09/04/2024-09/11/2024 Ivanti Releases Urgent Security Updates, Progress LoadMaster Vulnerable, Critical Vulnerability In The LiteSpeed And More.

1. Microsoft September 2024 Patch Tuesday Fixes 4 zero-days, 79 Flaws

Microsoft’s September 2024 Patch Tuesday includes security updates for 79 vulnerabilities, including four actively exploited zero-days and one publicly disclosed. Seven critical vulnerabilities were fixed, mainly involving remote code execution or elevation of privilege.

The flaws break down as follows:

• 30 Elevation of Privilege;
• 4 Security Feature Bypass;
• 23 Remote Code Execution;
• 11 Information Disclosure;
• 8 Denial of Service;
• 3 Spoofing.

The four actively exploited zero-days are:

• CVE-2024-38014 (Windows Installer Privilege Elevation);
• CVE-2024-38217 (Mark of the Web Bypass);
• CVE-2024-38226 (Microsoft Publisher Bypass);
• CVE-2024-43491 (Windows Update Remote Code Execution).

2. Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released updates for Endpoint Manager (EPM) to fix multiple security flaws, including 10 critical vulnerabilities that could enable remote code execution.

• CVE-2024-29847 (CVSS 10.0) is a deserialization vulnerability allowing remote code execution by unauthenticated attackers.
• Nine vulnerabilities (CVSS 9.1) involve SQL injection flaws, allowing remote code execution by authenticated admin users.

The issues impact EPM versions 2024 and 2022 SU5 and earlier. Fixes are available in versions 2024 SU1 and 2022 SU6. While no active exploitation has been reported, users should update promptly. Ivanti also patched high-severity flaws in Workspace Control and Cloud Service Appliance. Zyxel also fixed a critical OS command injection vulnerability in its NAS devices (CVE-2024-6342).

3. Progress LoadMaster Vulnerable to 10/10 Severity RCE Flaw

Progress Software released an emergency fix for a critical vulnerability (CVE-2024-7591) in its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. The flaw, with a severity score of 10/10, allows unauthenticated attackers to remotely execute commands via a crafted HTTP request, exploiting improper input validation on the management interface. The vulnerability affects LoadMaster version 7.2.60.0 and earlier, and MT Hypervisor version 7.1.35.11 and prior releases. Progress issued an add-on patch to mitigate the flaw, except for the free LoadMaster version, which remains vulnerable.

Although no active exploitation has been reported, users are urged to install the patch and follow recommended security measures.

4. GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Threat actors use typosquatting to trick users into visiting malicious sites or downloading harmful software by registering names similar to legitimate ones (e. g., goog1e.com vs. google.com). This technique is also used to target developers through platforms like PyPI, npm, and GitHub Actions. Researchers from Orca found that GitHub Actions, a CI/CD platform, is vulnerable if developers accidentally mistype action names. Malicious actors can create GitHub repositories with misspelled names, leading to the execution of harmful code. A search revealed 198 files with such errors. Users are advised to verify GitHub Actions names carefully, stick to trusted sources, and regularly check for typosquatting risks.

5. LiteSpeed Cache Plugin For WordPress Has a Critical Security Vulnerability

Security researchers have found a critical vulnerability (CVE-2024-44000) in the LiteSpeed Cache plugin for WordPress, allowing unauthenticated attackers to take over websites. The flaw, with a severity score of 7.5, enables attackers to access any logged-in user, including admin accounts. The bug affects version 6.4.1 and earlier, exposing the debug.log file, which contains sensitive information like login credentials and cookies. Although the debug feature is disabled by default, users are urged to update to version 6.5.0.1. LiteSpeed Cache, designed to improve website performance by caching static content, is a popular optimization plugin for WordPress.