1. CVE-2023-23560
Severity – Critical
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation..
More details : https://vi.strobes.co/cve/CVE-2023-23560
Zero day references:
Patch references:
- https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
- https://support.lexmark.com/alerts/
2. CVE-2023-22952
Severity – High
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
More details : https://vi.strobes.co/cve/CVE-2023-22952
Zero day references:
- https://sugarclub.sugarcrm.com/explore/product-updates/b/sugar-sell-updates/posts/january-4-2023-critical-security-hotfix
- https://www.zero-day.cz/database/742
Patch references:
- https://www.cybersecurity-help.cz/vdb/SB2023011122
- https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/
3. CVE-2023-21674
Severity – High
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.
More details : https://vi.strobes.co/cve/CVE-2023-21674
Zeroday references:
Patch references:
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022352
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022346
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022289
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022297
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022282
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022303
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022287
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022291
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022286
- https://www.cybersecurity-help.cz/vdb/SB2023011042
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674
4. CVE-2022-44698
Severity – Medium
Windows SmartScreen Security Feature Bypass Vulnerability.
More details: https://vi.strobes.co/cve/CVE-2022-44698
Zero day references:
Patch references:
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021235
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021233
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021234
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021249
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021237
- https://www.cybersecurity-help.cz/vdb/SB2022121336
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44698
5. CVE-2022-42856
Severity – High
More details :https://vi.strobes.co/cve/CVE-2022-42856
Zero day references:
Patch references:
- https://www.cybersecurity-help.cz/vdb/SB2022121376
- https://support.apple.com/en-us/HT213531
- https://support.apple.com/en-us/HT213532
- https://support.apple.com/en-us/HT213537
- https://support.apple.com/en-us/HT213516
- https://support.apple.com/en-us/HT213535
Zero-Day Attack Prevention:
These exploits are unpredictable, zero-day protection is necessary. Here are some suggestions regarding how to safeguard your software and vulnerable programs from zero-day attacks.
- Once the security patches are available, update all programs and software.
- Web application software must be employed to secure the website. You are capable of precisely detecting attacks.
- Install a security package for the internet. It often comprises default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing techniques.
- Operate on sites that are secured with Secure Socket Layer (SSL).
- Go for multiple layer protection with Web application firewalls.
- Protect the content of individual transmissions with the help of Virtual LANs.
Stay ahead of threats using Strobes:
Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild.
