Alert Level: Elevated

Multiple Vulnerabilities in Cisco Jabber Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-039

DATE(S) ISSUED:

03/25/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Cisco Jabber the most severe of which could allow for arbitrary code execution. Cisco Jabber provides instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing on any device. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Applications configured to have fewer restrictions on the system could be less impacted than those who operate with elevated privileges.
Multiple Vulnerabilities in Cisco Jabber Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-038

DATE(S) ISSUED:

03/24/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR) and Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution

A Vulnerability in WebKitGTK and WPE WebKit Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-027

DATE(S) ISSUED:

02/17/2021

OVERVIEW:

A vulnerability has been discovered in WebKitGTK and WPE WebKit which could allow for arbitrary code execution.

• WebKitGTK is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
• WPE is the reference WebKit port for embedded and low-consumption computer devices.

Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
A Vulnerability in WebKitGTK and WPE WebKit Could Allow for Arbitrary Code Execution

 

• HackTool:Win32/AutoKMS
• HackTool:Win64/AutoKMS
• Trojan:Win32/CryptInject!ml
• HackTool:Win32/Keygen
• HackTool:MSIL/AutoKms

Shlayer
Agent Tesla
Snugy
ZeuS
Dridex
Nanocore
Gh0st
CoinMiner
Danabot
Mirai