CERT VU advisories & alerts disclose current reported cyber security vulnerabilities and threats identified in Vanuatu. The advisories deliver provide a summary of the threat analysed. Descriptions of the threat reported and mitigation procedures are provided as part of the advisory on how to mitigate the threats to minimise their impacts. Finally, a Traffic Light Protocol (TLP: Colour – See guides page for more information) indicator to show the level or information security and sharing rights.

Advisory 23

TLP Rating: Clear

CVE-2022-41082 (Remote code Execution Vulnerability) & CVE-2022-41040 (Elevation of Privilege Vulnerability)

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

On the 10th of October 2022, CERT Vanuatu received an advisory from its collaborating partner, Australian Cyber Security Centre (ACSC) of the alert for the threat.

CERTVU would like to advise its constituents using Microsoft Products to swiftly act on addressing this threat.

Advisory 22

TLP Rating: Clear

Microsoft windows client Server Runtime (CSRSS) Privilege Escalation – CVE-2022-22047

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

On the 12th of July 2022, CERT Vanuatu has received an advisory from its collaborating partner, Cybersecurity Infrastructure Security Agency (CISA) of the alert for the threat.

CERTVU would like to advise its constituents using Microsoft Products to swiftly act on addressing this threat.

Advisory 21

TLP Rating: Clear

Microsoft Windows LSA Spoofing vulnerability CVE-2022-26925

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

Microsoft disclosed a Windows Microsoft Windows LSA Spoofing Vulnerability. On the 5th of July 2022, CERT Vanuatu has received an advisory from its collaborating partner, Cybersecurity Infrastructure Security Agency (CISA) of this threat.

CERTVU would like to advise its constituents using Microsoft Products to swiftly act on addressing this threat.

Advisory 20

TLP Rating: Clear

Vulnerability in the Microsoft Support Diagnostic Tool (MSDT).

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

On the 31st May 2022, Microsoft disclosed a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). CERT Vanuatu has received an advisory from its collaborating partners the Australia Cyber Security Centre (ACSC) and the United Stated Cybersecurity Infrastructure Security Agency (CISA) of this threat.

Advisory 19

TLP Rating: Clear

Text Message Scam.

CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) provides the following advisory.

 CERT Vanuatu (CERTVU) office has received reports from Digicel Limited in regarding the above-mentioned attacks on its constituents using Digicel Mobile Network. Therefore, CERTVU is putting out this advisory for all it’s constituents using Digicel Network who could become victims to this attack.

Advisory 18

TLP Rating: Clear

Critical vulnerabilities identified in Microsoft Office (Excel _CVE-2021-42292).

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provides the following advisory by its international partners.

CERTVU office would like to advise it’s constituents on critical vulnerabilities identified in locally installed versions of Microsoft Excel which allows a cyber-actor to bypass a key security control.