Tailored Security Solutions for Maritime Operations by Intrucept
Tailored Security Solutions from Maritime Operations by Intrucept
Continue ReadingAuthor: Gargi
Security Update for NVIDIA Base Command & Bright Cluster Managers
NVIDIA has issued a security advisory addressing a critical vulnerability (CVE-2024-0138) discovered in its Base Command Manager software. This flaw, located within the CMDaemon component, poses significant risks, including the potential for remote code execution, denial of service, privilege escalation, information disclosure, and data tampering.
What does the Vulnerability mean
The source of the vulnerability was from insecure temporary file handling, which could lead to a denial of service (DoS) condition on affected systems.
NVIDIA has released patches to address the issue and prevent potential exploitation. This critical flaw can be exploited remotely without any prerequisites, such as user interaction or special privileges, making it highly dangerous.
| Vulnerability Name | CVE ID | Product Affected | Impact | Fixed Version |
| Insecure Temporary File Vulnerability | CVE-2024-0139 | NVIDIA Base Command Manager, Bright Cluster Manager | Medium | Base Command Manager: 10.24.09a; Bright Cluster Manager: 9.0-22, 9.1-19, 9.2-17 |
Technical Summary
NVIDIA confirmed earlier versions, including 10.24.07 and earlier, are not impacted by this vulnerability.
To mitigate the issue, NVIDIA recommends updating the CMDaemon component on all head nodes and software images.
Remediation:
1. Base Command Manager
- Update to version 10.24.09a to address the vulnerability.
2. Bright Cluster Manager
- Depending on your version, update to one of the following:
- 9.0-22
- 9.1-19
- 9.2-17
3. CMdaemon Update
- Ensure the most recent version of CMdaemon is installed on the head nodes and in all software images.
4. Node Update .
After applying the update, systems should be rebooted or resynchronized with the updated software image to ensure the fix is fully implemented. These measures are essential to eliminate the root cause that created vulnerability and protect systems from potential exploitation.
References:
- For additional details on the vulnerability and patch instructions, visit NVIDIA’s security bulletin.
| CVE ID | System Affected | Platform | Vulnerability Details | Impact |
| CVE-2024-0139 | NVIDIA Base Command Manager (Versions 3, 10) NVIDIA Bright Cluster Manager (Versions 9.0-9.2) | Linux | The vulnerability stems from insecure handling of temporary files in both Base Command Manager and Bright Cluster Manager. Exploiting this flaw could disrupt system availability, potentially causing a denial of service. | Potential denial of service on affected systems. |
Re-release of November 2024 Exchange Server Security Updates
Microsoft users had a tough time to send or load attachments to emails when using Outlook, were unable to connect to the server, and in some cases could not log into their accounts.
Microsoft Exchange Online is a platform for business communication that has a mail server and cloud apps for email, contacts, and calendars.
Microsoft mitigated the issue after identification were able to determine the cause of the outages and is rolling out a fix for the issue. That rollout is gradual, however, as outage reports continue to come in at DownDetector.
Impact
The outage left many users unable to communicate with colleagues, particularly as it coincided with the start of the workday in Europe. Frustration quickly spread across social media, with users reporting issues accessing emails and participating in Teams calls
Re-release of November 2024 Exchange Server Security Updates
Summary
| OEM | Microsoft |
| Severity | High |
| Date of Announcement | 27/11/2024 |
| Product | Microsoft Exchange Server |
| CVE ID | CVE-2024-49040 |
| CVSS Score | 7.5 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
On November 27, 2024, Microsoft re-released the November 2024 Security Updates (SUs) for Exchange Server to resolve an issue introduced in the initial release on November 12, 2024. The original update (SUv1) caused Exchange Server transport rules to intermittently stop functioning, particularly in environments using transport or Data Loss Protection (DLP) rules. The updated version (SUv2) addresses this issue.
Table of Actions for Admins:
| Scenario | Action Required |
| SUv1 installed manually, and transport/DLP rules are not used | Install SUv2 to regain control over the X-MS-Exchange-P2FromRegexMatch header. |
| SUv1 installed via Windows/Microsoft Update, no transport/DLP rules used | No immediate action needed; SUv2 will be installed automatically in December 2024. |
| SUv1 installed and then uninstalled due to transport rule issues | Install SUv2 immediately. |
| SUv1 never installed | Install SUv2 immediately. |
Remediation Steps
1. Immediate Actions
- Use the Health Checker script to inventory your Exchange Servers and assess update needs.
- Install the latest Cumulative Update (CU) followed by the November 2024 SUv2.
2. Monitor System Performance
- After enabling AMSI integration for message bodies, monitor for any performance issues such as delays in mail flow or server responsiveness.
3. Run SetupAssist Script for Issues
- Use the SetupAssist script to troubleshoot issues with failed installations or update issues, and check logs for specific error details.
References:
Analysis of WezRat Malware; Check point Findings
New CheckPoint research discovered a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands.
Continue Reading- ‹ Previous
- 1
- 2
- 3