The problem:<\/strong> The Cybersecurity and Infrastructure Security Agency (CISA) just added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog<\/a>. The first is a use-after-free vulnerability from 2012, tracked as CVE-2012-4792<\/a>, that affects Microsoft\u2019s Internet Explorer, a browser that\u2019s now rarely used.<\/p>\n\n\n\n According to the catalog listing, the vulnerability \u201callows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.\u201d<\/p>\n\n\n\n The second vulnerability is an information disclosure vulnerability within Twilio Authy\u2019s API. It\u2019s tracked as CVE-2024-39891<\/a> and allows an unauthenticated endpoint to accept requests with a phone number and respond with data about the phone number\u2019s registration status with Authy.<\/p>\n\n\n\n The fix:<\/strong> The CISA recommends disabling Internet Explorer since it\u2019s an end-of-life product.<\/p>\n\n\n\n Twilio recommends<\/a> that Authy users update their versions of the Android and iOS Authy apps to the most recent version, which has fixed the bug.<\/p>\n\n\n\n If your business needs a more consistent method of identifying vulnerabilities, consider a scanning product for your full IT infrastructure. Check out our list of the best vulnerability scanners<\/a> to see which one would be a good fit for your team.<\/strong><\/p>\n\n\n\n Type of vulnerability:<\/strong> Security bypass.<\/p>\n\n\n\n The problem:<\/strong> A Fortinet-discovered Windows vulnerability could allow a remote threat actor to bypass Microsoft Windows SmartScreen security warnings and deliver maliciously crafted files<\/a>. Threat actors like Lumma Stealer have actively exploited this vulnerability over the past year, according to Fortinet. Researchers have observed a campaign that uses the vulnerability to download malicious executables.<\/p>\n\n\n\n The vulnerability is tracked as CVE-2024-21412<\/a> and has an 8.1 CVSS score.<\/p>\n\n\n\n The fix:<\/strong> Mitigation strategies are more broad for this vulnerability \u2014 carefully scanning and verifying any sources before downloading files is at the top of the list. While I briefly mentioned this CVE in a February vulnerability recap<\/a>, as part of a Microsoft Patch Tuesday effort, it looks like it\u2019s still being exploited despite the patch, given the new Fortinet research.<\/p>\n\n\n\n Type of vulnerability:<\/strong> Authorization bypass.<\/p>\n\n\n\n The problem:<\/strong> Some versions of Docker Engine have a critical authorization vulnerability. Docker Engine has a standard all-or-nothing authorization method by default, according to the vendor\u2019s security notice<\/a>, but plugins like AuthZ are available to improve authorization security. However, attackers can bypass the plugin.<\/p>\n\n\n\n According to Docker, \u201cAn attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly if not set to deny by default.\u201d<\/p>\n\n\n\n This vulnerability was actually discovered in 2018 and fixed in 2019. However, the fix was excluded from Docker v19.03, a flaw that researchers recently discovered. Docker released patches for the vulnerability on July 23. It\u2019s tracked as CVE-2024-41110<\/a> and has a CVSS score of 10.<\/p>\n\n\n\n The fix:<\/strong> Docker provided the following table to show affected versions and the versions you should upgrade to if you currently have one that\u2019s vulnerable.<\/p>\n\n\n\n Type of vulnerability:<\/strong> Multiple, including assertion failure and CPU overload.<\/p>\n\n\n\n The problem:<\/strong> Documented by the CISA, the Internet Systems Consortium (ISC) has released security bulletins for four different vulnerabilities that affect ISC\u2019s Berkeley Internet Name Domain (BIND) 9. If exploited, the flaws could lead to a denial-of-service type of attack. All vulnerabilities have a CVSS score of 7.5.<\/p>\n\n\n\n The vulnerabilities are as follows:<\/p>\n\n\n\n The fix:<\/strong> Look at each vulnerability\u2019s notice to determine if your version of BIND is vulnerable and upgrade it to the recommended version if needed.<\/p>\n\n\n\n Type of vulnerability:<\/strong> Privilege escalation.<\/p>\n\n\n\n The problem:<\/strong> Researchers at Tenable discovered a vulnerability within the Cloud Functions and Cloud Build services in Google Cloud Platform. In these serverless compute and continuous integration and deployment services, a user who creates a new Cloud Function also triggers a backend process by default, Tenable said<\/a>.<\/p>\n\n\n\n \u201cThis process, among other things, attaches a default Cloud Build service account<\/a> to the Cloud Build instance that is created as part of the function\u2019s deployment,\u201d the security notice explained. \u201cThis process happens in the background and isn\u2019t something that ordinary users would be aware of.\u201d<\/p>\n\n\n\n The service account allows the user to have permissions that they shouldn\u2019t have by default. A threat actor could use this access to escalate their privileges to the default account, and in some cases, this could affect other cloud services like Cloud Storage and Container Registry.<\/p>\n\n\n\n After Tenable notified Google Cloud Platform, GCP performed some level of remediation for Cloud Build accounts that were created after mid-June 2024. However, Cloud Build service accounts created prior to the fix have the same privileges as before, so the vulnerability still exists in older instances.<\/p>\n\n\n\n The fix:<\/strong> Tenable recommends replacing each cloud function\u2019s Cloud Build service account with a least privilege service account.<\/p>\n\n\n\n Type of vulnerability:<\/strong> Deserialization flaw.<\/p>\n\n\n\n The problem:<\/strong> Progress Software has released a notice warning Telerik Support Server users of a deserialization vulnerability within certain versions of the software. When exploited, the vulnerability allows a threat actor to execute code remotely. Versions prior to 2024 Q2 (10.1.24.709) are affected.<\/p>\n\n\n\n The fix:<\/strong> Upgrade your instance of Telerik Support Server to 2024 Q2 (10.1.24.709)<\/a>; according to Progress, this is the only way to mitigate the issue.<\/p>\n\n\n\n Read next:<\/strong><\/p>\n\n\n\nFortinet Identifies Windows SmartScreen Security Bypass Issue<\/h3>\n\n\n\n
Docker Vulnerability First Originated in 2018<\/h3>\n\n\n\n
![\"Table](\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/07\/esp_20240729-vulnerability-recap-july-29-2024-figure_a.jpg\")
<\/a><\/figure>\n\n\n\nBIND Database Vulnerability Could Lead to DoS Attacks<\/h3>\n\n\n\n
\n
July 24, 2024<\/h2>\n\n\n\n
Tenable Uncovers Google Cloud Vulnerability<\/h3>\n\n\n\n
July 26, 2024<\/h2>\n\n\n\n
Telerik Support Servers Open to Remote Code Execution<\/h3>\n\n\n\n