1. CVE-2022-40139

Severity - High

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

More details : https://vi.strobes.co/cve/CVE-2022-40139

Zeroday references:

• https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
• https://www.zero-day.cz/database/718

Patch references:

1. https://www.cybersecurity-help.cz/vdb/SB2022091318
2. https://success.trendmicro.com/solution/000291528

2. CVE-2022-40139

Severity - High

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.

More details : https://vi.strobes.co/cve/CVE-2022-37969

Zeroday references:

• https://www.zero-day.cz/database/719

Patch references:

1. https://www.cybersecurity-help.cz/vdb/SB2022091342
2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969
3. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017367
4. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017365
5. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017370
6. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017377
7. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017361
8. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017373
9. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017358
10. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017371
11. https://support.microsoft.com/help/5017367
12. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017305
13. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017327
14. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017308
15. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017328
16. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017392
17. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017316
18. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5017315

3. CVE-2022-37042

Severity - Critical

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

More details : https://vi.strobes.co/cve/CVE-2022-37042

Exploit references:‍

1. https://github.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925
2. https://github.com/aels/CVE-2022-37042
3. https://github.com/projectdiscovery/nuclei-templates/tree/master/cves/2022/CVE-2022-37042.yaml
4. http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html

Zeroday references:

• https://us-cert.cisa.gov/ncas/alerts/aa22-228a

Patch references:

1. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
2. https://wiki.zimbra.com/wiki/Security_Center

4. CVE-2022-35804

Severity - High

SMB Client and Server Remote Code Execution Vulnerability.

More details: https://vi.strobes.co/cve/CVE-2022-35804

Zeroday references:

• https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/

Patch references:

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35804

5. CVE-2022-34715

Severity - Critical

Windows Network File System Remote Code Execution Vulnerability.

More details : https://vi.strobes.co/cve/CVE-2022-34715

Zeroday references:

• https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/

Patch references:

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715

‍

Zero-Day Attack Prevention:

These exploits are unpredictable, zero-day protection is necessary. Here are some suggestions regarding how to safeguard your software and vulnerable programmes from zero-day attacks.

• Once the security patches are available, update all programmes and software.
• Web application software must be employed to secure the website. You are capable of precisely detecting attacks.
• Install a security package for the internet. It often comprises default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing techniques.
• Operate on sites that are secured with Secure Socket Layer (SSL).
• Go for multiple layer protection with Web application firewalls
• Protect the content of individual transmissions with the help of Virtual LANs.

Stay ahead of threats using Strobes:

Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild.

‍