Pricing
Contact
Login
Start Free Trial
Back

Can Old Vulnerabilities Learn New Tricks?

May 05, 2022

The public’s favorite government agency, CISA (not the CIA) has recently added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, the living, breathing, exponentially growing list of vulnerabilities that have seen active exploitation in the wild.

Perhaps most interesting (perplexing?) is that 3 out of the 5 vulnerabilities are from 2014….2014!...like, 8 years ago 2014….launch of the Apple Watch 2014…

I want to do a little dissection on each of the five vulnerabilities added to the catalog. (Don’t worry, everything is sanitary here). I’ll break them down by vendor, starting with Microsoft.

Microsoft

CVE-2014-0322

This is a use-after-free vulnerability in Internet Explorer 9 and 10 affecting the MSHTML CMarkup component. The flaw allows remote attackers to execute arbitrary code by abusing a dynamic memory mechanism. If a data set is moved to a different location but the pointer is not cleared—and remains referencing the freed memory—the result is known as a dangling pointer. The attacker can abuse this to execute remote code.

CVE-2014-4113

This is an elevation of privilege vulnerability in Windows kernel-mode driver (win32k.sys). With a successful exploit, an attacker can hijack the system and install programs; view, change, or delete data; or create new accounts with full user rights. Workstations and terminal servers are most at risk.

Apple

CVE-2019-8506

A type confusion vulnerability, this flaw allows processing of maliciously crafted web content, leading to arbitrary code execution in a multitude of Apple products.

CVE-2021-1789

Another type confusion vulnerability, the flaw also allows processing of maliciously crafted web content, leading to arbitrary code execution in a multitude of Apple products.

OpenSSL

CVE-2014-0160

Also operating under the pen name ‘Heartbleed’, this vulnerability is due to a malfunction in the TLS heartbeat extension. It allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library.

TOPIA Integration

To be included in the catalog, the vulnerabilities must meet the following criteria:

  1. The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID.
  2. There is reliable evidence that the vulnerability has been actively exploited in the wild.
  3. There is a clear remediation action for the vulnerability, such as a vendor provided update.

For each of these criteria, there is a corresponding xTag in Topia to help identify the vulnerability.

  1. #known_vulnerability
  2. #has_exploit
  3. #has_patch

(It’s almost like we anticipated it… 😜)

An example from the Vicarius Research Center showing xTags for a specific CVE

Mitigation

The release states: “Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.”

Unsurprisingly, the recommended remediation guideline is to apply the vendor updates. Many complications stand in the way of organizations implementing and deploying the latest patches. But it goes to show how straightforward hygiene practices can deter threats, reduce your overall risk, and improve your security posture.

So, what can you do from here? Well, you could throw on some Iron Maiden, crack open a couple Red Bulls, and swing open the Research Center doors for more information on each of the five vulnerabilities. There’s a whole host of resources from affected operating systems to advisory and patch links.

CVE-2014-0322

CVE-2014-4113

CVE-2014-0160

CVE-2019-8506

CVE-2021-1789

Time is ticking and hackers are itching, so get patching!

giphy - 2022-05-05T115217.312

Resources:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

The CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, all of which have seen active exploitation in the wild.

Tags

  • #vulnerability

  • #exploitation

  • #topia

  • #patching

  • #appsec

  • #application_security

  • #vulnerability_management

  • #vulnerabilities

  • #Microsoft

  • #Apple

  • #vulnerability_remediation

  • #patch_management

  • #vicarius_blog

users/photos/ckzu2pibx000p0jnqflk2h3th.png

Written by

Evan Kling

Recent Posts

  • 1

    Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)

    j00sean (https://twitter.com/j00sean) July 11, 2023
  • 2

    CVE-2021-38294: Apache Storm Nimbus Command Injection

    Zeyad Abdelazim June 20, 2023
  • 3

    CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization

    Mohammad Hussam Alzeyyat June 19, 2023
  • 4

    Have you missed them? The new reports feature is here!

    Noa Machter May 14, 2023
  • 5

    CVE-2021-45456 Apache Kylin RCE Exploit

    Mohammad Hussam Alzeyyat April 30, 2023

Related Posts

By j00sean (https://twitter.com/j00sean)
Jul 11, 2023

Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)

Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.
By Zeyad Abdelazim
Jun 20, 2023

CVE-2021-38294: Apache Storm Nimbus Command Injection

Command Injection vulnerability that affects Nimbus server in apache storm.
By Mohammad Hussam Alzeyyat
Jun 19, 2023

CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization

RCE via post-deserialization was found in Weblogic Server and has been found and registered as CVE-2023-21839 & CVE-2023-21931 both have the same idea. We are going to go through some of the code, reproduce the vulnerability, explain the exploitation and do some network traffic analysis
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 14-day trial
Start Free Trial!

Have questions?

By submitting this form, you agree to be contacted about vRx and other Vicarius products.

Vicarius develops an autonomous vulnerability remediation platform to help security teams protect their assets against software exploitation. Consolidating vulnerability assessment, prioritization, and remediation, Vicarius strengthens cyber hygiene and proactively reduces risk.
We're hiring!

Support

support@vicarius.io

Sales

sales@vicarius.io

Marketing

info@vicarius.io
Product
Product Overview
Vulnerability Management
Patch Management
Patchless Protection
Auto Actions
Reporting
Network Scanner
xTags
0-Day Detection
Solution
Solution Overview
Case Studies
Knowledge
Research Center
Apps & OS Patch Catalog
Videos
Articles
Docs
Company
About
Investors
Partners
Trust
Careers
Pricing
Pricing
Compare
vRx vs. Automox
vRx vs. ManageEngine
vRx vs. Rapid7
vRx vs. Tenable
vRx vs. Tanium
vRx vs. RMMs
vRx vs. Vulcan
vRx vs. PDQ
vRx vs. Qualys
vRx vs. SentinelOne
vRx vs. BigFix

Copyright © Vicarius. All rights reserved 2022. Privacy Policy and Terms of Use