Patch List: Adobe, Citrix, Intel, and vBulletin Vulns
Vulnerabilities expose enterprises’ systems to compromise. Now that many employees are working from home and operating devices outside the more secure office environments, the need to patch vulnerabilities as soon as they are discovered has become even more pressing.
Aside from Microsoft, the following vendors also released patches recently: Adobe, Citrix, Intel, and vBulletin. We rounded up these recently disclosed vulnerabilities as we advise organizations to check right away if any of the software they use is affected by these.
In this month’s release of fixes for vulnerabilities, Adobe resolved 26 vulnerabilities found in some of their products such as Adobe Acrobat and Adobe Reader. From the total, 11 are deemed as Critical. Two of them, namely CVE-2020-9696 and CVE-2020-9712, are security bypass problems that allow arbitrary code execution. The complete details of the vulnerabilities are yet to be disclosed.
The vulnerabilities have been reported to Adobe by various researchers. Abdul-Aziz Hariri of Trend Micro Zero Day Initiative (ZDI) was able to discover and inform the company about the aforementioned CVE-2020-9712 and four other vulnerabilities rated as Important (CVE-2020-9697, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710).
Citrix posted a security bulletin where they announced the discovery of five vulnerabilities in some versions of Citrix Endpoint Management (CEM), also known as XenMobile. Two of the vulnerabilities, CVE-2020-8208 and CVE-2020-8209, have a Critical severity level.
While very little information has been shared about the other four vulnerabilities, it was revealed that CVE-2020-8209 is a path transversal flaw that results from insufficient input validation. Such vulnerabilities allow attackers to read arbitrary files on servers. According to
Andrew Menov, the Positive Technologies expert who discovered this vulnerability, stated that threat actors can exploit it by crafting a URL and spreading it to unsuspecting users. If the users follow this URL, the attackers would then be able to access files including configuration files and encryption keys outside the web server root directory.
Further details are yet to be shared about the other vulnerabilities.
Intel recently published fixes for 22 vulnerabilities with severity ratings ranging from Low to Critical. The critical vulnerability CVE-2020-8708 affects Intel Server Boards, Server Systems, and Compute Modules before version 1.59. It allows unauthorized users to bypass authentication and escalate privilege via adjacent access.
Dmytro Oleksiuk, an information security researcher and developer who discovered the flaw, revealed to Threatpost that it exists in the firmware of Emulex Pilot 3. Used by motherboards, Emulex Pilot 3 helps keep server components together in a single system.
Thought to have been fixed through a previous patch, a vulnerability found last year on vBulletin, an internet forum software, apparently remains exploitable as attested by proof-of-concept codes published by Amir Etemadieh (also known as Zenofex), a security researcher. The vulnerability in question is CVE-2019-16759, a flaw that affects vBulletin versions 5.x through 5.5.4 and allows remote code execution (RCE) via the widgetConfig[code] parameter. Threat actors can use a specially crafted POST request to launch attacks.
While a patch has long been released, the research has unveiled that attackers can still exploit the vulnerability and showed proofs of concept in Bash, Python, and Ruby. Etemadieh cited the vBulletin template system structure and how it uses PHP as the key issue for the patch. No official new patch has been released yet, although the researcher has shared a temporary workaround that administrators can apply by disabling HP, Static HTML, and Ad Module rendering in the vBulletin administrator control panel.
Protecting systems from vulnerability exploitation
Cybercriminals who aim to exploit vulnerabilities and security researchers who strive to uncover and patch these flaws are in a constant race to outpace each other. Compromised systems, after all, can mean significant financial and operational losses. Security teams of enterprises can ensure that their organizations remain protected from vulnerabilities through the following:
- Patch systems immediately. Keep posted on security bulletins of the different software used by the company and apply patches as soon as they are available.
- Regularly update software, firmware, and applications. Install the newest versions as they contain the newest fixes.
- Deploy security solutions. A multilayered security approach can help, especially in cases where patches aren’t immediately available.
The following Trend Micro solutions help bolster protection against vulnerability exploits:
- TippingPoint® Next-Generation Intrusion Prevention System (NGIPS) – employs virtual patching and uses threat intelligence from sources such as Digital Vaccine Labs (DVLabs) and ZDI for maximum threat coverage.
- Trend Micro™ Deep Security™ – uses Vulnerability Protection to defend systems from threats that target vulnerabilities. It offers network security, system security, and malware prevention.
- The Trend Micro™ Deep Discovery™ Inspector – detects malicious traffic, including command and control (C&C) communications, which can be a sign of a breach. Suspicious supervisory control and data acquisition (SCADA) traffic can be identified as well.
- Trend Micro™ Apex One™ – performs virtual patching through its Vulnerability Protection™, offering protection before a patch is made available.
- TippingPoint® Advanced Threat Protection – provides expert real-time protection from targeted attacks, advanced threats, and ransomware.
Trend Micro Deep Security and Vulnerability Protection protect users from the vBulletin vulnerability via the following updated rule:
- 1010366 - vBulletin 'widgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2019-16759)
We will update this page once rules for the newly disclosed vulnerabilities are available.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases