06/08/2023-06/14/2023 Critical FortiOS and FortiProxy Vulnerability, Spoofing Bug in Microsoft Visual Studio Installer, New Critical MOVEit Transfer SQL Injection Vulnerabilities And More

1. Critical FortiOS and FortiProxy Vulnerability Likely Exploited – Patch Now!

Fortinet has revealed a critical flaw, CVE-2023-27997, affecting FortiOS and FortiProxy, which may have been exploited in a limited number of attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability is a heap-based buffer overflow issue in FortiOS and FortiProxy SSL-VPN, allowing remote attackers to execute arbitrary code via crafted requests. The flaw was discovered by LEXFO security researchers and addressed by Fortinet on June 9, 2023, in various versions of their software. The discovery coincided with a code audit following the active exploitation of a similar flaw in December 2022. Fortinet did not attribute the recent exploitation to the Chinese state-sponsored actor known as Volt Typhoon, but they anticipate all threat actors, including Volt Typhoon, to continue exploiting unpatched vulnerabilities in widely used software and devices.

# 2. Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer
Security researchers have discovered a potentially dangerous flaw in the Microsoft Visual Studio installer that enables malicious actors to impersonate legitimate publishers and distribute harmful extensions. Exploiting this vulnerability, threat actors can compromise systems, steal sensitive data, modify code, or gain full control of a targeted system. The flaw, known as CVE-2023-28299, has a CVSS score of 5.5 and was addressed by Microsoft in their April 2023 Patch Tuesday updates. The bug allows spoofed publisher digital signatures by introducing newline characters to the “DisplayName” tag in the “extension.vsixmanifest” file. By bypassing the restriction on entering information in the “product name” extension property, the attacker can suppress warnings about the lack of a digital signature, tricking developers into installing the malicious extension. This could be achieved through phishing emails disguised as legitimate software updates, potentially granting unauthorized access and facilitating further network infiltration and data theft.

3. New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered – Patch Now!

Progress Software has released patches for SQL injection vulnerabilities in its MOVEit Transfer application that could be exploited to steal sensitive information. The vulnerabilities, affecting all versions of the service, allow unauthorized access to the MOVEit Transfer database. By submitting a crafted payload to an application endpoint, an attacker can modify and disclose database content. The flaws have been addressed in specific versions of MOVEit Transfer, including cloud instances. The cybersecurity firm Huntress discovered and reported the vulnerabilities during a code review. So far, there is no evidence of exploitation in the wild. However, the previously reported vulnerability (CVE-2023-34362) in MOVEit Transfer has been actively exploited by the Cl0p ransomware gang, leading to the publication of a proof-of-concept exploit by Horizon3.ai. The gang has been targeting managed file transfer platforms since December 2020 and has been experimenting with exploiting CVE-2023-34362 since July 2021.

4. Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra were credited with discovering and reporting the flaw. Win32k.sys is a kernel-mode driver and an integral part of the Windows architecture, being responsible for graphical device interface (GUI) and window management. While the exact specifics surrounding in-the-wild abuse of the flaw is presently not known, Numen Cyber has deconstructed the patch released by Microsoft to craft a proof-of-concept (PoC) exploit for Windows Server 2016. The Singapore-based cybersecurity company said the vulnerability relied on the leaked kernel handle address in the heap memory to ultimately obtain a read-write primitive. 

5. Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

VMware has released security updates to address three vulnerabilities in Aria Operations for Networks. The most critical flaw is a command injection vulnerability (CVE-2023-20887) that could allow remote code execution. Another deserialization vulnerability (CVE-2023-20888) and an information disclosure bug (CVE-2023-20889) have also been patched. These vulnerabilities could permit attackers with network access to achieve remote code execution or obtain sensitive data. The affected versions are 6.x of VMware Aria Operations for Networks, and the issues have been fixed in versions 6.2 to 6.10. Similarly, Cisco has addressed a critical privilege escalation flaw (CVE-2023-20105) in its Expressway Series and TelePresence Video Communication Server (VCS), allowing an attacker to elevate their privileges. Another high-severity vulnerability (CVE-2023-20192) permits command execution and system configuration modification. Cisco has provided workarounds and released updates for these vulnerabilities. While there is no evidence of exploitation, it is crucial to apply the patches promptly. Additionally, three security bugs have been discovered in RenderDoc, an open-source graphics debugger, which could allow for elevated privileges and arbitrary code execution.