SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Vulnerability with 9.8 severity score under attack on VMware products
Description: VMware issued a warning Friday alerting users to protect against exploitation of a severe vulnerability in its vSphere Client’s Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. An attacker with network access to this service can exploit this vulnerability to gain remote code execution on the affected vCenter Server. The vulnerability, tracked as CVE-2021-21985, exists in the software that allows users to manage virtualization in large data centers. VMware warned users in an advisory earlier this month that vCenter machines using the default configurations contained the vulnerability. An attacker could exploit this vulnerability to execute malicious code on machines that are connected to vCenter and are exposed to the internet. The vulnerability has a CVSS severity rating of 9.8 out of 10.
Snort SIDs: 57720
Title: Microsoft patches 49 vulnerabilities as part of monthly security update
Description: Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products, breaking last month’s 16-month record of the fewest vulnerabilities disclosed in a month by the company. There are only four critical vulnerabilities patched in this month, while all the other ones are considered “important.” However, there are several vulnerabilities that Microsoft states are being actively exploited in the wild. One of the critical vulnerabilities this month exists in the Windows Defender anti-malware software. CVE-2021-31985 could allow an attacker to execute remote code on the targeted machine. However, Microsoft stated the vulnerability, along with others identified in Windows Defender this month, will be updated automatically. Users can verify the update was downloaded and installed by verifying steps Microsoft outlined in its advisory.
Snort SIDs: 49388, 49389, 57722 - 57727, 57730 - 57733, 57735 and 57736