Jump to content
  • CISA orders agencies to patch vulnerability used in Stuxnet attacks

    alf9872000

    • 275 views
    • 2 minutes
     Share


    • 275 views
    • 2 minutes

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor’s instructions to fix them.

     

    Of the six security flaws, only one was disclosed this year. It impacts Trend Micro’s Apex One platform for automated threat detection and response.

    Ancient bugs resurrected

    CISA is giving federal agencies until October 6th to patch security vulnerabilities that have been reported between 2010 and 2022.

     

    Exploiting most of them gives an attacker admin-level permissions (local privilege escalation - LPE) on the system while for two the result is remote code execution (RCE).

     

    Most of the vulnerabilities that CISA added to its KEV catalog were disclosed in 2013 and were used to root Android devices back in the day, through the Tizi malware.

    • CVE-2013-6282 (LPE) -Linux kernel improper input validation that allows read/write to memory, used for rooting Android devices [VROOT]
    • CVE-2013-2597 (LPE) - stack-based buffer overflow in Code Aurora audio driver
    • CVE-2013-2596 (LPE) - Linux kernel integer overflow
    • CVE-2013-2094 (LPE) - Linux kernel privilege escalation

     

    The oldest bug that CISA ordered federal agencies to patch is from 2010 and was used to spread the Stuxnet worm that damaged the centrifuges at the Natanz uranium enrichment plant to slow the country’s advancements towards developing nuclear weapons.

    • CVE-2010-2568 (RCE) - Microsoft Windows parsing shortcuts incorrectly, allowing code execution when displaying an icon of a malicious shortcut file

     

    The security issue affecting Trend Micro Apex One and Apex One as a Service is the most recent one. It was disclosed earlier this month (CVE-2022-40139) and threat actors have exploited it for at least one attack.

     

    As per the binding operational directive 22-01 from November 2021, all Federal Civilian Executive Branch Agencies have to patch the security vulnerabilities CISA adds to its KEV catalog for a more secure environment.

     

    While the directive is for organizations in the U.S., companies and corporations around the world can use CISA’s catalog to improve the security of their networks.

     

    Source: Bleeping Computer

    https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-vulnerability-used-in-stuxnet-attacks/


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...