Samba Security Vulnerability(CVE-2022-42898)

Samba has released versions 4.17.3, 4.16.7, and 4.15.12 to fix a security vulnerability(CVE-2022-42898) on 32-bit systems. Based on the released statement by Samba, all versions of Samba prior to 4.15.12, 4.16.7, and 4.17.3 are affected by this security flaw. ______________________________ A. Nature of the Vulnerability CVE-2022-42898 Samba’s Kerberos libraries and AD DC failed to guard continue reading : Samba Security Vulnerability(CVE-2022-42898)

OpenSSL Vulnerabilities(CVE-2022-3786 and CVE-2022-3602)

______________________________ A. Nature of the Vulnerability X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate continue reading : OpenSSL Vulnerabilities(CVE-2022-3786 and CVE-2022-3602)

Zero-Day Vulnerability in Google Chrome(CVE-2022-3723)

______________________________ A. Nature of the Vulnerability CVE-2022-3723 A type-confusion flaw in the Chrome V8 JavaScript engine.  As of the time of writing, no further information is available regarding this vulnerability. ______________________________ B. Actions to be Taken CERT-PH encourages all Google Chrome users/administrators to review and apply the updates to mitigate future threats. To manually check continue reading : Zero-Day Vulnerability in Google Chrome(CVE-2022-3723)

Critical Vulnerability in FortiOS and FortiProxy (CVE-2022-40684)

Fortinet has released a security update to address a critical vulnerability (CVE-2022-40684) in its FortiOS and FortiProxy products. Based on the internal advisory shared on social media, “Fortinet strongly recommends all customers with the vulnerable version to perform an immediate upgrade”. ______________________________ A. Nature of the Vulnerability CVE-2022-40684 Successful exploitation may allow an authenticated attacker continue reading : Critical Vulnerability in FortiOS and FortiProxy (CVE-2022-40684)

Microsoft Exchange Server Zero-Day Vulnerability (CVE-2022-41040 and CVE-2022-41082)

______________________________ A. Nature of the Vulnerability CVE-2022-41040  Successful exploitation could allow an authenticated attacker to trigger CVE-2022-41082 remotely in these attacks. CVE-2022-41082 Successful exploitation could allow remote code execution (RCE) when PowerShell is accessible to the attacker. ______________________________ B. Affected Version Microsoft Exchange Server 2013, 2016 and 2019 ______________________________ C. Actions to be Taken CERT-PH continue reading : Microsoft Exchange Server Zero-Day Vulnerability (CVE-2022-41040 and CVE-2022-41082)