The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks. CISA is giving federal agencies a deadline of April 5, 2022, to apply the available security updates …
Description Patch Deadline
SonicWall SonicOS Buffer Overflow Vulnerability 4/5/2022
Microsoft Windows UPnP Service Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability 4/5/2022
Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
Some of these vulns keep cropping up: Admins of SonicWall VPNs had to patch them again, even after a PoC was already in the wild. CISA’s catalog of Known Exploited Vulnerabilities now totals 504 flaws, all of which have been seen in use by attackers.
Unpatched or legacy VPN clients present a major attack vector for bad actors who can utilize these vulnerabilities to infiltrate the network, escalate their privilege and conduct lateral movement. Also, legacy VPNs have the problem of being static with point to point data flows where both the control header and the payload information follow the same predictable traffic pattern. This can make critical users, resources as well as sensitive data easy to detect as well as intercept for replay attacks or future analysis. With the growing involvement of Nation state threat actors, corporations and governments should embrace a true zero trust strategy that extends past the underlying infrastructure with managed attribution and additional security for sensitive communications.