Patch News, Articles and Updates

Microsoft remote assistance tool threat patched, danger remains

Microsoft has just patched a vulnerability in the primary tool the company uses to help provide remote assistance to its users, but until all devices are updated there is still some danger.

Microsoft launches $250,000 bug bounty for Spectre/Meltdown-like flaws

Microsoft has kicked off a bug bounty program that could bring in between $25,000 and $250,000 to anyone able to find vulnerabilities similar to the now infamous Spectre and Meltdown.

Patch Tuesday: Microsoft patches Remote Desktop Protocol exploit

This month's Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical.

Patch Tuesday: Adobe patches 7 critical flaws

Patch Tuesday Adobe updates included patches for Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver including 7 critical vulnerabilities.

Spring break vulnerability jeopardizes Pivotal Spring projects

A remote code execution flaw, dubbed Spring Break, affects various Pivotal Spring could allow an attacker to run arbitrary commands.

Old version of HPE Lights-Out server management tech contains DoS vulnerability

Hewlett Packard Enterprise has disclosed the discovery of a serious vulnerability in a previous version of its Lights-Out 3 embedded server management technology, which could be remotely exploited to trigger a denial of service condition.

Drupal 7 and 8 patch multiple critical vulnerabilities

Drupal patched multiple vulnerabilities in both Drupal 7 and Drupal 8 including a comment reply form flaw that allows access to restricted content.

Not-for-profit Open Bug Bounty announces 100K fixed vulnerabilities

The not for profit bug bounty hunters of Open Bug Bounty recently announced its number of recorded bug bounties had reached 100,000.

Apple patches 'Text Bomb' bug that causes system crashes

Apple just released a patch to fix its crash bug that allowed specially crafted messages to disable access iMessages and other messaging apps.

Exclusive: Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers

Security researchers say they discovered several vulnerabilities and security lapses in Kaspersky Lab's web portal earlier this month, adding that the flaws exposed users to potential session hijackings and account takeovers.

Dell EMC issues patches for two remote access vulnerabilities

Dell EMC issued an advisories and updates for a pair of vulnerabilities found in the company's Dell EMC VMAX Virtual Appliance (vApp) Manager.

Massive code rewrite may be required to patch Skype vulnerability

Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.

Adobe Patch Tuesday patches issues in Acrobat, Reader and Experience manager

Adobe's Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Mac.

Cisco updates router firmware to prevent remote code execution and denial of service attacks

Cisco Systems on Wednesday issued 20 security updates, notably patching a critical vulnerability in two router products that could resulted in remote code execution or a denial of service condition.

Cisco takes a second crack at fixing critical ASA bug

Cisco Systems on Monday released a second fix for a critical vulnerability in the XML parser of its Adaptive Security Appliance (ASA) after finding additional attack vendors and learning that its previous repair job was insufficient.

Cisco update eliminates DoS vulnerability in Aggregation Services Router operating system

Cisco Systems on Wednesday issued a security update that fixes a high-severity denial of service vulnerability in release version 5.3.4 of its IOS XR Software for the Aggregation Services Router (ASR) 9000 Series.

Mozilla patches unsanitized output flaw in Firefox

Mozilla patched an unsanitized output flaw in its Firefox browser user interface that could lead to arbitrary code execution.

Apple releases more updates for Safari, iOS, macOS and more

Apple security updates patch vulnerabilities which could allow and attacker to take control of an infected system.

Chrome desktop update remedies 53 bugs, adds Spectre and Meltdown mitigations

Google's latest stable channel update for the Chrome browser on Windows, Mac and Linux desktop machines includes fixes for 53 security issues, including three high-severity vulnerabilities.

Cisco security updates nix high-impact DoS and privilege escalation bugs

Cisco Systems on Wednesday issued 26 security updates to fix a variety of vulnerabilities, including high-impact bugs in its NX-OS Software, its Email Security Appliance (ESA) and Content Security Management Appliance, and its Unified Customer Voice Portal (CVP).

Lenovo patches 14-year-old vulnerability

Lenovo released a patch for a vulnerability introduced 14 years ago via a firmware update by the now-defunct Nortel Networks.

Blender 3D open source platform plagued with arbitrary code vulnerabilities

Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.