Patch Management

Patch Management

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

Microsoft’s Patch Tuesday addresses two actively exploited zero-days

Microsoft’s July 2019 Patch Tuesday included updates for 77 vulnerabilities, including two actively exploited zero-days and five publicly disclosed vulnerabilities. One of the zero-days, CVE-2019-1132, a privilege escalation vulnerability in the Win32k component, was actively exploited as part of the attack chain by a group of Russian state-funded hackers.  If exploited, this bug could allow…

Adobe’s July Patch Tuesday includes Bridge CC, Experience Manager, Dreamweaver fixes

Adobe’s July 2019 Patch Tuesday included updates for its Adobe Bridge CC , Adobe Experience Manager and Adobe Dreamweaver products. The updates for Experience Manager patched three vulnerabilities, while Bridge and Dreamweaver updates each have one, none of which are labeled as “critical,” and the highest rated vulnerability for each software is rated “important,” according…

DHS reduces deadline for agencies to fix vulnerabilities in their systems

The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a directive that now gives federal agencies a 15-day deadline to remediate critical-level vulnerabilities that are detected on their internet-accessible systems by CISA’s Cyber Hygiene scanning service. Binding Operational Directive 19-02 supersedes BOD 15-01, which when enacted in 2015 gave…

Cisco patches 29 vulnerabilities including one being actively exploited in Sea Turtle campaign

Cisco latest round of security updates addresses 29 vulnerabilities in multiple Cisco products that could allow a remote attacker to take control of an affected system and one of which is being actively exploited in Sea Turtle campaign. Admins in charge of Cisco ASR 9000 Series Aggregation Services Routers have been instructed to urgently address…

Drupal software update patches highly critical RCE bug

The developers of Drupal this week issued a security advisory urging users to update their software following the discovery of a highly critical remote code execution vulnerability in their open-source content management framework. “Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases,” the…

Flaw in runC could allow malicious containers to infect host environment

A vulnerability discovered in the runC container management tool has exposed multiple privileged container systems to a potential exploit through which attackers could allow malware to escape a container and compromise an entire host system. Designated CVE-2019-5736, the flaw allows attackers to use a malicious container to overwrite the host runC binary during the execution…

Attackers scanning unpatched Cisco small business routers after exploit code published

Cisco Systems last week issued security advisories for two dozen vulnerabilities, including two high-severity flaws in its Small Business RV320 and RV325 dual gigabit WAN VPN routers, which attackers are reportedly already trying to exploit with published proof-of-concept code. Device owners are advised to immediately download Cisco’s patches for the two exploited flaws, both of…

Fixed Fortnite flaws could have enabled account takeovers

A series of vulnerabilities in the hugely popular online survival game Fortnite could have allowed malicious actors to take over players’ accounts, prompting developer Epic Games to fix the issues before a major incident transpired, according to researchers who discovered the program. Had the flaws been exploited, attackers could have victimized gamers by viewing their…

Researchers develop proof-of-concept malware for attacking Building Automation Systems

Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…

Microsoft updates brick Windows 7 devices

Microsoft Corp. this Tuesday released two software updates that reportedly rendered some Windows 7-based machines useless by mistake. The problem springs from the implementation of Microsoft’s Jan. 8, 2019, security-only update KB4480960 or Monthly Rollup update KB4480970, in combination with older update KB971033, whose previous iteration dates back to April 2018. The two more recent updates introduced…

Next post in Network Security