Table of Contents
In this week’s Security Advisory
- Fortinet Patches Multiple Vulnerabilities
- Fake 7-Zip Site Distributes Malicious Installer
- Microsoft’s February Patch Tuesday Release
- SAP Patches Critical CRM, S/4HANA, and NetWeaver Vulnerabilities
- Security Updates Released for Adobe
Fortinet Patches Multiple Vulnerabilities
Fortinet has released patches to address multiple vulnerabilities. The most critical, CVE-2026-21643 (CVSS 9.1/10), impacts FortiClientEMS and allows an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Fortinet has also patched two high-severity vulnerabilities, CVE-2025-52436 (CVSS 7.9/10) and CVE-2026-22153 (CVSS 7.5/10). The first of these vulnerabilities is an XSS bug in FortiSandbox that could be exploited via crafted requests to execute commands without authentication. The second vulnerability is authentication bypass in FortiOS that can be exploited under certain configurations to bypass LDAP authentication of Agentless VPN or FSSO policy.
Of note, CyberMaxx has already applied patches to our own equipment.
Affected Versions
- Affected versions for CVE-2026-21643 can be found here.
- Affected versions for CVE-2025-52436 can be found here.
- Affected versions for CVE-2026-22153 can be found here.
Recommendations
- Apply the latest patches.
- For CVE-2026-22153, disable unauthenticated bind on the LDAP server.
More Reading / Information
- https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
- https://www.securityweek.com/fortinet-patches-high-severity-vulnerabilities/
Fake 7-Zip Site Distributes Malicious Installer
A malicious website promoted through Search Engine Optimization (SEO Poisoning) was hosting a hijacked installation binary for 7-Zip, a popular file extraction/compression tool. The trojanized binary joined the host to a proxy node network, allowing the threat actor to use the victim’s machine as a node/proxy for malicious activity.
CyberMaxx has custom detections in place for these IOC’s.
Indicators of Compromise
- A now revoked digital certificate belonging to Jozeal Network Technology Co., Limited.
- Downloaded from the malicious website, “7zip[.]com”
- The installer drops 3 malicious files within the ‘C:\Windows\SysWOW64\hero\’ directory.
- Uphero.exe – service manager and update loader.
- hero.exe – main proxy payload.
- hero.dll – support library.
Recommendations
- Ensure downloads are from the correct 7-Zip website (7-zip[.]org).
- Audit devices to ensure no malicious versions are installed.
More Reading / Information
- https://www.bleepingcomputer.com/news/security/malicious-7-zip-site-distributes-installer-laced-with-proxy-tool/
- https://www.helpnetsecurity.com/2026/02/10/trojanized-7-zip-software-malware-distribution/
Microsoft’s February Patch Tuesday Release
The February Microsoft Patch Tuesday has security updates for 58 vulnerabilities, including six actively exploited in the wild. The first, CVE-2026-21510 (CVSS 8.8/10), is a security bypass flaw in Windows Shell where a single click on a malicious link can silently bypass Windows protections and run attacker-controlled content without warning. This vulnerability affects all Windows versions.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.securityweek.com/6-actively-exploited-zero-days-patched-by-microsoft-with-february-2026-updates/
- https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2026-patch-tuesday-fixes-6-zero-days-58-flaws/
- https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/
SAP Patches Critical CRM, S/4HANA, and NetWeaver Vulnerabilities
SAP announced the release of 27 new and updated patches, with two addressing critical vulnerabilities. The first patch addresses CVE-2026-0488 (CVSS 9.9/10), a code injection bug in CRM and S/4HANA that can be exploited by authenticated attackers to execute arbitrary SQL statements. The second critical vulnerability, tracked as CVE-2026-0509 (CVSS 9.6/10), fixes a missing authorization check in NetWeaver Application Server ABAP and ABAP Platform.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2026.html
- https://www.securityweek.com/sap-patches-critical-crm-s-4hana-netweaver-vulnerabilities/
Security Updates Released for Adobe
Adobe has released patches for 44 new vulnerabilities in multiple products. Over two dozen vulnerabilities have been classified as high severity based on their CVSS. There are no reports of any of these vulnerabilities being exploited in the wild.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.securityweek.com/patch-tuesday-adobe-fixes-44-vulnerabilities-in-creative-apps/
- https://helpx.adobe.com/security/security-bulletin.html
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.