Cyber News - Skillplan GmbH

Posted on September 5, 2024 by frankm in Unkategorisiert

Application Type	CVE	Severity	Impact	Possible Mitigations	Vendor Link
Microsoft Operating System	CVE-2024-38074	Critical (CVSS 9.8)	Remote code execution in Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; monitor for suspicious activities	Microsoft Advisory
	CVE-2024-38076	Critical (CVSS 9.8)	Remote code execution in Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; monitor for suspicious activities	Microsoft Advisory
	CVE-2024-38077	Critical (CVSS 9.8)	Remote code execution in Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; monitor for suspicious activities	Microsoft Advisory
	CVE-2024-38060	Critical (CVSS 8.8)	Remote code execution in Windows Imaging Component	Apply official patch; restrict access to vulnerable systems; monitor for suspicious file uploads	Microsoft Advisory
	CVE-2024-38080	Important (CVSS 7.8)	Privilege escalation in Windows Hyper-V (Zero-day, actively exploited)	Apply the official patch immediately; monitor for suspicious activities; ensure systems are up-to-date	Microsoft Advisory
	CVE-2024-38112	Important (CVSS 7.5)	Spoofing vulnerability in Windows MSHTML Platform (Zero-day, actively exploited)	Apply the official patch immediately; educate users about the risks of executing unknown files	Microsoft Advisory
	CVE-2024-38073	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Licensing Service	Apply official patch; monitor for unusual network traffic	Microsoft Advisory
	CVE-2024-38015	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Gateway	Apply official patch; implement network segmentation	Microsoft Advisory
	CVE-2024-30098	Important (CVSS 7.5)	Security Feature Bypass in Windows Cryptographic Services	Apply official patch; review and update cryptographic configurations	Microsoft Advisory
	CVE-2024-38061	Important (CVSS 7.5)	Elevation of Privilege in DCOM Remote Cross-Session Activation	Apply official patch; restrict DCOM access	Microsoft Advisory
Server Application	CVE-2024-38023	Critical (CVSS 7.2)	Remote code execution in Microsoft SharePoint Server	Apply security updates; restrict “Site Owner” permissions; monitor for suspicious activities	Microsoft Advisory
	CVE-2024-38087	Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; monitor for unusual database activities	Microsoft Advisory
	CVE-2024-38088	Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; monitor for unusual database activities	Microsoft Advisory
	CVE-2024-38044	Important (CVSS 7.2)	Remote code execution in DHCP Server Service	Apply official patch; review DHCP server configurations	Microsoft Advisory
Development Tools	CVE-2024-35264	Important (CVSS 8.1)	Remote code execution in .NET and Visual Studio	Apply the official patch; monitor and restrict access to vulnerable systems	Microsoft Advisory
Office Applications	CVE-2024-38021	Critical (CVSS 8.8)	Remote code execution in Microsoft Office	Apply security updates; ensure users are cautious about clicking on links from untrusted sources	Microsoft Advisory
Network Services	CVE-2024-38031	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible	Microsoft Advisory
	CVE-2024-38067	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible	Microsoft Advisory
	CVE-2024-38068	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible	Microsoft Advisory
	CVE-2024-38091	Important (CVSS 7.5)	Denial of Service in Microsoft WS-Discovery	Apply official patch; disable WS-Discovery if not needed	Microsoft Advisory
	CVE-2024-3596	Important (CVSS 7.5)	Spoofing vulnerability in RADIUS Protocol	Apply official patch; implement additional authentication mechanisms	Microsoft Advisory
System Components	CVE-2024-38033	Important (CVSS 7.3)	Elevation of Privilege in PowerShell	Apply official patch; restrict PowerShell execution policies	Microsoft Advisory
	CVE-2024-38025	Important (CVSS 7.2)	Remote code execution in Windows Performance Data Helper Library	Apply official patch; monitor for unusual system performance queries	Microsoft Advisory
	CVE-2024-30081	Important (CVSS 7.1)	Spoofing vulnerability in Windows NTLM	Apply official patch; consider disabling NTLM where possible	Microsoft Advisory
	CVE-2024-38065	Important (CVSS 6.8)	Security Feature Bypass in Secure Boot	Apply official patch; ensure physical security of systems	Microsoft Advisory

These vulnerabilities should be addressed promptly to minimize

Citations:
[1] https://www.crowdstrike.com/blog/patch-tuesday-analysis-july-2024/
[2] https://www.ivanti.com/blog/july-2024-patch-tuesday
[3] https://www.tenable.com/blog/microsofts-july-2024-patch-tuesday-addresses-138-cves-cve-2024-38080-cve-2024-38112
[4] https://www.tenable.com/blog/oracle-july-2024-critical-patch-update-addresses-175-cves

Posted on September 5, 2024 by frankm in Unkategorisiert

Based on the search results and analysis, here are the 25 most important and critical new CVEs from last Friday, ranked by severity and grouped by application type:

Application type	CVE	Severity	Effects	Possible remedies
Microsoft operating system
	CVE-2024-38074	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; monitor for suspicious activity
	CVE-2024-38076	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; watch out for suspicious activity
	CVE-2024-38077	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; watch out for suspicious activity
	CVE-2024-38060	Critical (CVSS 8.8)	Remote code execution in Windows Imaging Component	Apply official patch; restrict access to vulnerable systems; monitor for suspicious file uploads
	CVE-2024-38080	Important (CVSS 7.8)	Privilege escalation in Windows Hyper-V (zero-day, is actively exploited)	Apply the official patch immediately; watch out for suspicious activity; make sure systems are up to date
CVE-2024-38112	Important (CVSS 7.5)	Spoofing vulnerability in Windows MSHTML Platform (zero-day, actively exploited)	Apply the official patch immediately; inform users about the risks of running unknown files
	CVE-2024-38073	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Licensing Service	Apply official patch; watch out for unusual network traffic
CVE-2024-38015	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Gateway	Apply official patch; implement network segmentation
CVE-2024-30098	Important (CVSS 7.5)	Bypassing security features in Windows Cryptographic Services	Apply official patch; check and update cryptographic configurations
CVE-2024-38061	Important (CVSS 7.5)	Privilege extension in DCOM Remote Cross-Session Activation	Apply official patch; restrict DCOM access
Server application
	CVE-2024-38023	Critical (CVSS 7.2)	Remote code execution in Microsoft SharePoint Server	Apply security updates; restrict “Site Owner” permissions; monitor for suspicious activity
CVE-2024-38087	Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; monitor for unusual database activity
Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; watch out for unusual database activity		CVE-2024-38088
CVE-2024-38044	Important (CVSS 7.2)	Remote code execution in the DHCP server service	Apply official patch; check DHCP server configurations
Development tools
CVE-2024-35264	Important (CVSS 8.1)	Remote code execution in .NET and Visual Studio	Apply official patch; monitor and restrict access to vulnerable systems
Office applications
	CVE-2024-38021	Critical (CVSS 8.8)	Remote code execution in Microsoft Office	Apply security updates; ensure that users are careful when clicking on links from untrusted sources
Network services
	CVE-2024-38031	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38067	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38068	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38091	Important (CVSS 7.5)	Denial of Service in Microsoft WS-Discovery	Apply official patch; deactivate WS-Discovery if not required
CVE-2024-3596	Important (CVSS 7.5)	Spoofing vulnerability in the RADIUS protocol	Apply official patch; implement additional authentication mechanisms
System components
	CVE-2024-38033	Important (CVSS 7.3)	Authorization extension in PowerShell	Apply official patch; restrict PowerShell execution policies
	CVE-2024-38025	Important (CVSS 7.2)	Remote code execution in the Windows Performance Data Helper Library	Apply official patch; watch out for unusual system performance queries
	CVE-2024-30081	Important (CVSS 7.1)	Spoofing vulnerability in Windows NTLM	Apply official patch; deactivate NTLM if possible
CVE-2024-38065	Important (CVSS 6.8)	Bypassing security functions in Secure Boot	Apply official patch; ensure physical security of systems

These vulnerabilities should be rectified immediately to minimize potential security risks. When applying remedies or patches, always follow the guidelines and best practices provided by the manufacturer.

Quotes: [1] https://www.ivanti.com/blog/july-2024-patch-tuesday [2] https://socradar.io/microsoft-fixes-cve-2024-38112-after-over-a-year-of-exploitation-zero-click-threat-of-cve-2024-38021/ [3] https://www.crowdstrike.com/blog/patch-tuesday-analysis-july-2024/ [4] https://www.tenable.com/blog/oracle-july-2024-critical-patch-update-addresses-175-cves [5] https://www.tenable.com/blog/microsofts-july-2024-patch-tuesday-addresses-138-cves-cve-2024-38080-cve-2024-38112 [6] https://www.rapid7.com/blog/post/2024/07/09/patch-tuesday-july-2024/ [7] https://www.spiceworks.com/it-security/vulnerability-management/articles/july-2024-patch-tuesday/

Posted on September 5, 2024 by frankm in Unkategorisiert

Based on the search results and analysis, here are the 25 most important and critical new CVEs from last Friday, ranked by severity and grouped by application type:

Application type	CVE	Severity	Effects	Possible remedies
Microsoft operating system
	CVE-2024-38074	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; monitor for suspicious activity
	CVE-2024-38076	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; watch out for suspicious activity
	CVE-2024-38077	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; watch out for suspicious activity
	CVE-2024-38060	Critical (CVSS 8.8)	Remote code execution in Windows Imaging Component	Apply official patch; restrict access to vulnerable systems; monitor for suspicious file uploads
	CVE-2024-38080	Important (CVSS 7.8)	Privilege escalation in Windows Hyper-V (zero-day, is actively exploited)	Apply the official patch immediately; watch out for suspicious activity; make sure systems are up to date
CVE-2024-38112	Important (CVSS 7.5)	Spoofing vulnerability in Windows MSHTML Platform (zero-day, actively exploited)	Apply the official patch immediately; inform users about the risks of running unknown files
	CVE-2024-38073	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Licensing Service	Apply official patch; watch out for unusual network traffic
CVE-2024-38015	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Gateway	Apply official patch; implement network segmentation
CVE-2024-30098	Important (CVSS 7.5)	Bypassing security features in Windows Cryptographic Services	Apply official patch; check and update cryptographic configurations
CVE-2024-38061	Important (CVSS 7.5)	Privilege extension in DCOM Remote Cross-Session Activation	Apply official patch; restrict DCOM access
Server application
	CVE-2024-38023	Critical (CVSS 7.2)	Remote code execution in Microsoft SharePoint Server	Apply security updates; restrict “Site Owner” permissions; monitor for suspicious activity
CVE-2024-38087	Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; monitor for unusual database activity
Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; watch out for unusual database activity		CVE-2024-38088
CVE-2024-38044	Important (CVSS 7.2)	Remote code execution in the DHCP server service	Apply official patch; check DHCP server configurations
Development tools
CVE-2024-35264	Important (CVSS 8.1)	Remote code execution in .NET and Visual Studio	Apply official patch; monitor and restrict access to vulnerable systems
Office applications
	CVE-2024-38021	Critical (CVSS 8.8)	Remote code execution in Microsoft Office	Apply security updates; ensure that users are careful when clicking on links from untrusted sources
Network services
	CVE-2024-38031	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38067	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38068	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38091	Important (CVSS 7.5)	Denial of Service in Microsoft WS-Discovery	Apply official patch; deactivate WS-Discovery if not required
CVE-2024-3596	Important (CVSS 7.5)	Spoofing vulnerability in the RADIUS protocol	Apply official patch; implement additional authentication mechanisms
System components
	CVE-2024-38033	Important (CVSS 7.3)	Authorization extension in PowerShell	Apply official patch; restrict PowerShell execution policies
	CVE-2024-38025	Important (CVSS 7.2)	Remote code execution in the Windows Performance Data Helper Library	Apply official patch; watch out for unusual system performance queries
	CVE-2024-30081	Important (CVSS 7.1)	Spoofing vulnerability in Windows NTLM	Apply official patch; deactivate NTLM if possible
CVE-2024-38065	Important (CVSS 6.8)	Bypassing security functions in Secure Boot	Apply official patch; ensure physical security of systems

Posted on September 5, 2024 by frankm in Unkategorisiert

Application type	CVE	Severity	Effects
Windows OS	CVE-2024-38074	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service
	CVE-2024-38076	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service
	CVE-2024-38077	Critical (CVSS 9.8)	Remote code execution in the Windows Remote Desktop Licensing Service
	CVE-2024-38060		Remote code execution in the Windows Remote Desktop Licensing Service

The most important CVEs of week 29

Posted on July 28, 2024July 28, 2024 by frankm in Last weeks CVEs

Application type	CVE	Severity	Impact	Possible remediation
Microsoft operating system
	CVE-2024-38074	Critical (CVSS 9.8)	Remote code execution in Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; monitor for suspicious activity
	CVE-2024-38076	Critical (CVSS 9.8)	Remote code execution in Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; watch for suspicious activity
	CVE-2024-38077	Critical (CVSS 9.8)	Remote code execution in Windows Remote Desktop Licensing Service	Apply official patch; disable the service if not needed; watch for suspicious activity
	CVE-2024-38060	Critical (CVSS 8.8)	Remote code execution in Windows Imaging Component	Apply official patch; restrict access to vulnerable systems; monitor for suspicious file uploads
	CVE-2024-38080	Important (CVSS 7.8)	Privilege escalation in Windows Hyper-V (zero-day, actively exploited)	Apply the official patch immediately; watch for suspicious activity; ensure systems are up to date
CVE-2024-38112	Important (CVSS 7.5)	Spoofing vulnerability in Windows MSHTML Platform (zero-day, actively exploited)	Apply the official patch immediately; inform users about the risks of executing unknown files
	CVE-2024-38073	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Licensing Service	Apply official patch; watch out for unusual network traffic
CVE-2024-38015	Important (CVSS 7.5)	Denial of Service in Windows Remote Desktop Gateway	Apply official patch; implement network segmentation
CVE-2024-30098	Important (CVSS 7.5)	Security feature bypass in Windows Cryptographic Services	Apply official patch; check and update cryptographic configurations
CVE-2024-38061	Important (CVSS 7.5)	Privilege escalation in DCOM Remote Cross-Session Activation	Apply official patch; restrict DCOM access
Server application
	CVE-2024-38023	Critical (CVSS 7.2)	Remote code execution in Microsoft SharePoint Server	Apply security updates; restrict “Site Owner” permissions; monitor for suspicious activity
CVE-2024-38087	Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; monitor for unusual database activity
Critical (CVSS 8.8)	Remote code execution in SQL Server Native Client OLE DB Provider	Apply security updates; restrict access to SQL Server; watch for unusual database activity		CVE-2024-38088
CVE-2024-38044	Important (CVSS 7.2)	Remote code execution in DHCP server service	Apply official patch; check DHCP server configurations
Development tools
CVE-2024-35264	Important (CVSS 8.1)	Remote code execution in .NET and Visual Studio	Apply official patch; monitor and restrict access to vulnerable systems
Office applications
	CVE-2024-38021	Critical (CVSS 8.8)	Remote code execution in Microsoft Office	Apply security updates; ensure users are careful when clicking on links from untrusted sources
Network services
	CVE-2024-38031	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38067	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38068	Important (CVSS 7.5)	Denial of Service in Windows Online Certificate Status Protocol (OCSP) Server	Apply official patch; implement OCSP stapling if possible
	CVE-2024-38091	Important (CVSS 7.5)	Denial of Service in Microsoft WS-Discovery	Apply official patch; disable WS-Discovery if not needed
CVE-2024-3596	Important (CVSS 7.5)	Spoofing vulnerability in the RADIUS protocol	Apply official patch; implement additional authentication mechanisms
System components
	CVE-2024-38033	Important (CVSS 7.3)	Privilege escalation in PowerShell	Apply official patch; restrict PowerShell execution policies
	CVE-2024-38025	Important (CVSS 7.2)	Remote code execution in the Windows Performance Data Helper Library	Apply official patch; watch out for unusual system performance queries
	CVE-2024-30081	Important (CVSS 7.1)	Spoofing vulnerability in Windows NTLM	Apply official patch; disable NTLM if possible
CVE-2024-38065	Important (CVSS 6.8)	Bypassing security functions in Secure Boot	Apply official patch; ensure physical security of systems

SPSA Features

Posted on June 12, 2024June 12, 2024 by Christl Lang in Unkategorisiert

Secure & proven software based on Apache ^GuacamoleTM

A secure system with Lowest Privileged Access
A secure update and patching infrastructure that keeps your compliance up-to-date
Simple admin interface for managing the appliance
Integrated option to create and store backups of critical data
Integrated performance monitoring with the option of uploading the monitoring data to Skillplan GmbH for evaluation
Support for RDP, SSH, telnet and VNC connections
Integrated user database with MFA support for standard authentication apps such as Microsoft or Google Authenticator
The option to limit user logins in terms of time
Active Directory Single Sign-on (Pro Version)
Azure Active Directory (SAML) Single Sign-on with integration of Conditional Access (Pro Version)
Portal with up to 4 separate SPSA proxies at up to four locations (Pro version
Recording and replay of RDP and SSH sessions via video recording (Pro version)

SPSA Next Steps

Would you like an SPSA performance?
Then please contact sales@skill-plan.com to arrange a demo appointment.

Would you like to try out SPSA during a 30-day trial period?
Then please contact sales@skill-plan.com to register for a test position

Do you have further questions and need individual answers?

Describe your questions to sales@skill-plan.com so that we can prepare for an appointment via Teams or Zoom.

Skillplan GmbH

The most important CVEs of week 29

SPSA Features

SPSA Next Steps

Skillplan Secure Access – Fyler Download German

Skillplan Secure Access – Flyer Download English

Master the KRITIS challenge: a quiz on the BSI regulation

IT security quiz

Which security objective is particularly important in relation to critical infrastructures?

Which organizations fall under the scope of the CRITIS Regulation?

What measures are required under the KRITIS Regulation to ensure IT security?

What sanctions do organizations face if they fail to meet the requirements of the KRITIS Regulation?

Which authority is responsible for implementing the KRITIS Regulation?