Zoom vulnerability that can lead to remote code execution, a flaw in the Apache Commons Text Library, a critical threat affecting Windows CLFS, and several serious threats affecting Linux Wi-Fi Kernal Driver Stacks. We also update you on Zimbra’s previous vulnerabilities (not a good update) and discuss the importance of software inventory management for staying safe from threats.
Zoom Patches High-Severity Flaw in macOS Client (00:45)
Recent versions of Zoom have a new vulnerability that enables a debugging capability that can be abused by attackers to achieve remote code execution.
Mitigation: You might typically ignore patches for Zoom, but in this case you’ll want to implement it ASAP. Get into Zoom now to force the patch so you don’t have to worry about it the next time you have to use their service.
CVEs: CVE-2022-28762
Critical Apache Commons Text Flaw Compared to Log4Shell, But Not as Widespread (03:12)
The Apache Commons Text Library has a flaw that can allow attackers to perform remote code execution. You may not be familiar with this library, but there is a good chance that other apps that you rely on use it.
Mitigation: SBOM is a helpful software inventory tool that can show you what libraries you use in general. If you have this library, there is a patch that you’ll want to apply to the appropriate location as quickly as possible.
CVEs: CVE-2022-42889
Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 – Part 1: Root Cause Analysis (06:25)
Windows CLFS (Common Log File System Driver) is a core component with a zero-day vulnerability that can grant attackers privilege escalation. If an attacker has user level access to a Windows server or endpoint, this vulnerability can be used to achieve root access, most likely undetected.
Mitigation: There is a patch that you will want to immediately implement. Educating your user base to be privy to threats like this can be hugely beneficial as well.
CVEs: CVE-2022-37969, CVE-2022-24521
Almost 900 servers hacked using Zimbra zero-day flaw (08:45)
The Zimbra vulnerability we discussed last week has been picked up by a number of threat groups and has affected approximately 900 servers so far. This number will likely continue to grow in the coming days.
Mitigation: There have been fixes, but the effectiveness of the vulnerability makes bad actors likely to keep using it.
CVEs: CVE-2022-41352
Linux Fixes 5 Gaping Holes in Wi-Fi (11:27)
Linux Wi-Fi Kernal Driver Stack has 5 vulnerabilities that were recently discovered.
Mitigation: There are already patches out that you’ll want to implement. With this kind of threat, it can be incredibly helpful to have a mechanism in place to push a patch out across remote offices.
CVEs: CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
