Cybersecurity

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center's Vulnerability Note VU#465632 and consider the workarounds until an update is available.

The NCCIC has published an advisory on an improper input validation vulnerability in Rockwell Automation EtherNet/IP Web Server Modules. For 1756-EWEB (includes 1756-EWEBK), versions 5.001 and prior are affected. For CompactLogix 1768-EWEB, versions 2.005 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service. Rockwell Automation recommends that affected users disable the SNMP service if not in use.

The NCCIC has published an advisory on stack-based buffer overflow, heap-based buffer overflow, and memory corruption vulnerabilities in WECON LeviStudioU. Versions 1.8.56 and prior are affected. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code. WECON has produced an updated version to fix the reported problems. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.

An article in Risk Management provides an overview of a software supply chain and describes how an attack against one could occur. The article observes that even companies with robust cybersecurity programs can be vulnerable to these attacks, which can be perpetrated by an adversary inserting malicious code into an otherwise legitimate software application. These activities can lead to data leaks or even physical effects, with threat actors potentially gaining access to an organization’s network.