Spring4Shell and Chrome zero-day vulnerabilities
Procentia has issued a response to reassure its clients that it does not use the Java Spring framework. As a consequence, the company is notifying its clients that there is no direct exposure from using Procentia’s software products and services to the emerging Spring4Shell vulnerability (no CVE yet). The flaw would permit attackers to execute arbitrary code on the machine (remote code execution) and compromise the entire host. Following so closely from the Log4Net flaw, this is yet another concern for Java-based systems or users of Open Source software that rely on these very commonly used frameworks. However, as a .NET house, Procentia’s systems do not share these vulnerabilities.
For further reading, you can browse this related Computer Weekly article.
Chrome zero-day vulnerability (CVE-2022-1096)
Separately, Google has released patches for a new flaw found in Chrome and Edge Chromium browsers. Whilst this is not a vulnerability in any of Procentia’s products, the company recognises that many of its clients use Chrome to operate IntelliPen and IntelliSite. Procentia, therefore, is restating to all clients to take notice of IT industry-wide recommendations to update and patch their browsers as soon as possible.
To learn more, you can read this Forbes article and the published CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096