10/02/2024-10/09/2024 Microsoft Issues Security Update Fixing 118 Flaws,Three More CSA Zero-Days Exploited, Critical Apache Avro SDK Flaw And More.

1. Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has issued security updates addressing 118 vulnerabilities, two of which are actively exploited. The updates include fixes for three Critical, 113 Important, and two Moderate flaws, excluding 25 additional vulnerabilities in Edge. Five vulnerabilities were publicly known at release, with two under active exploitation as zero-days: CVE-2024-43572 (Remote Code Execution) and CVE-2024-43573 (Spoofing). Both are listed in CISA’s Known Exploited Vulnerabilities catalog, requiring fixes by October 29, 2024. The most severe flaw (CVE-2024-43468, CVSS score: 9.8) affects Microsoft Configuration Manager and could allow unauthenticated attackers to execute arbitrary commands. Other critical flaws involve Visual Studio Code (CVE-2024-43488) and Remote Desktop Protocol (CVE-2024-43582). Attack complexity for the latter is high, requiring a race condition to access memory improperly.

2. Ivanti Warns Of Three More CSA Zero-Days Exploited in Attacks

Ivanti has released security updates to patch three new Cloud Services Appliance (CSA) zero-day vulnerabilities actively exploited in attacks. These flaws, when chained with another zero-day (CVE-2024-8963) patched in September, allow attackers to perform SQL injection, execute arbitrary code, and bypass security restrictions on vulnerable CSA gateways. The vulnerabilities affect CSA versions 5.0.1 and earlier. Ivanti recommends users upgrade to version 5.0.2 and rebuild compromised systems. For detection, admins should review endpoint detection and response (EDR) alerts or check for new or modified admin users. While CSA 4.6 is end-of-life, Ivanti emphasized no exploitation has been seen in CSA 5.0. Ivanti is enhancing security practices, having signed the CISA Secure by Design pledge, and continues to improve its disclosure process for faster issue resolution.

3. Critical Apache Avro SDK Flaw Impacts Java Applications 

A critical vulnerability in the Apache Avro Java SDK, tracked as CVE-2024-47561, can allow arbitrary code execution on affected instances. This flaw impacts all versions of the software prior to 1.11.4. Apache Avro, a data serialization framework used in big data and distributed systems, is part of the Apache Hadoop project. The issue stems from the Java SDK’s schema parsing, which could be exploited by malicious actors. Users are advised to upgrade to versions 1.11.4 or 1.12.0, which address the vulnerability. Applications allowing user-provided Avro schemas for parsing are at risk. For those unable to update, mitigations include avoiding user-provided schema parsing or sanitizing schemas before processing.

4. WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A high-severity vulnerability (CVE-2024-47374, CVSS score: 7.2) has been identified in the LiteSpeed Cache plugin for WordPress, affecting versions up to 6.5.0.2. This stored cross-site scripting (XSS) flaw allows malicious actors to inject JavaScript, potentially leading to privilege escalation or sensitive data theft. The issue was resolved in version 6.5.1 on September 25, 2024, following responsible disclosure by researcher TaiYou from Patchstack Alliance. The vulnerability arises from improper parsing of the “X-LSCACHE-VARY-VALUE” HTTP header. The exploit requires the plugin’s “CSS Combine” and “Generate UCSS” options to be enabled. Stored XSS attacks are dangerous as they can execute malicious scripts whenever a site visitor accesses the affected page.This vulnerability is particularly concerning due to LiteSpeed Cache’s large user base, with over six million installations.

5. CISA Warns of Exploited Ivanti Flaw: Urgent Patch Needed

CISA warns of active exploitation of a critical vulnerability (CVE-2024-29824) in Ivanti Endpoint Manager, urging organizations to apply the May 2024 patch immediately. This flaw, which allows unauthorized access, could lead to data theft, ransomware, and other attacks. CISA has added the bug to its Known Exploited Vulnerabilities Catalog, citing evidence of ongoing exploitation. Ivanti confirmed that a limited number of customers have already been targeted. Government agencies must patch systems by October 23, 2024, and all organizations are advised to prioritize this fix. This follows a series of attacks exploiting multiple Ivanti security flaws, including zero-day vulnerabilities. Ivanti is working to improve its security processes to address threats faster. With over 40,000 companies using Ivanti’s tools, the widespread impact underscores the urgency of addressing this issue swiftly.