Patch | SC Media Patch

Patch

VMware advisory warns users to patch critical issue in product

VMWare updates Tools fixing race condition

VMWare issued a single security advisory and patch for a vulnerability in its Tools product. The flaw, CVE-2020-3941, affects VMware Tools for Windows version 10.x.y and can be mitigated by updating to version 11.0. The vulnerability, rated as important, is a race condition that can be exploited enabling an unauthorized person from escalating their privileges…

Adobe rolls out a light Patch Tuesday offering

Adobe’s January Patch Tuesday security update contains five critical patches for Illustrator CC and four non-critical vulnerabilities for Adobe Experience Manager. Two versions of Illustrator CC are covered in this release, 24.0 and 24.0.2 24.0, being impacted by the critical-rated CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713 and CVE-2020-3714.  All are memory code issues and can lead to…

National Security Agency

NSA reveals to Microsoft critical Windows 10 flaw

Microsoft reportedly acted on an NSA warning creating and issuing a secret out-of-band patch to the military and other high-value targets fixing CVE-2020-0601, a vulnerability affecting a core cryptographic component present in all versions of Windows. Published reports stated that the NSA informed Microsoft of the vulnerability and this knowledge enabled Microsoft to quickly fix…

Mozilla patches exploited zero-day flaw in Firefox

The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads an official advisory posted by Mozilla, citing…

Cisco patches multiple vulnerabilities

Cisco released 14 security advisories on January 8 with two being rated as having a potentially high impact and the remainder listed as medium issues. The two rated high are CVE-2019-16005 and CVE-2019-16009. The first is a Cisco Webex video mesh node comm and injection vulnerability that if exploited could allow an authenticated, remote attacker…

Cisco repairs 12 bugs in its Data Center Network Manager

Cisco Systems this month issued six security advisories disclosing a total of 12 vulnerabilities the Data Center Network Manager, three of them critical. Designated CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977, the three most serious flaws could enable unauthenticated, remote attackers to bypass authentication measures and execute malicious actions with admin-level privileges. Collectively, the trio of vulnerabilities were…

Cisco ASA and Firepower Appliance seeing increased attacks

Cisco Talos is reporting on a vulnerability in the company’s Cisco Adaptive Security Appliance (ASA) and Firepower Appliance that is being openly exploited. The issue, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal bug in the web framework of the appliance. Using a specially crafted URL an attacker could cause the ASA appliance to…

Drupal’s Archive Tar patches multiple crititical vulnerabilities

Drupal Core announced multiple critical vulnerabilities that impact some of its configurations for versions: 8.8.x-dev, 8.7.x-dev, and 7.x-dev. The Drupal project uses the third-party library Archive_Tar, which released a security update – SA-CORE-2019-012, according to a Dec. 18 advisory. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The latest versions…

Microsoft issues an advisory for a SharePoint vulnerability

Microsoft issued an out of band security advisory for an information disclosure vulnerability in SharePoint Server. The issue, CVE-2019-1491, is has an “important” severity rating and affects SharePoint Enterprise Server 2016, SharePoint Foundation 2010 Pack 2, SharePoint Foundation 2013 Pack 1 and SharePoint Server 2019. If exploited the vulnerability could allow unauthorized file system access…

WordPress patches four security vulnerabilities

WordPress has pushed out version 5.3.1 patching four security issues. WordPress versions 5.3 and earlier are affected and the company is recommending users download the new version, which is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released. The company did not make note of any…

Next post in Vulnerabilities