Patch Management

Patch Management

Lesson learned: Failure to patch led to password leak of 900 VPN enterprise servers

Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords, as well as IP addresses, for more than 900 Pulse Secure VPN enterprise servers. “The lesson here? Patch, patch, patch,” said Laurence Pitt, global security strategy director at Juniper Networks. “The…

Linux

‘Boothole’ threatens billions of Linux, Windows devices

A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details today about how the flaw can take over nearly any device’s boot process. The majority of laptops, desktops, servers,…

Hackers could exploit iDRAC flaw to control EMC PowerEdge servers

Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations. The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor…

Critical SAP flaw puts 40,000 users at risk

More than 40,000 SAP users of an estimated 2,500 internet facing systems should move quickly to patch a Remotely Exploitable Code On NetWeaver (RECON) vulnerability that scored a 10 out of 10 on the bug-severity CVSS scale and which could give an attacker full enterprise control. Noting that “this is the second major Java-based 0-day in…

Citrix, Juniper and VMware patch array of vulnerabilities

Citrix, Juniper and VMware issued a bevy of patches this week. For starters, the Citrix Security Bulletin CTX276688 addressed vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. According to CISA, a remote attacker could exploit some of these vulnerabilities to take control…

Microsoft issues two out-of-band patches for RCE flaws, one critical

In a pair of out-of-band updates, Microsoft patched RCE vulnerabilities, one rated critical, the other important. Microsoft said the two vulnerabilities, CVE-2020-1425 (critical) and CVE-2020-1457 (important), fixed prior to the company’s monthly Patch Tuesday updates, are not likely to be exploited. “To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image…

Triangle of network security management requires formalized process, Rodrigue says

Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…

Adobe fixes 18 critical vulnerabilities on heels of largest-ever Microsoft Patch Tuesday

Adobe on Tuesday patched 18 critical vulnerabilities – five of them in Illustrator and another five in After Effects. The out-of-band updates came a week after the company patched four flaws in Flash and Microsoft unveiled its largest Patch Tuesday ever, offering updates for 129 vulnerabilities. The After Effects out-of-bounds read, out-of-bounds write and overflow…

Adobe Patch Tuesday tackles Reader, Acrobat flaws

Adobe’s eight Patch Tuesday updates addressed a multitude of flaws – including 76 in Acrobat and Acrobat Reader that were rated important as well as several in Creative Cloud and Experience Manager rated critical. Successful exploitation of the Acrobat and Acrobat Reader vulnerabilities “could lead to arbitrary code execution in the context of the current…

Next post in Patch Management