5 March 2021

Vulnerability summary for the week: March 5, 2021


Vulnerability summary for the week: March 5, 2021

This week Microsoft issued emergency security updates for its Exchange Server enterprise email product to fix a total of four zero day vulnerabilities that have been actively exploited in real-world attacks.

The vulnerabilities in question are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. All of them are described as an input validation error issue and allow remote code execution using specially crafted data sent to the Exchange server.

The affected Exchange Server versions include Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019. Microsoft Exchange Online is not impacted.

Microsoft believes that the observed attacks are the work of a China-linked state-sponsored hacker group known as Hafnium focused on targeting entities in the United States with the goal of stealing information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Google is yet another vendor that addressed a zero-day bug this week. The company released Chrome 89.0.4389.72 version for Windows, Mac, and Linux with a number of improvements and fixes for multiple vulnerabilities, including a zero day flaw that has been observed being exploited in the wild.

The zero day flaw, tracked as CVE-2021-21166, is a remote code execution bug, which exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

In addition to CVE-2021-21166, Chrome 89.0.4389.72 contains fixes for a number of high risk vulnerabilities (CVE-2021-21174, CVE-2021-21175, CVE-2021-21176, CVE-2021-21178, CVE-2021-21159, CVE-2021-21160, CVE-2021-21161, CVE-2021-21162, CVE-2021-21165, CVE-2020-27844) that could allow a remote attacker to execute arbitrary code on the system or gain access to sensitive information.

Google has also patched about three dozen vulnerabilities in its Android operating system, including numerous flaws (CVE-2021-0396, CVE-2021-0393, CVE-2021-0397, CVE-2017-14491, CVE-2020-11299, CVE-2020-11226, CVE-2020-11222, CVE-2020-11221, CVE-2020-11220, CVE-2020-11199, CVE-2020-11198) that allowed remote code execution.

A warning had been released this week concerning a dangerous vulnerability (CVE-2021-22681) affecting Rockwell Automation Logix controllers. The vulnerability exists due to the affected product uses a key to verify Logix controllers are communicating with the affected Rockwell Automation products. A remote attacker can bypass this verification mechanism and authenticate with Logix controllers. CVE-2021-22681 impacts the following series of the Rockwell Automation’s Logix controllers:

  • CompactLogix 1768

  • CompactLogix 1769

  • CompactLogix 5370

  • CompactLogix 5380

  • CompactLogix 5480

  • ControlLogix 5550

  • ControlLogix 5560

  • ControlLogix 5570

  • ControlLogix 5580

  • DriveLogix 5560

  • DriveLogix 5730

  • DriveLogix 1794-L34

  • Compact GuardLogix 5370

  • Compact GuardLogix 5380

  • GuardLogix 5570

  • GuardLogix 5580

  • SoftLogix 5800

While there are no known public exploits that specifically target this authentication bypass flaw, it should be noted that the vendor has yet to release patches to address the vulnerability.

FATEK FvDesigner, a software tool used to design and develop FATEK FV HMI series product projects, contains multiple vulnerabilities, four of which (CVE-2021-22662, CVE-2021-22670, CVE-2021-22666, CVE-2021-22683) are rated as high risk flaws because they could be used for remote takeover the vulnerable system. The issues affect FvDesigner v1.5.76. As in the above case, these bugs are still remain unpatched.

A number of high risk vulnerabilities had also been found in Epignosis eFront (not patched), Dell EMC OpenManage Server Administrator, ProSoft Technology ICX35, GLPI, VMware View Planner, and VMware Tanzu Application Service for VMs and Isolation Segment.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024