150 Vulnerabilities and a Zero-Day Demand Immediate Patching

Windows DNS Server Remote Code Execution Vulnerability

The Windows DNS Server Remote Code Execution Vulnerability (CVE 2024-26224) is one of seven vulnerabilities released in this month's Patch Tuesday that address Windows DNS Server remote code execution vulnerabilities. Each of these is rated with a CVE score of 7.2/10. 

Windows DNS Server Remote Code Execution Vulnerabilities: 

• CVE-2024-26221

• CVE-2024-26222

• CVE-2024-26223

• CVE-2024-26224

• CVE-2024-26227

• CVE-2024-26231

• CVE-2024-26233

This exploit permits attackers with network access to the DNS server to execute arbitrary code or privileged commands. Such vulnerabilities raise concerns, especially for Windows Server environments, as they can pave the way for lateral movement attacks.

Lateral movement attacks, as exemplified by the threat posed in CVE 2024-26224, underscore the critical need for robust alerting and network monitoring protocols to safeguard against sophisticated intrusions. These malicious techniques involve threat actors gaining access to one segment of a network and maneuvering laterally to compromise additional systems or devices within the network infrastructure. 

By establishing comprehensive alerting and monitoring mechanisms and implementing vigilant network monitoring practices, organizations can proactively detect and thwart lateral movement attempts. Timely alerts generated by monitoring systems enable security teams to respond swiftly to potential threats, preventing further escalation and minimizing the impact of intrusions. 

To address the risks posed by CVE 2024-26224, immediate action is crucial. Applying the latest security updates from Microsoft is key to mitigating the possibility of exploitation. 

– Seth Hoyt, Senior Security Engineer

In the realm of macOS vulnerabilities, addressing memory safety issues seems to be the theme this month. Vulnerabilities, including CVE 2024-1580, are linked to image processing and allow for the potential for arbitrary code execution. The recent surge in media-related vulnerabilities targeting macOS shows a notable shift towards heightened emphasis and research into potential exploits. 

As more organizations incorporate Mac devices into their operational framework, the necessity to comprehend and mitigate vulnerabilities specific to macOS becomes increasingly important. This trend underscores the importance of delving into critical areas like media processing, memory safety, and network protocols to identify and rectify vulnerabilities effectively. 

As macOS continues to draw increased attention from malicious actors, the emphasis on leveraging memory-safe coding languages becomes imperative. By adopting languages that prioritize memory safety, developers can reduce the risk of vulnerabilities that could be exploited by attackers. 

– Tom Bowyer, Director IT Security, Automox

XZ/Liblzma Supply Chain Backdoor

With a CVE score of 10.0/10.0, CVE 2024-3094 certainly raised eyebrows earlier this month. CVE 2024-3094 uncovers a vulnerability within the XZ utilities, revealing the presence of a backdoor that compromises the integrity of the code. This backdoor, designed to manipulate the Makefile of liblzma, poses a threat to SSH servers, emphasizing the significance of thorough code review and vigilance in the open-source community.

The XZ vulnerability not only exposes the security risks associated with compromised packages like liblzma but also sheds light on a larger issue: open-source developer burnout as a significant attack vector.

Attackers social engineering the exhaustion and resource constraints of developers to gain trust, gain access, and introduce malicious code, as seen in the XZ vulnerability case, highlight the vulnerabilities embedded in the development process when burnout is left unaddressed. 

To address the implications of CVE 2024-3094, swift action is essential. Consider downgrading to versions of the XZ package unaffected by this vulnerability, such as those predating 5.6.0 and 5.6.1. By downgrading the XZ package, you can enhance defenses against potential backdoor exploits and safeguard your systems from unauthorized access.

Automox has taken proactive steps to help you address the XZ utils vulnerability by developing a specialized Worklet automation script aimed at mitigating the risks posed by CVE 2024-3094. 

This Worklet scans Linux endpoints for the affected xz/liblzma package, evaluates the system's vulnerability status, and initiates the necessary actions to downgrade the package to a secure version using the relevant package manager. The Worklet can also help you swiftly patch vulnerable systems, safeguard against arbitrary code execution, and reinforce the security of their infrastructure. 

While the XZ vulnerability was identified this time, next time, we may not be so lucky. It’s highly unlikely that this will be the last attack using this vector. Stay curious, stay safe, and stay vigilant. 

– Cody Dietz, Team Lead, Security Engineering