Security Alerts

Our support will regularly inform you of important events here.

You can subscribe to these alerts via this RSS Feed. You can do this in Outlook (read here how) or via your RSS reader of choice.

Due to a vulnerability in Microsoft Outlook, we ask everyone to close the Outlook client and temporarily work through https://outlook.office.com/mail/

Thanks to a newly discovered vulnerability, cybercriminals can already penetrate your system by simply sending a malicious mail. As soon as this mail is processed by the Outlook client, it is already activated. So you don't even have to open this mail.

Updating as soon as possible is recommended.

We would just like to mention that you can alternatively update Office 365 in Word. You can see how to do this in the picture below or in this guide.

Some vulnerabilities have been discovered and fixed in version 11 of VEEAM Backup: CVE-2022-26500CVE-2022-26501, CVE-2022-26504, CVE-2022-26503CVE-2023-27532

So patching is the message. Attention, VEEAM does give the following warnings before you would update.

  • Veeam Agent for Linux: version 5.0.2 comes with veeamsnap kmod/kmp modules signed with a renewed certificate. Following the agent upgrade, you must update veeamsnap-ueficert package and enroll the new certificate to UEFI MOK, otherwise the module will fail to load. This applies only to RHEL/CentOS and SLES/openSUSE machines with UEFI SecureBoot enabled.
  • Veeam Cloud Connect: backup and backup copy jobs containing Windows 11 Hyper-V VMs and Kasten K10 backups will start failing for tenants if they install P20211211 before their service provider.

Take action

At the attached link, you can follow the necessary procedures.

Contact us to fix this problem for you. You can do this by mail at support@vanroey.be or count: 014 470 600. You can also have a create a ticket.

A buffer underwrite ('buffer underflow') vulnerability in the FortiOS & FortiProxy administrative interface could allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.

Fortinet is not aware of any instance of this vulnerability being exploited. They constantly review and test the security of their products, and this vulnerability was discovered internally within that framework.

Take action

The above vulnerability is really critical (CVE score = 9.3). In short: there is really no choice > action MUST be taken. Hence our managed customers are already helped and provided with the necessary updates.

Need help? Contact us to fix this problem for you. You can do this by mail at support@vanroey.be or count: 014 470 600. You can also have a create a ticket.

Fortinet is aware of at least one case where this vulnerability has been successfully exploited, although other unknown cases may certainly exist.

One exploits a vulnerability to deploy malicious files on the file system of affected devices.

Moreover, as seen in a recent campaign affecting Fortinet appliances (CVE-2022-40684), attackers can execute remote code in Fortinet appliances to achieve any of the following objectives:

  • Opening and downloading the device configuration file
  • This includes and is not exclusive to cleartext rules, policies, filtering, usernames, routing configurations and encrypted passwords (encrypted via the private encryption key).
  • Creating privileged administrator accounts
  • Uploading and running scripts

Potential for widespread exploitation

According to CISA's Known Exploited Vulnerabilities Catalog, threat actors have historically used similar Fortinet vulnerabilities to gain initial access and move laterally within an organisation's environment.

We therefore also assume that hackers will continue to actively exploit this vulnerability in the short term to gain access to sensitive information, such as the device configuration file.

This is thanks to the ease of exploitation, the potential for payload and execution and the prevalence of affected Fortinet devices within enterprise environments.

 

 

Take action

This is a major vulnerability that should be addressed immediately.

Given the impact of the update process or possible complexity of other measures, we are currently in the process of contacting customers to agree or who/when to perform the upgrade(s).

Please note, if possible, perform the upgrades in a test environment first

Update FortiOS

Product  Impacted Versions  Fixed Versions 
FortiOS  v7.2.0 to v7.2.2
v7.0.0 to v7.0.8
v6.4.0 to v6.4.10
v6.2.0 to v6.2.11 
v7.2.3 or above
v7.0.9 or above
v6.4.11 or above
v6.2.12 or above 
FortiOS-6K7K   v7.0.0 to v7.0.7
v6.4.0 to v6.4.9
v6.2.0 to v6.2.11
v6.0.0 to v6.0.14 
v7.0.8 or above
v6.4.10 or above
v6.2.12 or above
v6.0.15 or above 

Workaround

Disable the SSL-VPN

Need help?

Contact us as soon as possible to fix this leak for you. You can do this by mail at support@vanroey.be or count: 014 470 600. You can also have a create a ticket.

As of yet, there is no official patch available from Microsoft that fixes the vulnerability, but we do know that it is being actively exploited. More details about this vulnerability can be found Here: CVE-2022-30190.

However, there is a temporary workaround available, which you here can consult.

  • First of all, you need to disable the Diagnostics tool URL Protocol via the registry.
  • Microsoft Defender Antivirus (MDAV) users should enable "cloud-delivered protection" & "automatic sample submission".
  • Microsoft Defender for Endpoint (MDE) users can also enjoy additional protection with the following setting: "Block all Office applications from creating child processes".

Of course, we are monitoring this situation closely and will switch as soon as a patch would be available.

If you wish to engage our expertise to the workaround apply, do not hesitate to contact your Account Manager.

As of October 15, 2022, vSphere version 6.x will no longer be supported by VMware. To enjoy full support (including updates), we recommend upgrading your hardware as soon as possible. Since not all servers are compatible with vSphere 7.0 or higher, starting your migration process on time is the message! Especially with the current delivery times.

Whatever your situation, don't hesitate to contact our specialists with questions or uncertainties. We'll be happy to take a look at whether the ideal setup is on-prem, full cloud or hybrid.

Clients who are contacted by VanRoey.be via a Managed Services Contract are managed, have already been covered.

We would like to inform you of a necessary upgrade in N-Central, the tool responsible for monitoring your environment.

As a result, our Managed Services Portal from Friday evening 18h until Sunday evening drop out. Due to this downtime, no automatic monitoring will be possible during the coming weekend.

Furthermore, this upgrade has no impact on your environment. If you have any questions, don't hesitate to contact us:

Last weekend, a serious vulnerability was found in the widely used Java logging tool Log4j. This vulnerability makes it possible for unauthenticated persons to remotely inject and execute arbitrary code.

  • Fortinet has already released signature updates (see source for more info);
  • Your VCenters are checked and not open to the outside world;
  • For certain other software (e.g. Ruckus Cloud) we are waiting for a patch from the vendor. In the meantime, additional security measures have been taken.

When we notice that your environment needs additional interventions or updates, we will inform you personally. If you have any doubts or questions, don't hesitate to contact our Support Department.

Take action

Check with your software vendors to see if there are any vulnerable factors in your environment

Our Solutions

ESG