Patch Management
Skip to navigation Skip to main content

Patch Management

Data Breach, Featured, Firewalls, IPsec VPNs, Patch Management, Patch/Configuration Management, Privacy & Compliance News and Analysis, Security News

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

By
Publish Date

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

Linux
Patch Management, Patch/Configuration Management, Security News, Vulnerabilities

‘Boothole’ threatens billions of Linux, Windows devices

By
Publish Date

A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details today about how the flaw can take over nearly any device’s boot process. The majority of laptops, desktops, servers,…

Featured, Patch Management, Security News, Vulnerabilities

Hackers could exploit iDRAC flaw to control EMC PowerEdge servers

By
Publish Date

Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations. The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor…

Patch Management, Secondary Featured, Security News, Vulnerabilities

Critical SAP flaw puts 40,000 users at risk

By
Publish Date

More than 40,000 SAP users of an estimated 2,500 internet facing systems should move quickly to patch a Remotely Exploitable Code On NetWeaver (RECON) vulnerability that scored a 10 out of 10 on the bug-severity CVSS scale and which could give an attacker full enterprise control. Noting that “this is the second major Java-based 0-day in…

Patch Management, Security News, Vulnerabilities

Citrix, Juniper and VMware patch array of vulnerabilities

By
Publish Date

Citrix, Juniper and VMware issued a bevy of patches this week. For starters, the Citrix Security Bulletin CTX276688 addressed vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. According to CISA, a remote attacker could exploit some of these vulnerabilities to take control…

Patch Management, Patch/Configuration Management, Security News, Vulnerabilities

Microsoft issues two out-of-band patches for RCE flaws, one critical

By
Publish Date

In a pair of out-of-band updates, Microsoft patched RCE vulnerabilities, one rated critical, the other important. Microsoft said the two vulnerabilities, CVE-2020-1425 (critical) and CVE-2020-1457 (important), fixed prior to the company’s monthly Patch Tuesday updates, are not likely to be exploited. “To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image…

Events, InfoSec World 2020, Patch Management, Patch/Configuration Management, Security News, Vulnerabilities

Triangle of network security management requires formalized process, Rodrigue says

By
Publish Date

Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…

Patch Management, Security News, Vulnerabilities

Adobe fixes 18 critical vulnerabilities on heels of largest-ever Microsoft Patch Tuesday

By
Publish Date

Adobe on Tuesday patched 18 critical vulnerabilities – five of them in Illustrator and another five in After Effects. The out-of-band updates came a week after the company patched four flaws in Flash and Microsoft unveiled its largest Patch Tuesday ever, offering updates for 129 vulnerabilities. The After Effects out-of-bounds read, out-of-bounds write and overflow…

Patch Management, Patch/Configuration Management, Security News, Vulnerabilities

Adobe Patch Tuesday tackles Reader, Acrobat flaws

By
Publish Date

Adobe’s eight Patch Tuesday updates addressed a multitude of flaws – including 76 in Acrobat and Acrobat Reader that were rated important as well as several in Creative Cloud and Experience Manager rated critical. Successful exploitation of the Acrobat and Acrobat Reader vulnerabilities “could lead to arbitrary code execution in the context of the current…

Next post in Patch Management