A New Addition to Vulnerabilities Catalog Microsoft’s Email Platform, Zimbra, Under Stress.
If there can be a blood bank or a cryobank, then it makes sense to also have a bug bank. The US based Cybersecurity and Infrastructure Security Agency (CISA) is one such organization—a kind of repository where computer bugs, that can infect and damage systems, are catalogued and profiled.
The Known Exploited Vulnerabilities Catalog of US Cybersecurity and Infrastructure Security Agency (CISA) has been updated with the addition of newly discovered Zimbra bug zero-day flaw that was identified recently in the platform of Zimbra email.
The bug is classified as a cross-site scripting vulnerability that attacks open source e-mail platform. The bug, named as CVE-2022- 24682 (CVSS score: 6.1), relates to the Calendar feature in Zimbra Collaboration Suite. Attackers use the feature to plant their malware by tricking users to download arbitrary JavaScript code. Just when the users unwittingly click the link, the malware takes control and the system launches itself on a disaster course.Zimbra’s Versions 8.8..15 and older can get infected with this bug. More than 200,000 organizations over thousand government and financial institutions use the Zimbra’s e-mail platform.
The Known Exploited Vulnerabilities Catalog is a repository of security flaws that are reported to have been exploited by online criminals in cyber-attacks. Federal Civilian Executive Branch (FCEB) agencies require all organizations that run and maintain a sizable system to patch these so that in case of any incident, the damage to systems can be fixed. In accordance with the Binding Operational Directive (BOD)22-01, once the flaw is added to the catalog, the agencies are required to address the recent vulnerabilities within two weeks.
Over 300 vulnerabilities were listed when CISA announced the Known Exploited Vulnerabilities Catalog. Another 50 have been added later on. The vulnerability was first discovered recently in early February by Volexity. Researchers, on a routine surveillance mission, identified a salvo of spear-phishing activity aimed at government and media bodies certain European countries. The attackers were leveraging the Zimbra bug to illegally gain access to mailboxes in order to infect the systems with the malware.
Researchers at Volexity believe that the attacker is operating under moniker ‘TEMP_HERETIC.’ The attacks are directed toward the open source edition of Zimbra’s Versions 8.8.15 or older. Zimbra has launched a hotfix (Version 8.8.15 P30) to address the flaw. This vulnerability has been identified with its technical code: CVE 2022-24682. CISA has added three more vulnerabilities to the catalog. All these vulnerabilities are specific to Microsoft programs. The codes and mode of action are listed here:
CVE-2017-8570 (CVSS score: 7.8) –Microsoft Office Remote Code Execution Vulnerability CVE-2017-0222 (CVSS score: 7.5) – Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2014 -6352 (CVSS score: N/A) –Microsoft Windows Code Injection Vulnerability
