*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention. Vulnerabilities are indexed in order according to evidence of active exploitation and level of severity.
VULNERABILITIES
.NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
Identifier: CVE-2024-0057
Exploit or POC: No
Update Guide: CVE-2024-0057 – Security Update Guide
Description: CVE-2024-0057 allows for security feature bypassing. Authentication and user interaction are not required for successful exploitation. This vulnerability could allow an adversary to create specially crafted X.509 certificates to trigger a chain building failure. The vulnerable component is present when the Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-0057 – Security Update Guide.
Windows Kerberos Security Feature Bypass Vulnerability
Identifier: CVE-2024-20674
Exploit or POC: No
Update Guide: CVE-2024-20674 – Security Update Guide
Description: CVE-2024-20674 allows for security feature bypassing. Authentication and user interaction are not required for successful exploitation. Successful exploitation of this vulnerability can be achieved via machine-in-the-middle (MITM) attack or other local network spoofing technique, followed by a malicious Kerberos message sent to the client victim machine to spoof itself as the Kerberos authentication server.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-20674 – Security Update Guide.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Identifier: CVE-2024-21318
Exploit or POC: No
Update Guide: CVE-2024-21318 – Security Update Guide
Description: CVE-2024-21318 allows for remote code execution. Authentication is required for successful exploitation. This vulnerability does not require user interaction. Successful exploitation of this vulnerability could allow an adversary with Site Owner permissions to write arbitrary code to inject and execute code remotely on the SharePoint Server.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21318 – Security Update Guide.
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Identifier: CVE-2024-0056
Exploit or POC: No
Update Guide: CVE-2023-0056 – Security Update Guide
Description: CVE-2024-0056 allows for security feature bypassing. User interaction is not required to successfully exploit this vulnerability. Successful exploitation allows an adversary to carry out a machine-in-the-middle (MITM) attack and could decrypt, read, or modify TLS traffic between the client and server.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-0056 – Security Update Guide.
Microsoft ODBC Driver Remote Code Execution Vulnerability
Identifier: CVE-2024-20654
Exploit or POC: No
Update Guide: CVE-2024-20654 – Security Update Guide
Description: CVE-2024-20654 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. Successful exploitation could allow an adversary to employ social engineering techniques to convince a user to connect to a malicious SQL server via ODBC, thereby resulting in the client receiving a malicious networking packet. This could allow the adversary to execute code remotely on the client.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-20654 – Security Update Guide.
Azure Storage Mover Remote Code Execution Vulnerability
Identifier: CVE-2024-20676
Exploit or POC: No
Update Guide: CVE-2024-20676 – Security Update Guide
Description: CVE-2024-20676 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. Successful exploitation could allow an adversary to gain access to the installed agent and perform execution of remote code.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-20676 – Security Update Guide.
