From security em unicamp.br  Fri Feb  2 09:12:17 2024
From: security em unicamp.br (CSIRT Unicamp)
Date: Fri, 2 Feb 2024 09:12:17 -0300
Subject: [SECURITY-L] Critical Updates for Multiple Vulnerabilities
 Affecting Docker-related Components
Message-ID: <CAEsueBNbmwyWm4K4LvO=PaxCfJyJgRugkDwBsj-wpwz7_3CBww@mail.gmail.com>

Alert
Moby and Open Container Initiative Release Critical Updates for Multiple
Vulnerabilities Affecting Docker-related Components
Release Date
February 01, 2024
Related topics:
Cyber Threats and Advisories

Moby and the Open Container Initiative (OCI) have released updates for
multiple vulnerabilities (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653,
CVE-2024-21626) affecting Docker-related components, including Moby
BuildKit and OCI runc. A cyber threat actor could exploit these
vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the advisories from Moby
BuildKit
(CVE-2024-23651, CVE-2024-23652, CVE-2024-23653) and OCI runc
(CVE-2024-21626), as well as the Snyk blog post

CVE-2024-23651 <https://nvd.nist.gov/vuln/detail/CVE-2024-23651> Score 8,7
High
CVE-2024-23652 <https://nvd.nist.gov/vuln/detail/CVE-2024-23652>Score 10
Critical
CVE-2024-23653 <https://nvd.nist.gov/vuln/detail/CVE-2024-23653>Score 9,8
Critical
CVE-2024-21626 <https://nvd.nist.gov/vuln/detail/CVE-2024-21626> Score 8,6
High




===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20240202/96e771c0/attachment-0001.html>

From security em unicamp.br  Thu Feb 15 09:21:46 2024
From: security em unicamp.br (CSIRT Unicamp)
Date: Thu, 15 Feb 2024 09:21:46 -0300
Subject: [SECURITY-L] Fwd: ISC Releases Security Advisories for BIND 9
In-Reply-To: <16856570.301071@messages.cisa.gov>
References: <16856570.301071@messages.cisa.gov>
Message-ID: <CAEsueBM1KfOr4xEbb0whBZ5C6HY2PG_xkBA5fO-A+3r7iM=rMw@mail.gmail.com>

===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830


---------- Forwarded message ---------
De: CISA <CISA em messages.cisa.gov>
Date: ter., 13 de fev. de 2024 às 15:15
Subject: ISC Releases Security Advisories for BIND 9
To: <security em unicamp.br>


[image: Cybersecurity and Infrastructure Security Agency (CISA)]

You are subscribed to Cybersecurity Advisories for Cybersecurity and
Infrastructure Security Agency. This information has recently been updated
and is now available.


ISC Releases Security Advisories for BIND 9
<https://www.cisa.gov/news-events/alerts/2024/02/13/isc-releases-security-advisories-bind-9>
02/13/2024 1:10 PM EST

The Internet Systems Consortium (ISC) released security advisories to
address vulnerabilities affecting multiple versions of ISC?s Berkeley
Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of
these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the following advisories
and apply the necessary updates:

   - CVE-2023-50868 <https://kb.isc.org/docs/cve-2023-50868>
   - CVE-2023-50387 <https://kb.isc.org/docs/cve-2023-50387>
   - CVE-2023-6516 <https://kb.isc.org/docs/cve-2023-6516>
   - CVE-2023-5680 <https://kb.isc.org/docs/cve-2023-5680>
   - CVE-2023-5679 <https://kb.isc.org/docs/cve-2023-5679>
   - CVE-2023-5517 <https://kb.isc.org/docs/cve-2023-5517>
   - CVE-2023-4408 <https://kb.isc.org/docs/cve-2023-4408>

This product is provided subject to this Notification
<https://www.cisa.gov/notification> and this Privacy & Use
<https://www.cisa.gov/privacy-policy> policy.

Having trouble viewing this message? View it as a webpage
<https://content.govdelivery.com/accounts/USDHSCISA/bulletins/38a5904>.
<https://content.govdelivery.com/accounts/USDHS/bulletins/292141e>

You are subscribed to updates from the Cybersecurity and Infrastructure
Security Agency <https://www.cisa.gov> (CISA)
Manage Subscriptions
<https://public.govdelivery.com/accounts/USDHSCISA/subscriber/edit?preferences=true#tab1>
  |  Privacy Policy <https://www.cisa.gov/privacy-policy>  |  Help
<https://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center>
<https://insights.govdelivery.com/Communications/Subscriber_Help_Center>

Connect with CISA:
Facebook <https://www.facebook.com/CISA>  |  Twitter
<https://twitter.com/CISAgov>  |  Instagram <https://Instagram.com/cisagov>
|  LinkedIn
<https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency>
|   YouTube <https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A>
------------------------------
This email was sent to security em unicamp.br using GovDelivery Communications
Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707
17th St, Suite 4000 · Denver, CO 80202 [image: GovDelivery logo]
<https://subscriberhelp.granicus.com/>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20240215/3e0fc6a1/attachment.html>

From security em unicamp.br  Thu Feb 15 16:45:16 2024
From: security em unicamp.br (CSIRT Unicamp)
Date: Thu, 15 Feb 2024 16:45:16 -0300
Subject: [SECURITY-L] =?utf-8?q?=5BRNP/CAIS_Alerta_=230137=5D_Vulnerabili?=
	=?utf-8?q?dade_de_eleva=C3=A7=C3=A3o_de_privil=C3=A9gio_no_Microso?=
	=?utf-8?q?ft_Exchange_Server?=
Message-ID: <CAEsueBODcyaRKtigR=9Din_d2KutVvS0MA--U5c--QLhRs9xpg@mail.gmail.com>

CAIS-Alerta [15-02-2024]: Vulnerabilidade de elevação de privilégio no
Microsoft Exchange Server


Prezados(as),
O CAIS alerta a comunidade de segurança cibernética para uma
vulnerabilidade crítica divulgada pela Microsoft. Registrada como
CVE-2024-21410 e com uma pontuação CVSS de 9.8, essa falha pode permitir
que um agente malicioso obtenha privilégios elevados e execute operações no
servidor que hospeda o software Microsoft Exchange Server em nome da vítima.

Até a última revisão deste alerta, não foram identificados códigos capazes
de explorar esta vulnerabilidade.

1) Produto(s) e versões afetadas;
2) Identificadores CVE (http://cve.mitre.org);
3) Descrição da vulnerabilidade;
4) Mitigação e correções disponíveis; e
5) Mais informações.

1) Produto e versões afetadas:

Produto
Microsoft Exchange Server 2019

Versões afetadas
15.02.0 até 15.2.1544.004, impactadas pelas atualizações cumulativas 13 e
14.

2) Identificadores CVE (http://cve.mitre.org):

CVE-2024-21410

3) Descrição da vulnerabilidade:

A exploração bem-sucedida dessa vulnerabilidade pode permitir que um agente
malicioso retransmita com êxito o hash Net-NTLMv2 vazado de um usuário para
um Exchange Server vulnerável, possibilitando a autenticação como o
usuário. Isso pode resultar na realização de operações no servidor Exchange
em nome da vítima.

4) Mitigação e correções disponíveis:

Para mitigar a vulnerabilidade, ative a Proteção Estendida (EP) usando a
configuração CU14 nos servidores Exchange 2019. Em outras versões do
Exchange com suporte, ativar o EP resolve o CVE em questão. Recomenda-se
fortemente aplicar as atualizações fornecidas pelo fabricante
disponibilizadas em:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410.

5) Mais informações:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection
https://microsoft.github.io/CSS-Exchange/Security/ExchangeExtendedProtectionManagement/
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/extendedprotection/
https://thehackernews.com/2024/02/critical-exchange-server-flaw-cve-2024.html
https://www.bleepingcomputer.com/news/security/microsoft-new-critical-exchange-bug-exploited-as-zero-day/#google_vignette

O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as últimas versões e
correções oferecidas pelos fabricantes.

Os alertas do CAIS também podem ser acompanhados pelas redes sociais da
RNP. Siga-nos!!
Twitter: @caisRNP
Facebook: facebook.com/RedeNacionaldeEnsinoePesquisaRNP.

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       https://www.rnp.br/sistema-rnp/cais   #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponível   https://www.rnp.br/cais/cais-pgp.key  #
################################################################
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20240215/f93249a5/attachment.html>