SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: BIG-IP vulnerability could lead to arbitrary code execution
Description: A recently disclosed vulnerability in F5 Networks' BIG-IP could allow an unauthenticated attacker to access the BIG-IP system to execute arbitrary system commands, create and delete files, disable services and could lead to additional malicious activity. This vulnerability, tracked as CVE-2022-1388 is an authentication bypass vulnerability in F5's BIG-IP modules affecting the iControl REST component. BIG-IP is F5's line of appliances that organizations use as load balancers, firewalls, and for inspection and encryption of data passing in to and out of networks. The vulnerability has a CVSS score of 9.8 out of a possible 10 and is considered critical.
References: https://blog.talosintelligence.com/2022/05/threat-advisory-critical-f5-big-ip-vuln.html
Snort 2 SID: 59735
Snort 3 SID: 300131
Title: Microsoft fixes more than 70 vulnerabilities as part of May Patch Tuesday
Description: Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft disclosed more than 140 security issues in April. The point-to-point tunneling feature in Windows contains two of the most serious vulnerabilities that could allow an attacker to execute remote code on a targeted RAS server machine. While CVE-2022-21972 and CVE-2022-23270 are rated “critical,” Microsoft stated the attack complexity is high since an adversary needs to win a race condition, making it less likely an attacker could exploit these issues. CVE-2022-26931 and CVE-2022-26923 are elevation of privilege vulnerabilities in Windows Kerberos and Windows Active Directory, respectively. They both are considered critical, though CVE-2022-26931 is considered less likely to be exploited because it has a higher attack complexity.
References: https://blog.talosintelligence.com/2022/05/microsoft-patch-tuesday-for-may-2022.html
Snort 2 SIDs: 59726 - 59728, 59730, 59731, 59733, 59734, 59737 and 59738
Snort 3 SIDs: 300125, 300126, 300128, 300129, 300130, 300133 and 300134 - 300137.