Cybersecurity awareness tips for financial institution employees
Hello All, As you know cybersecurity awareness training is very important, and it's an important item in all cybersecurity frameworks, so I would like to share with you the below…
#Microsoft Vulnerabilites&Cumulative Updates-October2023-Tusday Patches
Hello Everyone . This is October - Tuesday Microsoft Security updates:*** in this artical I'm focuse on pathcing for Microsoft Windows Server 2016 and Exchange on prime 2016...***This update supports daylight…
#Microsoft Vulnerabilites&Cumulative Updates-June-Tusday Patches
This Report perpared by : Hazem Mohamed- IT SysAdmins Egypt Blog Founder
This is June – Tuesday Microsoft Security updates:
Microsoft announcement regarding Windows clients: Starting in April 2023, optional, non-security preview updates will release on the fourth Tuesday of the month.
*****Note: till now there no anyone reports any issues or bugs after installing this month’s patches.
I have gathered the information about June security updates :
| CVEs |
| Microsoft’s June 2023 Tuesday Updates, Microsoft released patches to 69 vulnerabilities,
There are no zero-day vulnerabilities announced by Microsoft with the June patch Tuesday.
This list of CVEs only for Windows Server 2016 :has 28 CVEs: 3 Critical and 25 Important Critical CVEs : |
| KBs for Windows Servers and Clients |
| 1- KB5023788 (March-Servicing stack update) –> Windows Servers 2016
2- KB5027219 (Monthly Security Update)–> Windows Servers 2019 3- KB5027271 (Monthly Rollup) –> Windows Servers 2012 R2 4- KB5027282 (Monthly Security Update) –> Windows Servers 2012 R2 5- KB5027225 (Monthly Security Update) –> Windows Servers 2022 6- KB5027215 (Monthly Security Update) –> Windows 10 Version 22H2 for x64-based Systems. 7- KB5027231 (Monthly Security Update) –> Windows 11 Version 22H2 for x64-based Systems |
| Exchange Security Updates |
| KB5025903 —> for Exchange 2016 CU23
KB5026261 —> for Exchange 2019 CU13 and CU12 |
Some information about some KBs ( Not all KBs)
1- KB5023788 (Servicing stack update)
Before installing Security updates:
Recommended to take a backup of the Operating System to avoid any bugs infecting your system..
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates.
the latest SSU (KB5023788) as mentioned …
- 2- KB5027219 (Monthly security update Windows Server 2016):
Highlights:
- This update addresses security issues for your Windows operating system.
Improvements:
This security update includes quality improvements. When you install this KB:
- This update addresses an issue that might cause a memory leak. The leak might occur during prolonged Remote Desktop audio redirection.
- This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, see KB5028407.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the June 2023 Security Updates..
Known issues in this update :
Microsoft is not currently aware of any issues with this update.
3- KB5025903 Exchange 2016 CU23 Security Updates:
his security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):
Issues that are fixed in this update
- Extended Protection doesn’t support Public Folder Client Permission Management through Outlook
- Microsoft Exchange Replication service crashes on host server
- Store Worker process crashes and returns “System.NullReferenceExceptions” multiple times per day
- Exchange won’t uninstall after the January Security Update (KB5022143) is applied
It’s required to enable Extended Protection in Exchange Server:
To enable Extended Protection on Exchange-based servers, see Extended Protection enabled in Exchange Server (KB5017260).
#FortiGate_Vulnerability-June2023- FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication
Report by: Hazem MohamedMore information about: CVE-2023-27997https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 SummaryA heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically…
#Microsoft Security&Cumulative Updates-May Tusday Patches
This is May- Tuesday Microsoft Security updates
report created by : Hazem Mohamed | 15-May-2023
Microsoft announcement regarding Windows clients: IMPORTANT Starting in April 2023, optional, non-security preview updates will release on the fourth Tuesday of the month. For more
Kindly check the information gathered about May security updates :
| CVEs | |||||||||||||||||||||||||
Microsoft’s MAY 2023 Tuesday Updates, Microsoft released patches to 38 vulnerabilities, including THREE zero-day CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability), CVE-2023-24932 (Secure Boot Security Feature Bypass Vulnerability), and CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)
Windows Server 2016 has 18 CVEs: 5 Critical and 13 Important Critical CVEs :
|
|||||||||||||||||||||||||
| KBs for Windows Servers 2016 | |||||||||||||||||||||||||
| 1- KB5023788 (March-Servicing stack update)
2- KB5026363 (Monthly Security Update) |
Clients
Windows 10 version 21H2 and 22H2
2023-05 Cumulative Update for Windows 10 Version 22H2, Windows 10 Version 21H2, and Windows 10 Version 20H2 (KB5026361)
- Support Page: KB5026361
Updates and improvements:
- This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
- The update includes content of the preview update, released on April 25, 2023. Notable are a new option to configure application group rules and the ability to sync language and region settings when the Microsoft account display language or regional format are changed.
Windows 11 Release version
- Support Page: KB5026368
Updates and improvements:
- This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
- Also includes the preview updates released on April 25.
Windows 11 version 22H2
- Support Page: KB5026372
Updates and improvements:
- Adds a new toggle to Settings > Windows Update to get Windows updates early.
- This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
- This update affects the Kernel-mode Hardware-enforced Stack Protection security feature. The update adds more drivers to the database of drivers that are not compatible with it.
- Includes the non-security updates released on April 25 as a preview. Same new features as in Windows 10’s preview update.
Other security updates
2023-05 Cumulative Security Update for Internet Explorer (KB5026366)
2023-05 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5026382)
Servers:
Windows Server 2016:
KB5023788 (Servicing stack update)
Before installing Security updates:
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates.
the latest SSU (KB5023788) as mentioned …
KB5026363 (Monthly security update Windows Server 2016):
Highlights:
- This update addresses security issues for your Windows operating system.
Improvements:
This security update includes quality improvements. When you install this KB:
This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022.
- This update addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is STATUS_NETLOGON_NOT_STARTED.
- This update addresses an issue that affects Microsoft Edge IE mode. The issue stops you from configuring add-ons.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the May 2023 Security Updates.
Known issues in this update :
Microsoft is not currently aware of any issues with this update.
#FortiGate_Vulnerability-May-2023(FortiOS & FortiProxy – Out-of-bound-write in sslvpnd)
#FortiGate_Vulnerability-May-2023(FortiOS & FortiProxy - Out-of-bound-write in sslvpnd)Report by: Hazem MohamedMore information about CWE-787:https://www.cvedetails.com/cwe-details/787/Out-of-bounds-Write.html More Information about CVE-2023-22640:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22640 SummaryAn out-of-bounds write vulnerability [CWE-787] in sslvpnd of FortiOS and FortiProxy may allow…
Microsoft Security /Cumulative Updates April Tuesday Patches
This Month update affects the Arab Republic of Egypt. The update supports the government’s daylight saving time change order for 2023.
This is April- Tuesday Microsoft Cumulative updates report | prepared by Hazem Mohamed:
Google Chrome Securit Update
Report Title: Google Chrome Securit Update Severity: High Description: Google has released an updated Chrome version (112.0.5615.49/50) for Windows and (112.0.5615.49) for Linux and Mac to fix multiple vulnerabilities. Analysis:…
WordPress Elementor Vulnerability Exploited by Hackers
Actively exploited by unidentified cybercriminals, a recently patched security vulnerability is found within the WordPress Elementor Pro website builder plugin.
Affecting versions 3.11.6 and earlier, this broken access control flaw was resolved by the plugin developers in the 3.11.7 version, released on March 22. In the release notes, the Tel Aviv-based company mentioned, “Improved code security enforcement in WooCommerce components.” The premium plugin is believed to be in use on over 12 million websites.
Successful exploitation of this high-severity vulnerability enables an authenticated attacker to take full control of a WordPress site with WooCommerce enabled. Patchstack, in an alert dated March 30, 2023, stated, “This allows a malicious user to activate the registration page (if disabled) and set the default user role to administrator, enabling them to create an account with immediate administrator privileges.”
Once this occurs, the attacker is likely to either redirect the site to a malicious domain or upload a harmful plugin or backdoor for further exploitation.
NinTechNet security researcher Jerome Bruandet, who discovered and reported the vulnerability on March 18, 2023, is credited for the finding. Patchstack also observed that several IP addresses are currently exploiting the flaw in the wild, intending to upload arbitrary PHP and ZIP archive files.
To mitigate potential threats, Elementor Pro plugin users are advised to update their plugin to version 3.11.7 or the latest version, 3.12.0, as soon as possible.
This advisory follows a critical vulnerability found in the Essential Addons for Elementor plugin over a year ago, which could lead to arbitrary code execution on compromised websites. Additionally, last week, WordPress issued auto-updates to address a critical bug in the WooCommerce Payments plugin, allowing unauthenticated attackers to gain administrator access to vulnerable sites.
#FortiGat_Vulnerability – March 2023
You must be upgrade you FortOS or any listed effected version to latest version.. BR, Hazem Mohamed