Patch Management

Patch Management

Microsoft issues two out-of-band patches for RCE flaws, one critical

In a pair of out-of-band updates, Microsoft patched RCE vulnerabilities, one rated critical, the other important. Microsoft said the two vulnerabilities, CVE-2020-1425 (critical) and CVE-2020-1457 (important), fixed prior to the company’s monthly Patch Tuesday updates, are not likely to be exploited. “To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image…

Triangle of network security management requires formalized process, Rodrigue says

Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…

Adobe fixes 18 critical vulnerabilities on heels of largest-ever Microsoft Patch Tuesday

Adobe on Tuesday patched 18 critical vulnerabilities – five of them in Illustrator and another five in After Effects. The out-of-band updates came a week after the company patched four flaws in Flash and Microsoft unveiled its largest Patch Tuesday ever, offering updates for 129 vulnerabilities. The After Effects out-of-bounds read, out-of-bounds write and overflow…

Adobe Patch Tuesday tackles Reader, Acrobat flaws

Adobe’s eight Patch Tuesday updates addressed a multitude of flaws – including 76 in Acrobat and Acrobat Reader that were rated important as well as several in Creative Cloud and Experience Manager rated critical. Successful exploitation of the Acrobat and Acrobat Reader vulnerabilities “could lead to arbitrary code execution in the context of the current…

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

Microsoft Patch Tuesday addresses two actively exploited zero-days

Microsoft’s July 2019 Patch Tuesday included updates for 77 vulnerabilities, including two actively exploited zero-days and five publicly disclosed vulnerabilities. One of the zero-days, CVE-2019-1132, a privilege escalation vulnerability in the Win32k component, was actively exploited as part of the attack chain by a group of Russian state-funded hackers.  If exploited, this bug could allow…

Adobe’s July Patch Tuesday includes Bridge CC, Experience Manager, Dreamweaver fixes

Adobe’s July 2019 Patch Tuesday included updates for its Adobe Bridge CC , Adobe Experience Manager and Adobe Dreamweaver products. The updates for Experience Manager patched three vulnerabilities, while Bridge and Dreamweaver updates each have one, none of which are labeled as “critical,” and the highest rated vulnerability for each software is rated “important,” according…

DHS reduces deadline for agencies to fix vulnerabilities in their systems

The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a directive that now gives federal agencies a 15-day deadline to remediate critical-level vulnerabilities that are detected on their internet-accessible systems by CISA’s Cyber Hygiene scanning service. Binding Operational Directive 19-02 supersedes BOD 15-01, which when enacted in 2015 gave…

Cisco patches 29 vulnerabilities including one being actively exploited in Sea Turtle campaign

Cisco latest round of security updates addresses 29 vulnerabilities in multiple Cisco products that could allow a remote attacker to take control of an affected system and one of which is being actively exploited in Sea Turtle campaign. Admins in charge of Cisco ASR 9000 Series Aggregation Services Routers have been instructed to urgently address…

Drupal software update patches highly critical RCE bug

The developers of Drupal this week issued a security advisory urging users to update their software following the discovery of a highly critical remote code execution vulnerability in their open-source content management framework. “Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases,” the…

Next post in Security News