Two bugs affecting networks have been disclosed by Cisco this week. 

The first vulnerability is in the logic that handles access controls to one of the hardware components in Cisco’s proprietary Secure Boot implementation. The vulnerability could allow an authenticated local attacker to “write a modified firmware image to the component”. Cisco have confirmed that software updates will be released to address the vulnerability.  

The detail of how the vulnerability came to be and future updates can be found on the relevant Cisco advisory. 

The second vulnerability sits in the Cisco IOS XE operating system which is used to power enterprise wired and wireless access, aggregation, core and WAN products. Cisco explained that it occurs when “the affected software improperly sanitizes user-supplied input.” Unlike the first vulnerability, there is already a software update that will address this vulnerability and those affected should ensure this update is applied.  

Further information and updates on this vulnerability can be found on Cisco’s advisory. 

The NCSC always advises that the latest software and security updates are applied to ensure the risk of vulnerabilities is kept to a minimum. 

WhatsApp vulnerability – update your devices

Users of WhatsApp have been encouraged to download the latest update this week. 

security advisory from Facebook, who run the messaging service, told users to update the app as a precaution. 

The NCSC also published advice for users on Tuesday which outlined affected devices and gave some steps on how to ensure updates were triggered. 

In general, the NCSC recommends switching on automatic updates and keeping devices such as laptops, tablets and phones secure by using installing the latest security updates. 

Further tips on staying secure online can be found here. 

Organisations urged to patch Microsoft SharePoint

The Canadian Cyber Security Centre and Saudi Arabian National Cyber Security Centre have published advisories warning on the active exploitation of an exploit that grants remote code execution against Microsoft SharePoint. 

Security researchers have reportedly identified compromised systems belonging to the academic, utility, heavy industry, manufacturing and technology sectors.  

Microsoft released security updates addressing this vulnerability in February and March 2019; however, many systems remain outdated. 

The following versions of Microsoft SharePoint are known to be affected: 

  • Microsoft SharePoint Enterprise Server 2016 
  • Microsoft SharePoint Foundation 2013 SP1 
  • Microsoft SharePoint Server 2010 SP2 
  • Microsoft SharePoint Server 2019 

Patching is one of the most important things an organisation can do to mitigate vulnerabilities. The NCSC recommends that organisations perform vulnerability assessment of their entire estate on a monthly basis. Read more about vulnerability management here 

We have also published a blog post suggesting some server-related reading from our published guidance.  

Fix released for Windows vulnerability discovered by NCSC

Microsoft has released a fix for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows.  

Microsoft has credited the National Cyber Security Centre for privately reporting the vulnerability. For background, NCSC works with vendors to help mitigate critical security issues before they cause real harm. We have a history of disclosing vulnerabilities to major software vendors and the disclosure of CVE-2019-0708 to Microsoft is an example of that. 

There is currently no observed exploitation of this vulnerability, however it poses a serious threat. Microsoft have taken the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows. 

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. Patches for Windows XP and Server 2003 must be applied manually and are available here.