Google Releases Security Updates for Chrome

Original release date: March 16, 2022

Google has released Chrome version 99.0.4844.74 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.  
 
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds 15 Known Exploited Vulnerability to Catalog

Original release date: March 15, 2022

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

CVE ID Vulnerability Name Due Date
CVE-2020-5135 SonicWall SonicOS Buffer Overflow Vulnerability 4/5/2022
CVE-2019-1405 Microsoft Windows UPnP Service Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1322 Microsoft Windows Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1315 Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1253 Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1129 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1069 Microsoft Task Scheduler Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1064 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
CVE-2019-0841 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
CVE-2019-0543 Microsoft Windows Privilege Escalation Vulnerability 4/5/2022
CVE-2018-8120 Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022
CVE-2017-0101 Microsoft Windows Transaction Manager Privilege Escalation Vulnerability 4/5/2022
 
CVE-2016-3309  Microsoft Windows Kernel Privilege Escalation Vulnerability 4/5/2022
 
CVE-2015-2546 Microsoft Win32k Memory Corruption Vulnerability 4/5/2022
 
CVE-2019-1132 Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022
 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria. Note: prioritizing software updates that address known exploited vulnerabilities is one of the actions CISA encourages as part of the recent Shields Up recommendations to all stakeholders.

This product is provided subject to this Notification and this Privacy & Use policy.

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

Original release date: March 15, 2022

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat. 

CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up.

This product is provided subject to this Notification and this Privacy & Use policy.

Updated: Kubernetes Hardening Guide

Original release date: March 15, 2022

The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community. 

Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers. A container is a runtime environment that contains a software package and its dependencies. Kubernetes is often hosted in a cloud environment. The CTR provides recommended configuration and hardening guidance for setting up and securing a Kubernetes cluster.

CISA encourages users and administrators to review the updated Kubernetes Hardening Guide—which includes additional detail and explanations—and apply the hardening measures and mitigations to manage associated risks.

This product is provided subject to this Notification and this Privacy & Use policy.

Dirty Pipe Privilege Escalation Vulnerability in Linux

Original release date: March 10, 2022

CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later.

This product is provided subject to this Notification and this Privacy & Use policy.

Updated: Conti Ransomware

Original release date: March 9, 2022

CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. 

CISA, the FBI, NSA, and the USSS encourage organizations to review AA21-265A: Conti Ransomware, which includes new indicators of compromise, for more information. See Shields Up and StopRansomware.gov for ways to respond against disruptive cyber activity.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Multiple Products

Original release date: March 8, 2022

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

SAP Releases March 2022 Security Updates

Original release date: March 8, 2022

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for March 2022 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: March 8, 2022

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 98 and Firefox ESR 91.7 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases March 2022 Security Updates

Original release date: March 8, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s March 2022 Security Update Summary and Deployment Information and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.