CRI-O Security Update for Kubernetes

/in ,

Original release date: March 18, 2022

CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers.

CISA encourages users and administrators to review the CRI-O Security Advisory and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Strengthening Cybersecurity of SATCOM Network Providers and Customers

/in ,

Original release date: March 17, 2022

CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments.

In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of SATCOM Network Providers and Customers, which provides mitigations and resources to strengthen SATCOM provider and customer cybersecurity.

CISA and FBI strongly encourage critical infrastructure organizations and, specifically, organizations that are SATCOM network providers or customers to review the joint CSA and implement the mitigations. CISA and FBI will update the joint CSA as new information becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisories for BIND

/in ,

Original release date: March 17, 2022

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Updates

/in ,

Original release date: March 17, 2022

OpenSSL has released security updates addressing a vulnerability affecting multiple versions of OpenSSL. An attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the OpenSSL Advisory and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

/in ,

Original release date: March 17, 2022

Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2022-05 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

WordPress Releases Security Update

/in ,

Original release date: March 17, 2022

WordPress versions prior to 5.9.2 are affected by multiple vulnerabilities. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected website.

CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.9.2.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

/in ,

Original release date: March 16, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

/in ,

Original release date: March 16, 2022

Google has released Chrome version 99.0.4844.74 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.  
 
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds 15 Known Exploited Vulnerability to Catalog

/in ,

Original release date: March 15, 2022

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

CVE ID Vulnerability Name Due Date
CVE-2020-5135 SonicWall SonicOS Buffer Overflow Vulnerability 4/5/2022
CVE-2019-1405 Microsoft Windows UPnP Service Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1322 Microsoft Windows Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1315 Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1253 Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1129 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1069 Microsoft Task Scheduler Privilege Escalation Vulnerability 4/5/2022
CVE-2019-1064 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
CVE-2019-0841 Microsoft Windows AppXSVC Privilege Escalation Vulnerability 4/5/2022
CVE-2019-0543 Microsoft Windows Privilege Escalation Vulnerability 4/5/2022
CVE-2018-8120 Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022
CVE-2017-0101 Microsoft Windows Transaction Manager Privilege Escalation Vulnerability 4/5/2022
 
CVE-2016-3309  Microsoft Windows Kernel Privilege Escalation Vulnerability 4/5/2022
 
CVE-2015-2546 Microsoft Win32k Memory Corruption Vulnerability 4/5/2022
 
CVE-2019-1132 Microsoft Win32k Privilege Escalation Vulnerability 4/5/2022
 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria. Note: prioritizing software updates that address known exploited vulnerabilities is one of the actions CISA encourages as part of the recent Shields Up recommendations to all stakeholders.

This product is provided subject to this Notification and this Privacy & Use policy.

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

/in ,

Original release date: March 15, 2022

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat. 

CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up.

This product is provided subject to this Notification and this Privacy & Use policy.