Security Advisory VMSA-2021-0002

VMware ESXi and vCenter Server updates address multiple security vulnerabilities.

Datashield recommends patching any Microsoft Exchange servers due to the recently released series of vulnerabilities, CVE-2021-26855 in particular, and the evidence of this exploit being utilized in the wild. An unauthenticated attacker can compromise the server and obtain access into the network. There is no current mitigation besides patching the affected Exchange servers. Datashield has deployed some initial detections for this CVE, but is still evaluating and creating new detections as we gather more information.

A penetration test or pen test is a simulated cyber-attack against computer systems, application systems, and IT infrastructure to discover loopholes. These simulated cyber-attacks come in diverse forms with the intent of breaching a system through its servers, web or mobile applications, and other endpoints. The purpose of pen testing is to discover exploitable vulnerabilities in a controlled setting before cybercriminals take advantage of them.

Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, provides enterprise-level protection to endpoints to prevent, detect, investigate, and respond to advanced threats.

Zero Trust security concept is a model and framework developed by former Forrester analyst John Kindervag in 2010. Since then, the Zero Trust model is widely adopted, with leading researchers at Gartner, Microsoft, and Google all developing and implementing their variations of Zero Trust frameworks while keeping the core concept intact.

Contrary to popular beliefs, an insider threat is not always a security risk within an organization's immediate perimeter. Current employees and managers aside, an insider threat could be a former employee who had access to specific information, a third-party consultant, or a business partner.

One can broadly define vulnerability management as a set of processes and procedures to identify, analyze, and manage vulnerabilities across a critical service's operating environment.

Microsoft announced a critical vulnerability as part of their Patch Tuesday on 10/12/2020. CVE-2020-16898, dubbed "Bad Neighbor", is a remote code execution (RCE) that occurs when the Windows TCP/IP stack incorrectly handles ICMPv6 Router Advertisement packets with an even length field.

The use of managed services is growing as organizations struggle supervising multiple sophisticated software systems and advanced corporate networks. One specific area of company outsourcing is the implementation and management of cyber defenses to protect digital assets against ever-evolving security threats. 

Microsoft released a security bulletin today detailing a RCE in all known Windows DNS Servers, with a base CVSS score of 10.0.