What We Know A new critical zero-day vulnerability has been detected, is widely distributed, and is easily exploitable, allowing attackers to gain full control over affected servers. The vulnerability was identified within Apache Log4j 2, an open-source Java package used to enable logging in many popular applications. The issue can allow remote access to your computer through public servers you access running the Apache Log4j Java-based logging library.

What We Know For Patch Tuesday July 2021, Microsoft is patching the vulnerability and ongoing exploitation of PrintNightmare. You can read about CVE-2021-34527 on the Microsoft vulnerability site here. This one is really causing a lot of pain for organizations and CISA has also released Emergency Directive 21-04 that outlines what and when Federal Civilian Executive Branch agencies must do to mitigate this one.

What We Know On June 29, 2021, a Proof-of-Concept (PoC) exploit code was published on GitHub for a vulnerability related to (CVE-2021-1675) in the Microsoft Print Spooler (spoolsv.exe)--the process that manages printing services. This vulnerability has been given the nickname of “PrintNightmare."  Although Microsoft released an update in early June 2021 as part of the updates in patch Tuesday, it does not look like this update protects against the PoC code. As this is PoC exploit, it appears to work and is being referred to as a Zero-Day exploit. It's important to note that the exploit does require a user login and password or a password hash to work which could be used by adversaries for use with phishing to get an elevation of privilege. No Known Fix; Recommended Workaround Because there is currently no known fix, the recommended workaround is to disable the print spooler service on Domain Controllers and systems that do not print. Yesterday CISA released a VulNote for this vulnerability.  

By Randy Becker, VP & Principal Security Architect Yesterday, May 25th, VMware announced there are two new vulnerabilities in their vCenter management platform; this impacts many of the production vCenter deployments regardless of if you are using VMware Virtual SANs or not. VMware is providing a workaround and a fix for affected versions of vCenter. We recommend reading all the details on this before taking any action. Workarounds could impact functionality if you are using vSAN, so read thoroughly. Per VMware: “This needs your immediate attention if you are using vCenter Server.”

By Randy Becker, VP & Principal Security Architect On May 4, 2021, SentinelLabs posted that they had discovered five Dell security bugs collectively tracked as CVE-2021-21551. This local privilege-escalation (LPE) has a CVSS vulnerability-severity rating of 8.8 out of 10. SentinelLabs proactively reported their findings to Dell on Dec 1, 2020. These five high-severity security vulnerabilities in Dell’s firmware update driver have the potential to impact hundreds of millions of Dell desktops, laptops, notebooks, and tablets.

By Randy Becker, VP & Principal Security Architect Microsoft April 2021 Patch Tuesday brings us 4 critical on-premises Exchange RCE CVEs, 2 with a base CVSS Score of 9.8 out of 10 with no privileges required, 1 with a CVSS Score of 9 with an attack vector adjacent with low privileges required, and 1 with an 8.8 and low privileges required.

By Rob O'Shaughnessy, Director, Software Sales & Renewals Enterprise Agreement 1000 User Minimum In an effort to streamline consumption products such as Office 365 (O365), Microsoft 365 (M365), Dynamics 365 (D365) and Azure towards consumption-based licensing programs such as its Cloud Solution Provider (CSP) program, Microsoft is making changes to the qualification of their Enterprise Agreement. In January 2021, Microsoft increased the minimum requirement for Enterprise Agreements to 1000 users—a jump from 500 users. This means that customers with fewer than 1000 seats of O365, M365, or D365 will no longer be able to purchase their licensing on an Enterprise Agreement. In addition, Microsoft increased the qualification amount for Azure to $600,000 per year.

By Randy Becker, CISO & VP, Network and Security Consulting There is a new form of malware (dubbed “Silver Sparrow” by Red Canary) that seems to be affecting Macs running Intel processors and Apple’s own M1 processors. It does not appear as though the malware has done anything nefarious, but as the saying goes, where there’s smoke there is often fire. VMware announces Remote Code Execution (RCE) vulnerability in the vCenter with a CVSSv3 base score of 9.8 CVE-2021-21972. This one looks ripe for exploitation as it is a RCE **AND** a 9.8 In addition to this, two others were found—all in the CVSSv3 range of 5.3-9.8.

By Randy Becker, CISO & VP, Network and Security Consulting SolarWinds, Solorigate, Sunburst, Teardrop, Sunspot, Raindrop… will it ever end? (Check out Microsoft’s deep dive for a comprehensive summary.) The breach was even the lead story on 60-Minutes with Microsoft President Brad Smith and FireEye CEO Kevin Mandia interviewed.