Critical Patches Issued for Microsoft Products
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
- Many popular Microsoft products including, but not limited to, Windows, Office, and Edge
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all Microsoft products have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in Google Chrome
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
- Chrome prior to 138.0.7204.96/.97 for Windows
- Chrome prior to 138.0.7204.92/.93 for Mac
- Chrome prior to 138.0.7204.92 for Linux
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all devices using Google Chrome have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
A Vulnerability in FortiWeb
Could Allow for Remote Code Execution
A vulnerability has been discovered for FortiWeb, which could allow for SQL injection. FortiWeb is a web application firewall (WAF) developed by Fortinet. It's designed to protect web applications and APIs from a wide range of attacks, including those targeting known vulnerabilities and zero-day exploits. Successful exploitation of this vulnerability could allow for SQL injection attacks that could lead to arbitrary code execution in the context of the system.
Affected Systems:
- FortiWeb 7.6 versions 7.6.0 through 7.6.3
- FortiWeb 7.4 7.4.0 versions through 7.4.7
- FortiWeb 7.2 7.2.0 versions through 7.2.10
- FortiWeb 7.0 7.0.0 versions through 7.0.10
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all devices using FortiWeb have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Prompt Injection Flaw Can Force Google’s Gemini
to Present Phishing Messages
BleepingComputer reports that a prompt injection attack can force Google's Gemini to write phishing messages in AI-generated email summaries. A researcher who disclosed the attack through Mozilla's 0DIN bug bounty program found that attackers can include invisible text in an email that instructs Gemini to prioritize including specific text in its summary. 0DIN explains, "When the recipient clicks 'Summarize this email,' Gemini faithfully obeys the hidden prompt and appends a phishing warning that looks as if it came from Google itself."
US Justice Department Shutters
Suspected North Korean Laptop Farms
The US Justice Department announced raids against 29 laptop farms across 16 states in an operation targeting North Korea's fraudulent IT worker schemes. The operation resulted in the seizure of 29 financial accounts used for money laundering, 21 websites, and around 200 computers. The Justice Department also arrested a US citizen and indicted several Chinese, Taiwanese, and North Korean nationals in connection with the schemes.
The DOJ stated, "[C]ertain U.S.-based individuals enabled one of the schemes by creating front companies and fraudulent websites to promote the bona fides of the remote IT workers, and hosted laptop farms where the remote North Korean IT workers could remote access into U.S. victim company-provided laptop computers. Once employed, the North Korean IT workers received regular salary payments, and they gained access to, and in some cases stole, sensitive employer information such as export controlled U.S. military technology and virtual currency."
