15 Mar 2024

Week in review


Another week is coming to a close, and what an eventful week it has been! Some of our team members travelled to Sydney to reconnect with our valued members and attended the iTnews 2024 Benchmark Awards. For over a decade, these awards have provided IT leaders and teams with an opportunity to gain recognition for their ambition, innovation, and the value they bring to government, industry, and the public. This year, the focus was on acknowledging both projects and the individuals behind Australia's best IT initiatives. AUSCERT is proud to support programs like these that highlight the hard work and important achievements of IT teams across our country!

To top off a great week, the women of AUSCERT also attended a High Tea organised by the Australian Women in Security Network (AWSN), to commemorate International Women’s Day (IWD). The High Tea featured influential guest speakers, Tea Dietterich, CEO of 2M Language Services, and Jackie French, Director for the Faculty of Creative Arts at TAFE Queensland, who both discussed the concerns and issues that women often face when trying to excel in their careers. They spoke about this year's IWD theme, “Count her in: Invest in Women, Accelerate Progress,” and how it encapsulates our collective mission towards a more inclusive, innovative, and secure future for all.

Women’s economic empowerment is essential if we hope to create a world where gender equality is not just a goal but a reality. When women are given equal opportunities to earn, learn, and lead, entire communities thrive. While progress has been made, women face significant obstacles to achieving equal participation in the economy. Without equal access to education, employment pathways, financial services, and literacy, how can we ever hope to reach gender equality? We must ensure that women are given equal opportunity to build capabilities and strengthen their capacity to learn, earn, and lead.

To conclude, we would like to highlight the importance of empowering women and all staff through further education and training. We have recently released a whole new set of training courses specifically designed to enhance and empower staff with the essentials of cybersecurity. Check out our full list of upcoming training sessions here!

Fortinet warns of critical RCE bug in endpoint management software
Date: 2024-03-13
Author: Bleeping Computer

[Please see AUSCERT bulletin: https://wordpress-admin.auscert.org.au/bulletins/ESB-2024.1576]
Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.
FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices.

Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities
Date: 2024-03-13
Author: Security Week

[AUSCERT has published security bulletins for these Intel updates]
Intel published eight new advisories, including two that describe high-severity vulnerabilities. One of the high-severity issues is a local privilege escalation impacting BIOS firmware for some Intel processors.
The second is a local privilege escalation that impacts the on-chip debug and test interface in some 4th Generation Intel Xeon processors when using SGX or TDX technology.

Adobe Patches Critical Flaws in Enterprise Products
Date: 2024-03-12
Author: Security Week

[AUSCERT has published security bulletins for these Adobe updates]
Software maker Adobe on Tuesday released a hefty batch of security updates to fix critical-severity vulnerabilities in multiple enterprise-facing products.
The Patch Tuesday rollout contains fixes for code execution flaws in the oft-targeted Adobe ColdFusion, Adobe Premiere Pro, Adobe Bridge and Adobe Lightroom.
The San Jose, Calif. company called urgent attention to a mega-update for its Adobe Experience Manager software, documenting at least 46 vulnerabilities that expose users to arbitrary code execution and security feature bypass.

Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server
Date: 2024-03-12
Author: Security Week

[AUSCERT has published security bulletins for these Microsoft updates]
Microsoft on Tuesday rolled out patches for at least 60 security vulnerabilities haunting the Windows ecosystem and warned there is exposure to remote code execution attacks.
The world’s largest software maker tagged two HyperV vulnerabilities — CVE-2024-21407 and CVE-2024-21408 with its highest critical-severity rating and urged users to prioritize these fixes to reduce exposure to code execution and denial-of-service attacks.
Microsoft also flagged a serious flaw in Open Management Infrastructure (OMI) for urgent attention, noting that the CVE-2024-21334 bug carries a CVSS severity score of 9.8 out of 10.

Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
Date: 2024-03-11
Author: Security Week

[See AUSCERT bulletin https://wordpress-admin.auscert.org.au/bulletins/ESB-2024.0849]
Roughly one month ago, Fortinet patched a critical FortiOS vulnerability and warned customers about potential exploitation. Many systems are impacted, but there still do not appear to be any signs of large-scale attacks.
The vulnerability, tracked as CVE-2024-21762, has been described as an out-of-bounds write issue in FortiOS and FortiProxy that can allow a remote, unauthenticated attacker to execute arbitrary code or commands through specially crafted HTTP requests.
When it disclosed the zero-day flaw on February 9, Fortinet said it was ‘potentially being exploited in the wild’. CISA added CVE-2024-21762 to its Known Exploited Vulnerabilities Catalog a few days later.

ASB-2024.0051 – ALERT Microsoft Windows: CVSS (Max): 8.8*

Microsoft released numerous updates this week as part of its monthly 'Patch Tuesday' release.

ESB-2024.1541 – Adobe Premiere Pro: CVSS (Max): 7.8

Adobe joined Microsoft in releasing updates for many of its products running on Windows, Linux and macOS.

ESB-2024.1565 – Intel Processors: CVSS (Max): 7.2

.. and Intel also joined Microsoft and Adobe with their regular release of fixes for vulnerabilities affecting their processors and associated hardware, firmware and software.

ESB-2024.1576 – FortiClientEMS: CVSS (Max): 9.3

FortiClientEMS remote unauthenticated vulnerability reported and patched this week and referred to in this week's articles.

ESB-2024.0849 – ALERT FortiOS: CVSS (Max): 9.6

Another Fortinet vulnerability patched this week and noted in this week's listed articles.

Stay safe, stay patched and have a good weekend!

The AUSCERT team