5 March 2021

Vulnerability summary for the week: March 5, 2021

Vulnerability summary for the week: March 5, 2021

This week Microsoft issued emergency security updates for its Exchange Server enterprise email product to fix a total of four zero day vulnerabilities that have been actively exploited in real-world attacks.

The vulnerabilities in question are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. All of them are described as an input validation error issue and allow remote code execution using specially crafted data sent to the Exchange server.

The affected Exchange Server versions include Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019. Microsoft Exchange Online is not impacted.

Microsoft believes that the observed attacks are the work of a China-linked state-sponsored hacker group known as Hafnium focused on targeting entities in the United States with the goal of stealing information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Google is yet another vendor that addressed a zero-day bug this week. The company released Chrome 89.0.4389.72 version for Windows, Mac, and Linux with a number of improvements and fixes for multiple vulnerabilities, including a zero day flaw that has been observed being exploited in the wild.

The zero day flaw, tracked as CVE-2021-21166, is a remote code execution bug, which exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

In addition to CVE-2021-21166, Chrome 89.0.4389.72 contains fixes for a number of high risk vulnerabilities (CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21178, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21165, CVE-2020-27844) that could allow a remote attacker to execute arbitrary code on the system or gain access to sensitive information.

Google has also patched about three dozen vulnerabilities in its Android operating system, including numerous flaws (CVE-2021-0396, CVE-2021-0393, CVE-2021-0397, CVE-2017-14491, CVE-2020-11299, CVE-2020-11226, CVE-2020-11222, CVE-2020-11221, CVE-2020-11220, CVE-2020-11199, CVE-2020-11198) that allowed remote code execution.

A warning had been released this week concerning a dangerous vulnerability (CVE-2021-22681) affecting Rockwell Automation Logix controllers. The vulnerability exists due to the affected product uses a key to verify Logix controllers are communicating with the affected Rockwell Automation products. A remote attacker can bypass this verification mechanism and authenticate with Logix controllers. CVE-2021-22681 impacts the following series of the Rockwell Automation’s Logix controllers:

  • CompactLogix 1768

  • CompactLogix 1769

  • CompactLogix 5370

  • CompactLogix 5380

  • CompactLogix 5480

  • ControlLogix 5550

  • ControlLogix 5560

  • ControlLogix 5570

  • ControlLogix 5580

  • DriveLogix 5560

  • DriveLogix 5730

  • DriveLogix 1794-L34

  • Compact GuardLogix 5370

  • Compact GuardLogix 5380

  • GuardLogix 5570

  • GuardLogix 5580

  • SoftLogix 5800

While there are no known public exploits that specifically target this authentication bypass flaw, it should be noted that the vendor has yet to release patches to address the vulnerability.

FATEK FvDesigner, a software tool used to design and develop FATEK FV HMI series product projects, contains multiple vulnerabilities, four of which (CVE-2021-22662, CVE-2021-22670, CVE-2021-22666, CVE-2021-22683) are rated as high risk flaws because they could be used for remote takeover the vulnerable system. The issues affect FvDesigner v1.5.76. As in the above case, these bugs are still remain unpatched.

A number of high risk vulnerabilities had also been found in Epignosis eFront (not patched), Dell EMC OpenManage Server Administrator, ProSoft Technology ICX35, GLPI, VMware View Planner, and VMware Tanzu Application Service for VMs and Isolation Segment.

Back to the list

Latest Posts

Chinese hackers reportedly behind hundreds cyber attacks in Japan

Chinese hackers reportedly behind hundreds cyber attacks in Japan

The attacks targeted nearly 200 companies and organizations in Japan, including the country's space agency and defence firms.
20 April 2021
Lazarus APT has found a clever way to conceal its malicious code

Lazarus APT has found a clever way to conceal its malicious code

The hacker group is now using BMP images to drop its RAT.
20 April 2021
Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Hackers have used Bash Uploader to gain access to hundreds of networks belonging to the company’s customers.
20 April 2021