About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.
VULNERABILITIES
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Identifier: CVE-2022-27518
Exploit or POC: Yes (Actively Being Exploited)
Update: https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
Description: CVE-2022-27518 allows an attacker to execute remote code arbitrarily and gain control of affected devices. Successful exploitation of this vulnerability does not require an attacker to be authenticated.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.
Windows SmartScreen Security Feature Bypass Vulnerability
Identifier: CVE-2022-44698
Exploit or POC: Yes (Actively Being Exploited)
Update: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-44698
Description: CVE-2022-44698 allows an attacker to exploit the bypass security feature. Successful exploitation requires user interaction. This vulnerability would allow an attacker to create a customized malicious file that would circumvent the Mark of the Web (MOTW) defenses, subsequently producing a limited loss of integrity and availability of security features.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.