From 378bd91f4779faf01ad2baac6349b5d370f13cef Mon Sep 17 00:00:00 2001 From: "Joshua Hitchen (DGov)" <86041569+DGovEnterprise@users.noreply.github.com> Date: Thu, 1 Feb 2024 02:32:59 +0000 Subject: [PATCH 1/6] fixing issues with overview text --- ...40131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md b/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md index d89cade6..53b3be5b 100644 --- a/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md +++ b/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md @@ -2,7 +2,7 @@ ## Overview -CISA has released new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices ([CVE-2023-46805](https://nvd.nist.gov/vuln/detail/CVE-2023-46805) and [CVE-2024-21887](https://nvd.nist.gov/vuln/detail/CVE-2024-21887)). +CISA has released new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices [CVE-2023-46805](https://nvd.nist.gov/vuln/detail/CVE-2023-46805) and [CVE-2024-21887](https://nvd.nist.gov/vuln/detail/CVE-2024-21887). ## What is vulnerable? From 177dcfe4ee03afbe7eabf6e0d7f9134bc7153d7d Mon Sep 17 00:00:00 2001 From: "Joshua Hitchen (DGov)" <86041569+DGovEnterprise@users.noreply.github.com> Date: Thu, 1 Feb 2024 04:26:03 +0000 Subject: [PATCH 2/6] Title correction --- ...40131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md b/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md index 53b3be5b..1356457c 100644 --- a/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md +++ b/docs/advisories/20240131002-Mitigation-Defend-Against-Exploitation-of-Ivanti.md @@ -1,4 +1,4 @@ -# New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways - 20240131002 +# Updated Mitigations to Defend Against Exploitation of Ivanti services - 20240131002 ## Overview From 6c616d83e26573a48b4a87ec5f2eab38d060eb03 Mon Sep 17 00:00:00 2001 From: TWangmo <125948963+TWangmo@users.noreply.github.com> Date: Thu, 1 Feb 2024 13:26:34 +0800 Subject: [PATCH 3/6] 20240131003-Microsoft-Security-Updates (#494) * 20240129001-Microsoft-Edge-(Chromium-based)-Elevation-of-Privilege-Vulnerability * Format markdown files * 20240129002-GitLab-Arbitrary-File-Write-Vulnerability * Update 20240129001-Microsoft-Edge-(Chromium-based)-Elevation-of-Privilege-Vulnerability.md Remove brackets in title * Format markdown files * 20240129001-Microsoft-Edge-Elevation-of-Privilege-Vulnerability * Update 20240129002-GitLab-Arbitrary-File-Write-Vulnerability.md fix heading * Format markdown files * 20240131003-Microsoft-Security-Updates * Format markdown files --------- Co-authored-by: GitHub Actions Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> --- .../20240131003-Microsoft-Security-Updates.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 docs/advisories/20240131003-Microsoft-Security-Updates.md diff --git a/docs/advisories/20240131003-Microsoft-Security-Updates.md b/docs/advisories/20240131003-Microsoft-Security-Updates.md new file mode 100644 index 00000000..9a15a112 --- /dev/null +++ b/docs/advisories/20240131003-Microsoft-Security-Updates.md @@ -0,0 +1,28 @@ +## Microsoft Security Updates - 20240131003 + +## Overview + +Microsoft has released security updates that addresses vulnerabilities in two of their products with security feature bypass vulnerability. An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure. + +## What is vulnerable? + +| Product(s) Affected | Summary | Severity | CVSS | +| ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ---- | +| [Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056) | Security Feature Bypass vulnerability. An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server. | **High** | 8.7 | +| [NET, .NET Framework, and Visual Studio](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057) | Security Feature Bypass Vulnerability. An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure. | **Critical** | 9.8 | + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month* (refer [Patch Management](../guidelines/patch-management.md)): + +- [Microsoft security update guide CVE-2024-0056 ](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056) +- [Microsoft security update guide CVE-2024-0057](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057) + +## Additional References + +- [NIST vulnerability CVE-2024-0056](https://nvd.nist.gov/vuln/detail/CVE-2024-0056) +- [NIST vulnerability CVE-2024-0057](https://nvd.nist.gov/vuln/detail/CVE-2024-0057) From 6e126f0c7729559b6a34b155c9c550876ffe6844 Mon Sep 17 00:00:00 2001 From: "Joshua Hitchen (DGov)" <86041569+DGovEnterprise@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:32:32 +0000 Subject: [PATCH 4/6] Fix title --- docs/advisories/20240131003-Microsoft-Security-Updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advisories/20240131003-Microsoft-Security-Updates.md b/docs/advisories/20240131003-Microsoft-Security-Updates.md index 9a15a112..0799bbdc 100644 --- a/docs/advisories/20240131003-Microsoft-Security-Updates.md +++ b/docs/advisories/20240131003-Microsoft-Security-Updates.md @@ -1,4 +1,4 @@ -## Microsoft Security Updates - 20240131003 +# Microsoft Security Updates - 20240131003 ## Overview From c7475614d5bcb5f9f2992b65e91b63ffbedb59b9 Mon Sep 17 00:00:00 2001 From: "Joshua Hitchen (DGov)" <86041569+DGovEnterprise@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:33:14 +0000 Subject: [PATCH 5/6] Fix template for header issues --- docs/markdown-templates/Advisory-vulnerability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown-templates/Advisory-vulnerability.md b/docs/markdown-templates/Advisory-vulnerability.md index ff269237..6984aa1d 100644 --- a/docs/markdown-templates/Advisory-vulnerability.md +++ b/docs/markdown-templates/Advisory-vulnerability.md @@ -1,4 +1,4 @@ -## \[Advisory Title\] - 2024MMDD000 +# \[Advisory Title\] - 2024MMDD000 ## Overview From 5e89f962a8dd47f7ced1a6e25743e3ce3c7bdc57 Mon Sep 17 00:00:00 2001 From: "Joshua Hitchen (DGov)" <86041569+DGovEnterprise@users.noreply.github.com> Date: Thu, 1 Feb 2024 05:33:58 +0000 Subject: [PATCH 6/6] update to overview template --- docs/markdown-templates/Advisory-vulnerability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown-templates/Advisory-vulnerability.md b/docs/markdown-templates/Advisory-vulnerability.md index 6984aa1d..8159961b 100644 --- a/docs/markdown-templates/Advisory-vulnerability.md +++ b/docs/markdown-templates/Advisory-vulnerability.md @@ -2,7 +2,7 @@ ## Overview -The WA SOC has observed… +The WA SOC has been made aware… Describe the threat to organisation's application/ environment/ security/ operational continuity