Patch Panic Averted: Microsoft Fixes Crashing Domain Controllers After March Mayhem

Feeling crashy and patchy? Windows domain controllers are playing memory leak peek-a-boo since March updates. Microsoft’s oopsie means admins are uninstalling faster than a toddler’s mood swing. Meanwhile, Atlassian does the ‘premature linkulation’ dance again. And just when you sorted your files, AcidPour malware rains on your parade. #InfosecDrama

Hot Take:

Well, folks, it seems Microsoft’s March patches were more like March potholes for Windows Server admins, with memory leaks causing more drama than a reality TV show. And in the land of cybersecurity, Atlassian’s been handing out “Get Attacked Quick” cards faster than Monopoly money. Meanwhile, the wiper malware from the Viasat hack has upgraded – it’s the ‘Terminator 2’ of malware, now targeting more than just modems. And finally, Proofpoint’s report is out here making negligent employees the new cyber boogeymen. Remember, the real threat might just be Karen from accounting forwarding company secrets to her personal email. Oops!

Key Points:

  • Microsoft’s March patches for Windows Server had a memory leak bug that’s been causing spontaneous server siestas.
  • Atlassian’s emailing speed is only matched by its ability to release vulnerabilities with a perfect score of 10.0 on the “Uh-Oh” meter.
  • AcidRain’s sibling, AcidPour, is here to make sure your Linux systems don’t feel left out of the destruction party.
  • A whopping 85% of companies faced data loss last year, and it turns out Bob from HR might be your biggest cyber threat.
  • If you’re a home user, breathe easy – this cyber soap opera is strictly for the enterprise crowd.
Cve id: CVE-2023-46808
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 03/31/2024
Cve description: An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

Title: Path Traversal vulnerability in Franklin Fueling System EVO 550/5000
Cve id: CVE-2024-2442
Cve state: PUBLISHED
Cve assigner short name: icscert
Cve date updated: 03/19/2024
Cve description: Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system.

Cve id: CVE-2023-41724
Cve state: PUBLISHED
Cve assigner short name: hackerone
Cve date updated: 03/31/2024
Cve description: A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Title: pgjdbc SQL Injection via line comment generation
Cve id: CVE-2024-1597
Cve state: PUBLISHED
Cve assigner short name: PostgreSQL
Cve date updated: 02/19/2024
Cve description: pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.

Need to know more?

When Patches Become Glitches

Once upon a time, in the magical land of Microsoft, a patch was released into the wild – only it turned out to be a sheep in wolf's clothing. Aimed at bolstering security, it instead introduced a memory leak that had domain controllers crashing like over-caffeinated stock traders. Microsoft, in a moment of candid humility, admitted to the blunder and sent out a patch faster than you can say "Ctrl-Alt-Delete". But if you're a sysadmin, you might still be playing whack-a-mole with server crashes until you apply the fix.

Email Oopsies and CVSS 10.0 Nightmares

Atlassian, in a daring display of preemptive email enthusiasm, sent out alerts about a dire SQL injection vulnerability before the information was actually available. It's like throwing a surprise party but forgetting the guest of honor. And it's not their first RSVP mishap, either. Meanwhile, Ivanti and Franklin Fueling Systems are handing out patches like candy on Halloween for their own high-scoring vulnerabilities. Remember kids, always check your candy – or in this case, your code.

Malware Sequels: Now with More Linux

Just when you thought it was safe to go back in the network, AcidPour arrives, the sequel to AcidRain, now with new and improved destruction capabilities. This malware has evolved from its modem-bricking days and set its sights on larger Linux systems. While it's still unclear who's been targeted, this malware has an appetite for chaos that could rival any blockbuster villain. Cybersecurity director Rob Joyce is keeping his eyes peeled, and perhaps so should you.

The Insider Threat: Who's in Your Office?

It turns out that the biggest cyber threat might just be sitting a few desks away. Proofpoint's report suggests that the water cooler isn't the only thing employees are spilling – sensitive data is also being leaked thanks to careless clicks and dubious downloads. With privileged users being the VIPs of potential data disasters, it's high time to remind everyone that "share" doesn't always mean "care" when it comes to company data. So maybe hold an office seminar on the dangers of "Reply All" and the allure of phishing expeditions.

So there you have it, a whirlwind tour of the latest cybersecurity snafus and sage advice. Remember, when it comes to infosec, sometimes the call is coming from inside the house. Stay vigilant, stay updated, and maybe, just maybe, keep an extra eye on Karen from accounting.

Tags: AcidRain Malware, Atlassian Vulnerability, Data Loss Prevention, Insider Threat, memory leak, SQL Injection, Windows Server Patch