SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: MSHTML vulnerability exploited in the wild fixed as part of Microsoft security update
Description: Microsoft released its monthly security update Tuesday, disclosing 86 vulnerabilities across the company’s firmware and software. This month’s release is headlined by an official patch for the critical remote code execution vulnerability disclosed earlier this month in MSHTML. CVE-2021-40444 is being actively exploited in the wild, according to Microsoft, and proof-of-concept code is now available, potentially widening the potential for attacks exploiting this vulnerability. The most serious vulnerability is CVE-2021-36965, a remote code execution vulnerability in Windows WLAN. This vulnerability has a severity score of 8.8 out of a possible 10, the same score as CVE-2021-40444. Aside from the aforementioned MSHTML exploit, another critical vulnerability exists in the Windows scripting engine. CVE-2021-26435 could allow an attacker to corrupt memory on the victim machine by tricking the user into opening a specially crafted file or visiting a website containing an attacker-create file designed to exploit this vulnerability.
Snort SIDs: 58120 – 58135
Snort 3 SID: 300049
ClamAV signature: 9891528 (Doc.Exploit.CVE_2021_40444-9891528-0)
Cisco Secure OSQuery: CVE-2021-40444_vulnerability status
Title: Apple patches zero-click vulnerability that opens the door to spyware
Description: Apple released updates for its smart phones, iPads and smart watches this week fixing a vulnerability in its devices that could allow attackers to install the Pegasus spyware. The company pushed the patch shortly after researchers discovered a Saudi Arabian activists’ phone was infected with the spyware via the zero-click vulnerability. If installed, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails and calls and send them back to the NSO Group’s — the Israeli tech firm that created the app — customers. The researchers found that up to 1.65 billion Apple products could have been vulnerable to the Pegasus spyware since March.