Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which offers a new privacy and security feature called “Lockdown Mode.” And Adobe axed 63 vulnerabilities in a range of products.

Microsoft today released software patches to plug at least 64 security holes in Windows and related products. Worst in terms of outright scariness is CVE-2022-37969, which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. Microsoft says this flaw is already being exploited in the wild.

Kevin Breen, director of cyber threat research at Immersive Labs, said any vulnerability that is actively targeted by attackers in the wild must be put to the top of any patching list.

“Not to be fooled by its relatively low CVSS score of 7.8, privilege escalation vulnerabilities are often highly sought after by cyber attackers,” Breen said. “Once an attacker has managed to gain a foothold on a victim’s system, one of their first actions will be to gain a higher level of permissions, allowing the attacker to disable security applications and any device monitoring. There is no known workaround to date, so patching is the only effective mitigation.”

Satnam Narang at Tenable said CVE-2022-24521 — a similar vulnerability in the same Windows log file component — was patched earlier this year as part of Microsoft’s April Patch Tuesday release and was also exploited in the wild.

“CVE-2022-37969 was disclosed by several groups, though it’s unclear if CVE-2022-37969 is a patch-bypass for CVE-2022-24521 at this point,” Narang said.

Another vulnerability Microsoft patched this month — CVE-2022-35803 — also seems to be related to the same Windows log file component. While there are no indications CVE-2022-35803 is being actively exploited, Microsoft suggests that exploitation of this flaw is more likely than not.

Trend Micro’s Dustin Childs called attention to CVE-2022-34718, a remote code execution flaw in the Windows TCP/IP service that could allow an unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction.

“That officially puts it into the ‘wormable’ category and earns it a CVSS rating of 9.8,” Childs said. “However, only systems with IPv6 enabled and IPSec configured are vulnerable. While good news for some, if you’re using IPv6 (as many are), you’re probably running IPSec as well. Definitely test and deploy this update quickly.”

Cisco Talos warns about four critical vulnerabilities fixed this month — CVE-2022-34721 and CVE-2022-34722 — which have severity scores of 9.8, though they are “less likely” to be exploited, according to Microsoft.

“These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet,” wrote Jon Munshaw and Asheer Malhotra. “Two other critical vulnerabilities, CVE-2022-35805 and CVE-2022-34700 exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner.”

Not to be outdone, Apple fixed at least two zero-day vulnerabilities when it released updates for iOS, iPadOS, macOS and Safari. CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel). Apple pushed an emergency update for a related zero-day last month in CVE-2022-32983, which could be used to foist malware on iPhones, iPads and Macs that visited a booby-trapped website.

Also listed under active attack is CVE-2022-32817, which has been fixed on macOS 12.6 (Monterey), macOS 11.7 (Big Sur), iOS 15.7 and iPadOS 15.7, and iOS 16. The same vulnerability was fixed in Apple Watch in July 2022, and credits Xinru Chi of Japanese cybersecurity firm Pangu Lab.

“Interestingly, this CVE is also listed in the advisory for iOS 16, but it is not called out as being under active exploit for that flavor of the OS,” Trend Micro’s Childs noted. “Apple does state in its iOS 16 advisory that ‘Additional CVE entries to be added soon.’ It’s possible other bugs could also impact this version of the OS. Either way, it’s time to update your Apple devices.”

Apple’s iOS 16 includes two new security and privacy features — Lockdown Mode and Safety Check. Wired.com describes Safety Check as a feature for users who are at risk for, or currently experiencing, domestic abuse.

“The tool centralizes a number of controls in one place to make it easier for users to manage and revoke access to their location data and reset privacy-related permissions,” wrote Lily Hay Newman.

“Lockdown Mode, on the other hand, is meant for users who potentially face targeted spyware attacks and aggressive state-backed hacking. The feature comprehensively restricts any nonessential iOS features so there are as few potential points of entry to a device as possible. As more governments and repressive entities around the world have begun purchasing powerful commodity spyware to target individuals of particular importance or interest, iOS’s general security defenses haven’t been able to keep pace with these specialized threats.”

To turn on Lockdown Mode in iOS 16, go to Settings, then Privacy and Security, then Lockdown Mode. Safety Check is located in the same area.

Finally, Adobe released seven patches addressing 63 security holes in Adobe Experience Manager, Bridge, InDesign, Photoshop, InCopy, Animate, and Illustrator. More on those updates is here.

Don’t forget to back up your data and/or system before applying any security updates. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

from Krebs on Security https://ift.tt/jwKoqu3

Distrobox 1.4 llega con soporte para actualizar todos los contenedores con un solo comando


Distrobox te permite ejecutar comandos o aplicaciones sin temor a dañar tu sistema

Se dio a conocer el nuevo lanzamiento de Distrobox 1.4, que permite gestionar contenedores en tu sistema, con los que puedes compartir dispositivos extraíbles USB, la carpeta o partición HOME del usuario, audio, así como sockets de entornos de escritorio X11 y Wayland.

Para quienes aún desconocen de esta herramienta deben saber que permite instalar y ejecutar rápidamente cualquier distribución de Linux en un contenedor y garantizar su integración con el sistema principal.

El proyecto proporciona un complemento sobre Docker o Podman, y se distingue por la máxima simplificación del trabajo y la integración del entorno de ejecución con el resto del sistema. Para crear un entorno con una distribución diferente, basta con ejecutar un solo comando distrobox-create, sin pensar en las sutilezas.

Distrobox afirma poder alojar 17 distribuciones, incluidas Alpine, Manjaro, Gentoo, EndlessOS, NixOS, Void, Arch, SUSE, Ubuntu, Debian, RHEL y Fedora. En el contenedor se puede lanzar cualquier kit de distribución para el que existan imágenes en formato OCI. Después de la instalación, el usuario puede trabajar completamente en otra distribución sin salir del sistema principal.

Principales novedades de Distrobox 1.4

En esta nueva versión se destaca que se agregó el comando «distrobox upgrade» para actualizar el contenido de todos los contenedores instalados con distribuciones a la vez, asi como tambien que se añadió el comando «distrobox generate-entry» para agregar un entorno basado en distrobox a la lista de aplicaciones.

Otro de los cambios que se destaca es que se agregó el comando «distrobox ephemeral» para crear un contenedor desechable que se eliminará después de que finalice la sesión asociada a él.

Por otra parte, podremos encontrar un nuevo script llamado «install-podman» este permite al usuario poder instalar Podman en el directorio de inicio sin afectar el entorno del sistema (útil para entornos donde los directorios del sistema están montados en modo de solo lectura o no se pueden editar).

Ademas de ello, tambien se destaca el soporte mejorado para sistemas anfitriones con administradores de paquetes Guix y Nix, asi como tambien el soporte mejorado para autenticación LDAP, Active Directory y Kerberos.

Tambien se menciona que se ha trabajo para mejorar los mensajes de error de coincidencia, asi como tambien el sincronizar archivos host solo si existen, ademas se ha mejorado la integración de systemd para contenedores rootful.

De los demás cambios que se destacan de este nuevo lanzamiento:

  • Evita errores de xbps manteniéndolo actualizado
  • Se arregló el punto de montaje para el hogar en el sistema operativo basado en ostree. Esto solucionará los problemas con la instalación del paquete en Fedora.
  • Corrección del manejo de tzdata
  • Se añadió la entrada de ayuda que falta para el indicador –next/-N
  • list/host-exec: corregir la detección de tty
  • lisa: Agregar bandera sin color a la lista
  • list: deshabilita los colores cuando no estés en una terminal.
  • Se eliminó la función de ruta obsoleta

Finalmente si estás interesado en poder conocer más al respecto sobre el proyecto o la lista completa de cambios, puedes hacerlo desde el siguiente enlace.

¿Como instalar DistroBox en Linux?

Para quienes estén interesados en poder instalar esta herramienta, deben saber que se encuentra disponible en muchos de los repositorios de las principales distribucion de Linux.

Pero para este caso, usaremos el método de instalación que nos ofrecen para casi cualquier distribucion de linux. Para ello basta con abrir una terminal y en ella vamos a teclear lo siguiente:

curl -s https://raw.githubusercontent.com/89luca89/distrobox/main/install | sudo sh

Y listo ya con ello podremos comenzar a hacer uso de esta herramienta.

En cuanto a su uso distrobox se divide en 8 comandos:

  1. distrobox-create- crea el contenedor
  2. distrobox-enter – para entrar en el contenedor
  3. distrobox-list- para listar contenedores creados con distrobox
  4. distrobox-rm- para eliminar un contenedor creado con distrobox
  5. distrobox-stop- para detener un contenedor en ejecución creado con distrobox
  6. distrobox-init – el punto de entrada del contenedor (no destinado a ser utilizado manualmente)
  7. distrobox-export- está diseñado para usarse dentro del contenedor, útil para exportar aplicaciones y servicios desde el contenedor al host
  8. distrobox-host-exec- para ejecutar comandos/programas desde el host, mientras está dentro del contenedor

Finalmente si estás interesado en poder conocer más al respecto sobre Distrobox, debe saber que el código del proyecto está escrito en Shell y se distribuye bajo la licencia GPLv3. Puedes consultar tanto su codigo fuente, como sus manuales de uso y mayor información en el siguiente enalce.

from Linux Adictos https://ift.tt/7juyXkY