CERT-In issues threat alerts for Adobe, Microsoft and others

CERT-In recently released threat alerts for several software, including Adobe and Microsoft products

CERT-In recently released threat alerts for several software, including Adobe and Microsoft products

CERT-In (Computer Emergency Response Team), on its website, has shared several vulnerabilities affecting Citrix, Adobe, Microsoft and Zimbra webmail products. Threat alerts came as part of the organization’s security incident prevention and quality management services.

(Sign up for our technology newsletter, Today’s Cache, for insights into emerging themes at the intersection of technology, business and politics. Click here to subscribe for free.)

Citrix Products

Vulnerabilities in Citrix products are reported to affect Citrix Application Delivery Management (ADM) products and can be used by attackers to cause a security bypass and denial of service on affected systems.

The vulnerability according to the CERT-In report allows attackers to instruct the system to corrupt and reset the administrator password on the next device reboot. “Successful exploitation of this vulnerability could allow a remote attacker to bypass security and cause inappropriate access control on an affected device,” the report said.

The vulnerabilities can also be used to send a specially crafted request to prevent the renewal or issuance of new licenses and can lead to a denial of service on the affected system.

Adobe products

In Adobe products, vulnerabilities have been reported in several software programs that can be exploited by attackers to gain elevated privileges, execute arbitrary code, write arbitrary files to the file system, and cause a memory leak on the targeted system .

According to the report, these vulnerabilities exist due to improper input validation, improper authorization, heap-based buffer overflow and can be exploited by attackers by tricking the victim into opening Specially crafted files or applications that can allow attackers to gain elevated privileges and can be exploited to cause memory leaks. Software updates and security patches from Adobe are cited as a solution to vulnerabilities.

Microsoft products

In Microsoft products, vulnerabilities have been reported in Microsoft Windows, Office Microsoft Net Framework, Microsoft Azure, SharePoint Server, SQL Server, Microsoft 365, Microsoft Visual Studio, Microsoft System Center Operations Manager, and Microsoft Browser.

These vulnerabilities expose affected systems to attacks to access sensitive information, bypass security restrictions, perform denial of service, and perform impersonation attacks or run targeted systems. The report also provided solutions to these vulnerabilities in the form of June 2022 software updates released by Microsoft on their official website.

Zimbra webmail

CERT-In also reported vulnerabilities in Zimbra webmail that can be exploited by attackers to remotely execute arbitrary code and obtain sensitive information about targeted systems. According to the threat report, the vulnerability exists due to Memcached poisoning with unauthenticated requests and can be exploited by sending specially crafted requests to the target system. The vulnerability affects Zimbra version earlier than 9.0.0 P24 and can be fixed with a simple software update.

Previous Indian cyber agency alerts users to several bugs in Adobe, Telecom News, ET Telecom products
Next Gloucester cyberattack: six months since Russian hackers brought the city council to its knees