Quest_TM_Logo_Full-white-TBG

Quest Security and Service Advisories

As an ongoing service to Quest's valued clients, our team of experts monitors security and service advisories we are seeing in the market from multiple vendors and these important notices are sent to our clients. You can view an overview of our recent advisories below. If you need more information on any of these advisories, or would like to set up a meeting to discuss them further, please reach out to our team. 

 

March 2024

Security Advisory: Critical VMware Vulnerabilities Identified

February 2024

Security Advisory: ConnectWise ScreenConnect Security Threat

Security Advisory: Critical Vulnerabilities (CVSS 9.8) in Wide Range of Fortinet Software

January 2024

Security Advisory: Malware Bypassing Office 365 Filters

December 2023

Security Advisory: Advanced Phishing Attempt Posing as WordPress

Security Advisory: Google Chrome 0-Day Vulnerability

March 2024

Security Advisory: Security Advisory: Critical VMware Vulnerabilities Identified (3/8/2024):

VMware has released updates to address multiple security vulnerabilities in VMware ESXi, Workstation, and Fusion. These vulnerabilities are critical and require immediate attention.

Please let us know if you would like to discuss the new CVEs or need assistance with patching these vulnerabilities.

Impact:
A malicious actor with local administrative privileges on a virtual machine can exploit these vulnerabilities to execute code as the virtual machine's VMX process running on the host. This could result in devastating code execution on machines where Workstation or Fusion is installed or contained within the VMX sandbox on ESXi.
 
Impacted Products:

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation (Cloud Foundation) 

Vulnerabilities Summary:

  • CVE-2024-22252: Use-after-free vulnerability in XHCI USB controller. Critical severity with a maximum CVSSv3 base score of 9.3 for Workstation/Fusion and 8.4 for ESXi.
  • CVE-2024-22253: A use-after-free vulnerability in the UHCI USB controller. It is critical, with a maximum CVSSv3 base score of 9.3 for Workstation/Fusion and 8.4 for ESXi.
  • CVE-2024-22254: Out-of-bounds write vulnerability in VMware ESXi. High severity with a CVSS score of 7.9.
  • CVE-2024-22255: Information disclosure vulnerability in UHCI USB controller affecting VMware ESXi, Workstation, and Fusion.

February 2024

Security Advisory: ConnectWise ScreenConnect Security Threat (2/22/2024):

Quest has been made aware of a significant and active cyber threat affecting ConnectWise ScreenConnect. Known vulnerabilities present a maximum security risk in ScreenConnect version 23.9.8 or prior, allowing threat actors to gain remote unauthenticated access to the ScreenConnect Platform. While ScreenConnect cloud servers hosted on screenconnect.com, hostedrmm.com, or those part of Quest Services are already secured against potential attacks, partners using a dedicated on-premise ScreenConnect Platform are advised to update their ScreenConnect to version 23.9.8 immediately.

Quest recommends that our customers and partners review the applicability of this update and upgrade to the latest version of ScreenConnect as necessary.

For more detail, the official notification can be found here:
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
 
If you need help applying the necessary recommendations, reviewing for malicious activity, or would like to discuss further, we are here to help.

Security Advisory: Critical Vulnerabilities (CVSS 9.8) in Wide Range of Fortinet Software (2/9/2024):

Quest has been made aware of multiple, significant Cyber threats affecting Fortinet devices running a wide range of ForitOS software. The vulnerabilities, when exploited, could allow threat actors to execute remote code on the affected devices, perform denial of service attacks and establish a Man-in-the-Middle presence between multiple Fortinet devices.
 
The CVSS (Common Vulnerability Scoring System) score for the most significant of these vulnerabilities is a Critical 9.8 (out of 10) and subsequently Quest is recommending that our customers immediately patch their devices to the appropriate level.

Affected versions of FortiOS software are as follows:
FortiOS versions: 6.0, 6.2, 6.4, 7.0, 7.2, 7.4, and 7.6
FortiProxy versions: 7.0, 7.2, and 7.4.

A summary of the vulnerabilities, along with technical detail can be found here:
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-fortios-could-allow-for-remote-code-execution_2024-019
 
If you would like to discuss this further or if you have any other questions, we are here to help.

January 2024

Security Advisory: Malware Bypassing Office 365 Filters (1/12/2024):

Quest has been actively investigating the surge in phishing and malware attacks that cleverly evade third-party gateway filters. These attacks are bypassing defenses and delivering malware directly to Office 365 mailboxes. The Threat actors exploit the default MX records associated with onmicrosoft.com domains, typically taking the form of "CompanyName.onmicrosoft.com," to deliver spam and malicious content without being scanned.
 
Advanced configuration is required, which may impact mail flow from SMTP devices (printers, scanners, applications) that send mail directly into Office 365 from on-premise locations. Careful deployment and tuning are necessary to ensure minimal interruption to mail flow.

Quest is offering a 30-minute conversation to discuss this threat in greater detail and review options/strategy to close this possible bypass on your office365 tenant. Please reply to this email if you would like to schedule time to discuss details and options for review and remediation.

December 2023

Security Advisory: Advanced Phishing Attempt Posing as WordPress (12/5/2023):

Quest has been made aware of an advanced phishing attempt that appears to come from “WordPress”. The phishing attempt claims there is an active WordPress vulnerability requiring immediate action. The fraudulent email includes a malicious “patch” download link, which is a near duplicate of the actual WordPress site. When downloaded and installed, this "patch" creates a hidden administrative account and establishes persistence on the affected host. This allows threat actors to connect remotely and perform administrative functions at will.

Images of the email and download site are provided below:

WordPress Advisory ScreenshotWordPress Advisory Screenshot 2

Quest recommends that our customers remain vigilant and verify any advisories through multiple sources such as CISA.gov or by manually visiting the vendor’s advisory sites.

More information can be found here:
https://www.bleepingcomputer.com/news/security/fake-wordpress-security-advisory-pushes-backdoor-plugin/

Alternatively, by contacting Quest, our security experts can assist in identifying potential phishing attempts and help you stay ahead of threats to your environment. If you wish to discuss this further, we are here to help.

Security Advisory: Google Chrome 0-Day Vulnerability (12/1/2023):

Quest has been made aware of a significant Cyber threat affecting Google’s Chrome browser. This vulnerability, currently rated a High severity by NIST and actively being exploited, affects versions of Chrome prior to 119.0.6045.199. Threat actors can craft custom web pages that, when accessed, execute malicious code on the host system allowing for access to sensitive data and/or other malicious activity. 

Quest recommends that our customers immediately patch all versions of Chrome to latest available update. More information on the vulnerability can be found below:

https://nvd.nist.gov/vuln/detail/CVE-2023-6345 

https://www.darkreading.com/vulnerabilities-threats/google-patches-another-chrome-zero-day-as-browser-attacks-mount

If you need help applying the necessary recommendations, staying on top of patching within your environment, reviewing your environment for malicious activity, or would like to discuss further, we are here to help.

Do you have questions about advisories? Contact our team!

Disclaimer: The information provided above by Quest Technology Management is intended to provide helpful and informative material as it relates to vendor advisories. Your use of the information on this page or linked material is at your own risk. Uncontrolled copies of this text may not contain critical information or be inaccurate. To ensure accuracy, always refer to the version available at the specified distribution URL. Quest assumes no responsibility or liability for any errors or omissions in the content of this page. If you require assistance or advice as it relates to any of the above advisories, please contact our team.

Need help mitigating an attack?

Contact Quest’s 24/7 Incident Response Team

Hotline: 800-443-5605  |  Email: IR@questsys.com

We will immediately contact you, assess your situation, and deploy our Incident Response Team.

Quest. All Rights Reserved. Quest © 2023. Quest ® and ® are registered trademarks of Quest Media & Supplies, Inc.
Other company names or logos appearing herein may be registered trademarks of their respective holders.

quest-whitelogo-sq Q