Last week saw the addition of 39 known exploited cybersecurity vulnerabilities to the CISA catalogue, bringing the total added in June so far to 40. The Cybersecurity and Infrastructure Security Agency (CISA), a branch of the US government, released an alert on Wednesday, to make people aware of the threats posed by these vulnerabilities, which they described as a “significant risk”. Big names such as Google, Adobe and Microsoft are amongst the products and software identified as having actively exploited vulnerabilities in this list.
Chrome should update automatically, but you can check which version you are running by using the burger menu to enter the settings, then go to ‘About Chrome’. This will display your current Chrome version, and usually this will prompt the download of any available updates. Chrome needs to restart after updating so be sure not to do this when you have any open tabs you do not want to lose. At the time of publishing the current Chrome version is 102.0.5005.115, update to this version to ensure you have received patches to all the above vulnerabilities.
It was also found that there were 4 actively exploited vulnerabilities in Adobe Flash Player, which is an end-of-life product, and is no longer supported. Updates are therefore not available, and the best advice is to disconnect all end-of-life software that is still in use. However, an unspecified vulnerability CVE-2009-1862, and a memory corruption vulnerability CVE-2010-1297 were found to affect both Adobe Reader and Acrobat, and Adobe Flash Player. Both of these vulnerabilities allow attackers to either create a denial-of-service attack or execute arbitrary code, through the use of .pdf and .swf files.
The majority of the actively exploited Microsoft vulnerabilities occur in Microsoft Office, with 5 newly considered vulnerabilities being added to this list this week. Three of these are buffer-overflow vulnerabilities allowing remote code execution, tracked as CVE-2009-0563, which utilises an invalid field length crafted tag, CVE-2013-1331, which includes a PNG made by the attacker in the document to execute this code, and CVE-2010-2572, which is a vulnerability specific to Microsoft PowerPoint. An object record corruption vulnerability tagged as CVE-2009-0557 was found to affect Office files by allowing attackers to run code through a crafted Excel file containing a malformed object. This is similar to the buffer overflow vulnerability CVE-2006-2492, which utilises a malformed object pointer in Microsoft Word and Microsoft Works Suites to execute arbitrary code.
Other Microsoft vulnerabilities were also identified as being actively exploited, such as the remote code execution vulnerability CVE-2012-0151, in which the Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not validate the digest signature of a portable executable file, allowing attackers to modify the file with additional content in order to execute code. Microsoft XML Core Services has a memory corruption vulnerability tracked as CVE-2012-1889 that can also allow for remote code execution by attackers, as well as an opportunity for a denial-of-service attack through a malicious website. Microsoft Internet Explorer vulnerability CVE-2012-4969 also requires attackers to use a crafted website, in this case for a use-after-free attack through which they can execute arbitrary code.
Other notable vulnerabilities include CVE-2022-31460, a Meeting Owl Pro hard-coded credentials vulnerability that allows hackers to activate tethering mode to connect to and infiltrate the connected network, and CVE-2022-26134, an Atlassian Confluence Server vulnerability that allowed remote code execution to be performed by an unauthenticated attacker. Cisco RV Series Routers, multiple NETGEAR devices, QNAP Photo Station, and SAP NetWeaver are also identified as software and products affected by known exploited vulnerabilities.
In order to reduce the likelihood of suffering from one of these cyber-attacks, patches and updates should be installed as soon as possible after their release. The publishing of all the vulnerabilities on this catalogue can help to organise and prioritise the updates of software with known vulnerabilities that are being commonly exploited to ensure the greatest protection from attack.