VulnRecap 2/19/24 – News from Microsoft, Zoom, & SolarWinds

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

While this week was a little light on vulnerability news, it’s still been significant, with Microsoft’s Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco products, and SolarWinds patched some remote code execution flaws in its Access Rights Manager product.

Your IT teams should regularly check your vendors’ security bulletins for any vulnerability news or updates. Also keep an eye on the last few weeks’ vulnerability recaps, especially because we’ve seen repeat products that continue to be exploited.

February 13, 2024

Zoom Fixes Critical Vulnerability in Windows Products

Type of vulnerability: Improper input validation.

The problem: Zoom recently patched a flaw that affected three of its Windows-facing software products: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The vulnerability, an improper input validation flaw, could permit unauthenticated users to access a network and then escalate their privileges.

The vulnerability CVE is CVE-2024-24691. It’s rated as critical, with a score of 9.6.

Zoom’s security bulletin listed the following affected products:

  • Zoom Desktop Client for Windows before version 5.16.5
  • Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
  • Zoom Rooms Client for Windows before version 5.17.0
  • Zoom Meeting SDK for Windows before version 5.16.5

The fix: The most recent version of the Zoom client fixes this vulnerability. Users can download it manually by navigating to Zoom’s download page, or automatically by opting to download the latest version when Zoom prompts them to do so.

Microsoft Patch Tuesday Fixes 73 Vulnerabilities

Type of vulnerability: Multiple vulnerabilities, including remote code execution and privilege escalation.

The problem: Microsoft patched 73 vulnerabilities in its most recent Patch Tuesday event, which occurs every month. Among the vulnerabilities is CVE-2024-21412, an Internet Shortcut Files flaw that allows an unauthenticated attacker to send a malicious file to a user. It bypasses Internet Shortcut Files’ security measures.

The fix: Review Microsoft’s list of released updates and associated CVEs to determine which products need to be patched. For CVE-2024-21412 specifically, a user has to click the link for the attack to occur. Ensure that team members don’t open links without verifying directly with the sender.

Does your business need a quick, reliable way to find vulnerabilities? Read our picks for the best vulnerability scanning tools for quality products and key features to consider.

February 15, 2024

Akira Ransomware Affects Old Vulnerability in Cisco Products

Type of vulnerability: Remote unauthenticated access and potential credential data theft.

The problem: Researchers at cybersecurity company Truesec uncovered data that indicated Akira ransomware might be exploiting an old vulnerability within Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). Appliances with affected software must have Anyconnect SSL VPN enabled on whichever interface is exposed to the internet for an attack to occur.

The vulnerability, CVE-2020-3259, was first discovered in May 2020. It allows remote unauthenticated threat actors to steal data from a device’s memory, including credential data. On Thursday, February 15, the Cybersecurity and Infrastructure Security Agency added the vulnerability to its catalog after reports that it might be actively exploited again.

Akira is a particularly dangerous brand of ransomware. Palo Alto’s Unit 42 research team said that Akira led the number of ransomware posts from new leak sites in 2023. Akira also has potential ties to Conti, another ransomware group, through cryptocurrency transactions, according to Unit 42.

The fix: Cisco provides upgrade recommendations for the following affected versions:

Cisco ASA Software infotable.
Cisco ASA Software infotable
Cisco FTD Software infotable.
Cisco FTD Software infotable

Truesec recommends:

  • Implementing MFA wherever possible, especially on client VPN connections
  • Changing passwords, secrets, and preshared keys
  • Enabling logging
  • Patching the software to a nonvulnerable version

February 16, 2024

SolarWinds Patches 5 RCE Vulnerabilities in Access Rights Manager

Type of vulnerability: Remote code execution.

The problem: SolarWinds recently patched five remote code execution vulnerabilities in its Access Rights Manager product, which provisions, deprovisions, and manages employee access rights. Three of the vulnerabilities have a critical CVE rating. The vulnerabilities affect version v2023.2 of Access Rights Manager. SolarWinds recently fixed the vulnerabilities.

Amongst the flaws were deserialization of untrusted data RCE, directory traversal RCE, and traversal RCE. The CVEs are CVE-2023-40057, CVE-2024-23476, CVE-2024-23477, CVE-2024-23478, and CVE-2024-23479.

The fix: Upgrade all older versions of Access Rights Manager to 2023.2.3, which fixes all five of the RCE vulnerabilities.

February 19, 2024

ExpressVPN Split Tunneling Disabled after Discovered Vulnerability

Type of vulnerability: DNS traffic leak.

The problem: A VPN expert recently gave Express VPN a tip about its split tunneling feature, which allows some traffic to pass through the VPN and blocks other traffic. The DNS traffic wasn’t traveling to the ExpressVPN servers like it was supposed to, but instead to a third-party server. The vulnerability exists in ExpressVPN Version 12 for Windows. ExpressVPN temporarily disabled split tunneling on that platform. 

The split tunneling feature will remain inactive until ExpressVPN engineers have time to research and mitigate the issue, according to the vendor. ExpressVPN first published the bulletin about this vulnerability early in February but updated it in the middle of the month.

If teams need to use the split tunneling feature, they can use Version 10 of ExpressVPN, which doesn’t have the same flaw.

The fix: ExpressVPN disabled split tunneling in Version 12, so it’ll no longer be an issue for that product.

Read next:

Featured Partners: Vulnerability Management Software

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jenna Phipps Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis