Critical security updates for Adobe Acrobat and Adobe Reader have recently been released for both Mac OS and Windows. These updates are extremely important, as they could lead to potential machine and network compromise. SKOUT recommends applying the updates, which were published on June 8, 2021.
Technical Detail & Additional Information
WHAT IS THE THREAT?
Two critical vulnerabilities were patched by SAP in their most recent update:
Backoffice application allows certain authorized users to create source rules which are translated to drools rules when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application.
ABAP Server and ABAP Platform do not create information about internal and external RFC users in distinguished and consistent format, which may be exploited by malicious users to obtain illegitimate access to the system.
WHY IS IT NOTEWORTHY?
As the third-largest independent software supplier in the world, SAP supports more than 12 million users, making these vulnerabilities especially newsworthy, due to their severity and the software’s popularity. Considering the widespread use, attackers could easily exploit these vulnerabilities to gain escalated privileges within a network. Also, because SAP is historically one of the most common targets for attackers.
WHAT IS THE EXPOSURE OR RISK?
Remote Code Execution and illegitimate access to the system can have a critical impact on the system’s confidentiality, integrity, and/or availability. Once exploited a threat actor can illegally access and manipulate a computer or server without proper authorization from administrators. From there, they could penetrate the network by establishing persistence to gather information, and further their actions. After the attackers in this specific scenario are equipped with the ability to regain access, they could later deploy potentially malicious or unwanted software such as ransomware to encrypt data and machines on the network.
WHAT ARE THE RECOMMENDATIONS?
SKOUT recommends that administrators follow the guidelines below:
- Apply the recent SAP patches as soon as possible.
- Review your SAP infrastructure to ensure there are no strange accounts or accounts that should already be disabled or removed.
- Maintain a proper patching policy for all machines.
- Review network connections on the firewall or other network appliances to confirm that there were no malicious connections to your network.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.