Security Updates
3/12/24:
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following and apply the necessary updates: Microsoft Security Update Guide for March.
3/8/24:
Apple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:
Safari 17.4 ; macOS Sonoma 14.4 ; macOS Ventura 13.6.5 ; macOS Monterey 12.7.4 ; watchOS 10.4 ; tvOS 17.4 ; visionOS 1.1
3/7/24:
Cisco released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. We encourage users and administrators to review the following security releases and apply the necessary updates:
2/13/24:
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February Security Update Guide and apply the necessary updates.
1/18/24:
Citrix released security updates to address vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in NetScaler ADC and NetScaler Gateway. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Citrix CTX584986 Security Bulletin and apply the necessary updates.
Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Oracle’s January 2024 Critical Patch Update Advisory and apply the necessary updates.
1/17/24:
VMware released a security advisory to address a vulnerability (CVE-2023-34063) in Aria Operations. A cyber threat actor could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2024-0001 and apply the necessary update.
1/11/24:
Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory and apply the necessary updates.
1/10/24:
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January Security Update Guide and apply the necessary updates.
12/20/23:
Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:
Firefox 121 Thunderbird 115.6 Firefox ESR 115.6
Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. We encourage users and administrators to review Apple security releases and apply necessary updates.
11/22/23:
Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:
11/14/23:
Microsoft has released updates addressing multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2023 Security Update Guide and apply the necessary updates.
VMware has released a security advisory addressing a vulnerability in VMWare Cloud Director Appliance. Cyber threat actors may exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the following VMware security advisory and apply the recommended updates: VMSA-2023-0026: VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060)
10/30/23:
VMware released a security advisory addressing multiple vulnerabilities (CVE-2023-34057, CVE-2023-34058) in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware advisory VMSA-2023-0024 and apply the necessary updates.
10/27/23:
VMware released a security advisory for a vulnerability (CVE-2023-34048) affecting the VMware vCenter Server and (CVE-2023-34056) affecting [VMware Cloud Foundation]. A remote cyber actor could exploit these vulnerabilities to obtain information or take control of an affected system. We encourage users and administrators to review the VMware vCenter Server Out-of-Bounds Write Vulnerability VMSA-2023-0023 advisory and apply the necessary updates.
10/6/23:
Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisory and apply the necessary updates: iOS 17.0.3 and iPadOS 17.0.3.
10/10/23:
Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system. We encourage users and administrators to review the following Citrix security bulletins and apply the necessary updates:
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967
- Citrix Hypervisor Multiple Security Updates
9/27/23:
Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Mozilla security advisories for Thunderbird 115.3, Firefox ESR 115.3 and Firefox 118 for more information and apply the necessary updates.
9/1/23:
VMware has released a security update to address a vulnerability in VMware Tools. A cyber threat actor can exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review VMware Security Advisory VMSA-2023-0019 and apply the necessary update.
8/30/23:
VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2023-0018 and apply the necessary updates.
8/8/23:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s August 2023 Security Update Guide and apply the necessary updates.
8/2/23:
Mozilla has rbeleased security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Mozilla’s security advisories for Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14 for more information and apply the necessary updates.
7/20/23:
Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Oracle’s July 2023 Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin and apply the necessary updates.
7/18/23:
Adobe has released security updates to address a critical vulnerability (CVE-2023-38203) affecting ColdFusion. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe security release APSB23-41 and apply the necessary updates.
7/11/23:
Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Mozilla Security Advisory MFSA 2023-26 and apply the necessary update.
Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe security releases APSB23-38 and APSB23-40 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s July 2023 Security Update Guide and Deployment Information and apply the necessary updates.
6/22/23:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. We encourage users and administrators to review the following advisories and apply the necessary updates.
- watchOS 8.8.1
- macOS Big Sur 11.7.8
- macOS Monterey 12.6.7
- iOS 15.7.7 and iPadOS 15.7.7
- watchOS 9.5.2
- macOS Ventura 13.4.1
- iOS 16.5.1 and iPadOS 16.5.1
6/15/23:
Barracuda Networks has released an update to their advisory addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance (ESG). According to Barracuda, customers should replace impacted appliances immediately. We urge organizations to review the Barracuda advisory and for all impacted customers to follow the mitigation steps as well as hunt for the listed indicators of compromise (IOCs) to uncover any malicious activity. For more information, see Mandiant’s advisory on Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor.
4/11/23:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s April 2023 Security Update Guide and Deployment Information and apply the necessary updates.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. We encourage users and administrators to review the following advisories and apply the necessary updates.
- iOS 15.7.5 and iPadOS 15.7.5
- macOS Monterey 12.6.5
- macOS Big Sur 11.7.6
- Safari 16.4.1
- iOS 16.4.1 and iPadOS 16.4.1
- macOS Ventura 13.3.1
3/31/23:
Mozilla has released a security update to address vulnerabilities in Thunderbird 102.9.1. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Mozilla’s Thunderbird 102.9.1 security advisory for more information and apply the necessary updates.
2/23/23:
VMware has released security updates to address a vulnerability in Carbon Black App Control. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the VMware Security Advisories page. We encourage users and administrators to review VMware Security Advisory VMSA-2023-0004and apply the necessary updates.
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates.
- Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability cisco-sa-capic-csrfv-DMx6KSwV
- Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability cisco-sa-aci-lldp-dos-ySCNZOpX
2/14/23:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device. We encourage users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
Safari 16.3.1 iOS 16.3.1 and iPadOS 16.3.1 macOS 13.2.1
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2023 Security Update Guide and Deployment Information and apply the necessary updates.
Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483) in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Citrix security bulletins CTX477618, CTX477617, and CTX477616 for more information and to apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox 110 and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Mozilla’s security advisories for Firefox 110 and Firefox ESR 102.8 for more information and apply the necessary updates.
2/2/23:
Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
2/1/23:
VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations. A malicious user could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates.
1/25/23:
VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply the necessary updates.
1/18/23:
Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Mozilla’s security advisories for Firefox ESR 102.7 and Firefox 109 for more information and apply the necessary updates.
11/9/22:
VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2022-0028 and apply the necessary updates and workarounds.
Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates.
11/3/22:
Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the advisories and apply the necessary updates.
10/28/22:
VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2022-002 and apply the necessary updates and workarounds.
10/21/22:
Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.
10/11/22:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2022 Security Update Summary and Deployment Information and apply the necessary updates.
9/20/22:
Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Microsoft’s Security Advisory for CVE-2022-37972 and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla security advisories for Firefox 105, Firefox ESR 102.3, and ThunderBird 91.13.1 and apply the necessary updates.
9/13/22:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2022 Security Update Guide and Deployment Information and apply the necessary updates.
8/31/22:
Mozilla has released security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla security advisory for Thunderbird 102.2.1 and apply the necessary updates.
Apple has released security updates to address a vulnerability (CVE-2022-32893) in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Exploitation of this vulnerability could allow an attacker to take control of affected device. We ecourage users and administrators to review Apple’s advisory HT213428 and apply necessary updates.
8/25/22:
Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the advisories for ACI Multi-Site Orchestrator, FXOS, and NX-OS and apply the necessary updates.
8/17/22:
Cisco has released security updates to address vulnerabilities in Cisco Secure Web Appliance. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review Cisco advisory Cisco Secure Web Appliance Privilege Escalation Vulnerability and apply the necessary updates.
8/9/22:
VMware has released security updates to address multiple vulnerabilities in vRealize Operations. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2022-0022 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s August 2022 Security Update Guide and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Adobe Commerce APSB22-38; Acrobat and Reader APSB22-39; Illustrator APSB22-41; FrameMaker APSB22-42 & Premiere Elements APSB22-43.
8/4/22:
Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review Cisco advisory cisco-sa-sb-mult-vuln-CbVp4SUR and apply the necessary updates.
7/22/22:
Apple has released security updates to address vulnerabilities in multiple products. These updates address vulnerabilities attackers could exploit to take control of affected systems. We encourage users and administrators to review the Apple security updates and apply necessary releases.
Cisco has released security updates to address vulnerabilities in multiple products. Some of these vulnerabilities could allow a remote attacker to execute take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the Cisco advisories and apply the necessary updates.
7/12/22:
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Citrix Security Updates CTX461397 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s July 2022 Security Update and Deployment Information and apply the necessary updates.
6/29/22:
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla security advisories for Firefox 102, Firefox ESR 91.11, and Thunderbird 91.11 and 102 and apply the necessary updates.
6/14/22:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment Information and apply the necessary updates.
Citrix has released security updates to address vulnerabilities in Application Delivery Management. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Citrix Security Update CTX460016 and apply the necessary updates.
5/25/22:
Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary update.
Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates.
5/10/22:
Microsoft has released a security advisory to address a remote code execution vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Microsoft Advisory ADV220001 for more information and to apply the necessary updates.
4/28/22:
Google has released Chrome version 101.0.4951.41 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
4/19/22:
Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle April 2022 Critical Patch Update and apply the necessary updates.
3/17/22:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s March 2022 Security Update Summary and Deployment Information (for 3/8/22) and apply the necessary updates.
3/15/22:
Google has released Chrome version 99.0.4844.74 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page and apply the necessary updates.
3/8/22:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla security advisories for Firefox 98 and Firefox ESR 91.7 and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:Photoshop APSB22-14; Illustrator APSB22-15; After Effects APSB22-17.
3/1/22:
Google has released Chrome version 99.0.4844.51 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
2/23/22:
Mozilla has released a security update to address a vulnerability in Mozilla VPN. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Mozilla Foundation Security Advisory 2022-08 and make the necessary update.
2/15/22:
VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2022-0004 and and VMSA-2022-0005 apply the necessary updates.
Cisco has released security updates to address a vulnerability affecting Cisco Email Security Appliance. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review Cisco Advisory cisco-sa-esa-dos-MxZvGtgU and apply the necessary updates or workarounds.
2/14/22:
Adobe has released security updates to address a vulnerability affecting Adobe Commerce and Magento Open Source. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. We encourage users and administrators to review Adobe Security Bulletin APSB22-12 and apply the necessary updates.
2/8/22:
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review Citrix Security Update CTX337526 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2022 Security Update Summary and Deployment Information and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla security advisories for Firefox 97 and Firefox ESR 91.6 and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Premiere Rush APSB22-06, Illustrator APSB22-07, Photoshop APSB22-08, After Effects APSB22-09 & Creative Cloud Desktop APSB22-11
2/3/22:
Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review Cisco advisory cisco-sa-smb-mult-vuln-KA9PK6D and apply the necessary updates.
2/2/22:
Google has released Chrome versions 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for Mac and Linux. These versions address vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
1/25/22:
McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review McAfee Security Bulletin SB10378 and apply the necessary update.
1/19/22:
Google has released Chrome version 97.0.4692.99 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
1/11/22:
Citrix has released a security update to address a vulnerability in Workspace App for Linux. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Citrix Security Update CTX338435 and apply the necessary update.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2022 Security Update Summary and Deployment Information and apply the necessary updates.
1/18/22:
Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2022 Critical Patch Update and apply the necessary updates.
1/4/22
Google has released Chrome version 97.0.4692.71 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates as soon as possible.
VMware has released a security advisory to address a vulnerability in Workstation, Fusion, and ESXi. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2022-0001 and apply the necessary updates and workarounds.
12/16/21:
VMware has released a security advisory to address a vulnerability in Workspace ONE UEM console. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review VMware Security Advisory VMSA-2021-0029 and apply the necessary mitigation.
12/14/21:
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s December 2021 Security Update Summary and Deployment Information and apply the necessary updates.
12/13/21:
Google has released Chrome version 96.0.4664.110 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates as soon as possible.
12/9/21:
Cisco has released a security advisory to address Cisco products affected by multiple vulnerabilities in Apache HTTP Server 2.4.48 and earlier releases. An unauthenticated remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Cisco Advisory cisco-sa-apache-httpd-2.4.49-VWL69sWQ and apply the necessary updates.
12/8/21:
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla security advisories for Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0 and apply the necessary updates.
Cybersecurity Services:
Threat Assessment Vulnerability Management Detection & Defense Incident Response Compliance Cybersecurity Training
Learn about Advanced Cybersecurity in Business Systems such as:
Microsoft Dynamics 365, Dynamics NAV, Azure Cloud, Power BI & Office 365 / SharePoint
11/24/21:
VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker can exploit this vulnerability to obtain access to sensitive information. We encourage users and administrators to review VMware Security Advisory VMSA-2021-0027 and apply the necessary updates.
11/16/21:
Google has released Chrome version 96.0.4664.45 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates as soon as possible.
11/9/21:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2021 Security Update Summary and Deployment Information and apply the necessary updates.
10/27/21:
Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review Cisco Advisory cisco-sa-sd-wan-rhpbE34A and apply the necessary updates.
10/26/21:
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
10/20/21:
Google has released Chrome version 95.0.4638.54 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
10/19/21:
Oracle has released its Critical Patch Update for October 2021 to address 419 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2021 Critical Patch Update and apply the necessary updates.
10/12/21:
Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. We encourage users to review the Apple security page for iOS 15.0.2 and iPadOS 15.0.2 and apply the necessary updates as soon as possible.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2021 Security Update Summary and Deployment Information and apply the necessary updates.
10/6/21:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR . An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla security advisories for Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2.
10/1/21:
Google has released Chrome version 94.0.4606.71 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
9/23/21:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. We encourage users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible.
9/22/21:
Google has released Chrome version 94.0.4606.54 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
9/21/21:
VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2021-0020 and apply the necessary updates.
9/14/21:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2021 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
9/9/21:
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Citrix Security Update CTX325319 and apply the necessary updates.
9/2/21:
Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) Release 4.5.1. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review Cisco advisory cisco-sa-nfvis-g2DMVVh and apply the necessary update.
8/25/21:
VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2021-0018 and apply the necessary updates or workarounds.
8/17/21:
Apple has released a security update to address vulnerabilities in iCloud for Windows 12.5. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security update and apply the necessary updates.
8/2/21:
Google has released Chrome version 92.0.4515.131 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
7/23/21:
Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) to address a NTLM Relay Attack named PetitPotam. We encourage users and administrators to review KB5005413 and apply the necessary mitigations.
7/21/21:
Apple has released security updates to address vulnerabilities in Safari 14.1.2 and iOS 14.7. We encourage users and administrators to review the Apple security updates page and apply the necessary updates when available.
7/20/21:
Google has released Chrome version 92.0.4515.107 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle July 2021 Critical Patch Update and apply the necessary updates.
Citrix has released security updates to address multiple vulnerabilities in Application Delivery Controller, Gateway, and SD-WAN WANOP Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Citrix Security Update CTX319135 and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
7/16/21:
Cisco has released security updates to address a vulnerability in Adaptive Security Appliance Software Release 9.16.1 and Firepower Threat Defense Software Release 7.0.0. A remote attacker could exploit this vulnerability to cause a denial of service condition. We encourage users and administrators to review Cisco Advisory cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC and apply the necessary updates.
7/15/21:
Google has released Chrome version 91.0.4472.164 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30563
7/13/21:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 90 and Firefox ESR 78.12 and apply the necessary updates.
Citrix has released security updates to address a vulnerability in multiple versions of Virtual Apps and Desktops. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Citrix Security Update CTX319750 and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
VMware has released a security update to address a vulnerability in VMware ESXi and VMware Cloud Foundation. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2021-0014 and apply the necessary update.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s July 2021 Security Update Summary and Deployment Information and apply the necessary updates.
7/10/21:
SolarWinds has released an advisory
6/25/21:
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review Citrix Security Update CTX316325 and apply the necessary updates.
6/23/21:
VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes. An attacker could exploit these vulnerabilities to take control of an affected system. We encourages users and administrators to review VMware Security Advisory Advisories VMSA-2021-0012 and VMSA-2021-0013 and apply the necessary updates.
6/18/21:
Google has released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30554
6/15/21:
Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security update and apply the necessary updates.
6/10/21:
Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30551—has been detected in exploits in the wild. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
6/8/21:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2021 Security Update Summary and Deployment Information and apply the necessary updates.
5/26/21:
VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2021-0010 and apply the necessary updates and workarounds.
5/5/21:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the Advisories and apply the necessary updates.
5/4/21:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates: macOS Big Sur 11.3.1 iOS 14.5.1 and iPadOS 14.5.1 iOS 12.5.3 watchOS 7.4.1.
4/27/21:
Google has released Chrome version 90.0.4430.93 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
4/20/21:
Oracle has released its Critical Patch Update for April 2021 to address 384 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle April 2021 Critical Patch Update and apply the necessary updates.
VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10, and apply the necessary updates.
4/8/21:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
4/2/21:
VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2021-005 and apply the necessary updates.
3/31/21:
Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review Citrix Security Update CTX306565 and apply the necessary updates.
VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2021-004 and apply the necessary updates.
Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
3/25/21:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
3/23/21:
Adobe has released security updates to address a vulnerability affecting ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB21-16 and apply the necessary updates.
3/18/21:
Cisco has released security updates to address a vulnerability in Cisco Small Business routers. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Cisco Advisory cisco-sa-rv-132w134w-overflow-Pptt4H2p and apply the necessary updates.
3/10/21:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review Microsoft’s March 2021 Security Update Summary
and Deployment Information and apply the necessary updates.
3/5/21:
Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021. We encourage organizations to upgrade their on-premises Exchange environments to the latest supported version. If an organization is unable to immediately apply the updates, CISA strongly recommends they apply the alternative mitigations found in Microsoft’s blog on Exchange Server Vulnerabilities Mitigations in the interim.
3/4/21:
Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review Cisco Advisory cisco-sa-snort-ethernet-dos-HGXgJH8n and apply the necessary updates.
VMware has released a security update to address a vulnerability in View Planner. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2021-0003 and apply the necessary update.
2/9/21:
Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review Microsoft Advisory for CVE-2021-1732 and apply the necessary patch to Windows 10 and Windows 2019 servers. Microsoft has also released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2021 Security Update Summary and Deployment Information and apply the necessary updates.
Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security update and apply the necessary updates.
2/8/21:
Mozilla has released security updates addressing a vulnerability affecting Firefox and Firefox ESR. An attacker can take advantage of this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla security advisory for Firefox 85.0.1 and Firefox ESR 78.7.1 and apply the necessary updates.
2/5/21:
Google has released Chrome Version 88.0.4324.150 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
1/21/21:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates.
Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2021 Critical Patch Update and apply the necessary updates.
1/12/21:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2021 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Photoshop APSB21-01, Illustrator ASPB21-02, Animate ASPB21-03, Campaign Classic APSB21-04, InCopy APSB21-05, Captivate APSB21-06, and Bridge APSB21-07.
Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 78.6.1 and apply the necessary update.
1/11/21:
Microsoft has released a security update to address multiple vulnerabilities in Edge (Chromium-based). An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the latest entry for Microsoft Security Advisory ADV200002 and apply the necessary updates.
1/7/21:
Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory and apply the necessary updates.
12/16/20:
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 84, Firefox ESR 78.6, and Thunderbird 78.6 and apply the necessary updates.
12/15/20:
Cisco has released security updates to address vulnerabilities in Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Cisco Security Advisory cisco-sa-jabber-ZktzjpgO and apply the necessary updates.
12/2/20:
Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 78.5.1 and apply the necessary update.
Xerox has released security updates for DocuShare 6.6.1, 7.0, and 7.5 to address a vulnerability that could allow an unauthenticated attacker to obtain sensitive information. We urges users and administrators review Xerox Mini Bulletin XRX20W and apply the necessary updates.
11/19/20:
VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN Orchestrator. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0025 and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5 and apply the necessary updates.
Google has released Chrome version 87.0.4280.66 for Windows, Mac, and Linux to address multiple vulnerabilities. Some of these vulnerabilities could allow an attacker to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
11/17/20:
Hackers Can Now Bypass Your Filters and Implant Malicious Emails Straight Into Your Inbox. Taking advantage of IMAP functionality a new tool now available on the dark web empowers cybercriminals to circumvent mail scanners, virtual sandboxes, and other security solutions. It’s every phisher’s dream and should be your nightmare: a means to bypass all that security software designed to weed out malicious emails, attachments and links. Well, it’s here. According to security analysts at Gemini Advisory, the tool known as “Email Appender” has hit the market on the dark web.
This tool gives any cybercriminal with a set of email account credentials an ability to implant a malicious email directly into the Inbox of that victim’s mailbox. By using an IMAP connection (which is normally used to retrieve email), Email Appender uses allowed functionality to append a message to the victim’s Inbox. In other words, that malicious phishing email you don’t want getting to your user’s Inbox is placed there directly with no alarms sounding, lights flashing, or other warning that it’s malicious. Able to set the Sender address, email contents, and include attachments, Email Appender is the next big thing (until someone makes an IMAP security solution).
There is a silver lining here; to make this work, the attacker does need the victim’s email credentials. So as long as users are vigilant about phishing scams designed to fool them into logging onto a fake Office 365 website (or equivalent), this attack has no ability to succeed. Organizations that employ security awareness training educate their users about the dangers of phishing attacks, the types of attacks to watch out for, and why it’s important for your users to be a strong human firewall as your last line of defense. See more detailed info here on the Gemini Advisory web site.
11/17/20:
Cisco has released security updates to address vulnerabilities in Cisco Security Manager. A remote attacker could exploit these vulnerabilities to obtain sensitive information. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates.
- Cisco Security Manager Path Traversal Vulnerability cisco-sa-csm-path-trav-NgeRnqgR
- Cisco Security Manager Static Credential Vulnerability cisco-sa-csm-rce-8gjUz9fW
11/13/20:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild. We encourage users and administrators to review the Apple security pages for macOS Big Sur 11.0, 11.0.1 and for macOS High Sierra 10.13.6, macOS Mojave 10.14.6 and apply the necessary updates.
11/12/20:
Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. We encourage users and administrators to review the following resources and apply the necessary updates.
- Google Chrome Release
- Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory 2020-154
11/10/20:
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2020 Security Update Summary and Deployment Information and apply the necessary updates.
Cisco has released a security update to address a vulnerability in IOS XR Software for ASR 9000 Series Aggregation Services Routers. An unauthenticated, remote attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the Cisco security advisory and apply the necessary update.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe security advisories for Adobe Connect and Adobe Reader for Android and apply the necessary updates.
11/6/20:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates.
- macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update
- iOS 12.4.9
- tvOS 14.2
- iOS 14.2 and iPadOS 14.2
11/5/20:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
10/22/20:
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco security page and apply the necessary updates.
10/21/20:
Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary changes.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 82, Firefox ESR 78.4, and Thunderbird 78.4 and apply the necessary updates.
10/16/20:
Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Magento Open Source. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB20-59 and apply the necessary updates.
10/14/20:
Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—i
9/8/20:
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2020 Security Update Summary and Deployment Information and apply the necessary updates.
8/11/20:
Apple has released security updates to address vulnerabilities in iCloud for Windows 7.20 (for Windows 7 and later) and 11.3 (for Windows 10 and later). An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for iCloud 7.20 and iCloud 11.3 and apply the necessary updates.
Google has released Chrome version 84.0.4147.125 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat, Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB20-48 and APSB20-51 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s August 2020 Security Update Summary and Deployment Information and apply the necessary updates.
7/29/20 & 7/30/20:
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
7/28/20:
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:
Adobe has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review Adobe Security Bulletin APSB20-47 and apply the necessary updates.
7/27/20:
Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
7/23/20:
Citrix has released security updates to address a vulnerability in Workspace app for Windows. A remote attacker could exploit this vulnerability to take control of an affected system if Windows Server Message Block (SMB) is enabled. We recommend that users and administrators review Citrix Security Bulletin CTX277662 and apply the necessary updates.
Cisco has released security updates to address a vulnerability in Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Cisco Security Advisory cisco-sa-asaftd-ro-path-KJuQhB86 for more information and apply the necessary updates.
7/22/20:
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
7/17/20:
Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit this vulnerability to drop Dynamic Link Library (DLL) files and gain elevated privileges. We encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1341 and apply the necessary update.
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 78 and apply the necessary update.
7/15/20:
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
7/14/20:
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle July 2020 Critical Patch Update and apply the necessary updates.
6/25/20:
Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—a
6/24/20:
VMware has released security updates to address multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0015 and apply the necessary updates or workarounds.
6/23/20:
Adobe has released security updates to address vulnerabilities in Magento Commerce 1 and Magento Open Source 1. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB20-41 and apply the necessary updates.
Google has released Chrome version 83.0.4103.116 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to cause a denial-of-service condition. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.
6/19/20:
Microsoft has released security updates to address a vulnerability in Windows 10 version 1903. An attacker could exploit this vulnerability to overwrite or modify a protected file and gain elevated privileges. We encourage users and administrators to review Microsoft’s Security Advisory for CVE-2020-1441 and apply the necessary updates.
6/18/20:
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We We encourage users and administrators to review the advisories and apply the necessary updates.
6/16/20:
Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
6/10/20:
VMware has released a security update to address a vulnerability in Horizon Client for Windows. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0013 and apply the necessary update.
6/9/20:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2020 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in Flash Player, Experience Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the latest Adobe security bulletins and apply the necessary updates.
6/4/20:
Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco security advisories page and apply the necessary updates.
6/2/20:
Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra
- tvOS 13.4.6 for Apple TV 4K and Apple TV HD
- watchOS 6.2.6 for Apple Watch Series 1 and later
- iOS 13.5.1 and iPadOS 13.5.1
Cisco has released security updates to address a vulnerability in NX-OS Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates or workarounds.
5/29/20:
Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition (CML) and Virtual Internet Routing Lab Personal Edition (VIRL-PE). A remote attacker could exploit these vulnerabilities to take control of an affected system. We ecourage users and administrators to review the Cisco Security Advisory and apply the necessary updates or workaround.
VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory VMSA-2020-0011 and apply the necessary updates
5/27/20:
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
- Windows Migration Assistant 2.2.0.0
- Safari 13.1.1
- iCloud for Windows 11.2
- iCloud for Windows 7.19
5/22/20:
Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges. We encourage users and administrators to review Microsoft’s Security Advisory for CVE-2020-1195 and apply the necessary update.
5/19/20:
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Notes and apply the necessary updates.
Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review Microsoft Advisory ADV200009 for more information and to apply the necessary mitigation or workaround.
VMware has released security updates to address a vulnerability in VMware Cloud Director (formerly known as vCloud Director). A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory and apply the necessary updates or workaround.
5/7/20:
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
5/6/20:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 76 and Firefox ESR 68.8 and apply the necessary updates.
Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourages users and administrators to review the Chrome Release and apply the necessary updates.
5/1/20:
Oracle has released a blog post warning users that a previously disclosed Oracle WebLogic Server remote code execution vulnerability (CVE-2020-2883) is being exploited in the wild. Oracle disclosed the vulnerability and provided software patches in their April 2020 Critical Patch Update; however, malicious cyber actors are now known to be targeting unpatched servers. We urge users and administrators to review the Oracle Blog and the April 2020 Critical Patch Updates for more information and apply the necessary patches as soon as possible.
4/30/20:
Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.
4/22/20:
Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library. These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote attacker can exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft Advisory ADV200004 and apply the necessary updates.
OpenSSL version 1.1.1g has been released to address a vulnerability affecting versions 1.1.1d–1.1.1f. An attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the OpenSSL Security Advisory and apply the necessary update.
4/17/20:
Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Apple security page for Xcode 11.4.1 and apply the necessary update.
4/16/20:
Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
4/14/20:
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s April 2020 Security Update Summary and Deployment Information and apply the necessary updates.
VMware has released security updates to address vulnerabilities in VMware vRealize Log Insight. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0007 and apply the necessary updates.
Oracle has released its Critical Patch Update for April 2020 to address 397 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review the Oracle April 2020 Critical Patch Update and apply the necessary updates.
4/8/20:
Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourages users and administrators to review the Chrome Release and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Mozilla Security Advisories for Firefox 75 and Firefox ESR 68.7 and apply the necessary updates.
4/3/20:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. We encourage users and administrators to review Mozilla’s security advisory for Firefox 74.0.1 and Firefox ESR 68.6.1 and apply the necessary update.
4/1/20:
Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
3/25/20:
Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB20-11 and apply the necessary update.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- iTunes 12.10.5 for Windows
- iOS 13.4 and iPadOS 13.4
- Safari 13.1
- watchOS 6.2
- tvOS 13.4
- macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
- Xcode 11.4
3/23/20:
Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild. We encourage users and administrators to review Microsoft Advisory ADV200006 and the CERT Coordination Center (CERT/CC) Vulnerability Note VU#354840 for more information and apply the necessary mitigations until patches are made available.
3/19/20:
Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates.
- SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-sdwpresc-ySJGvE9
- SD-WAN Solution Command Injection Vulnerability cisco-sa-sdwclici-cvrQpH9v
- SD-WAN Solution Buffer Overflow Vulnerability cisco-sa-sdwanbo-QKcABnS2
Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
3/18/20:
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
- Genuine Integrity Service APSB20-12
- Acrobat and Reader APSB20-13
- PhotoShop APSB20-14
- Experience Manager APSB20-15
- ColdFusion APSB20-16
- Bridge APSB20-17
3/16/20:
VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0004 and apply the necessary updates.
3/12/20:
Microsoft has released out-of-band security updates to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the following resources and apply the necessary updates or workarounds.
• Microsoft Security Guidance for CVE-2020-0796
• Microsoft Advisory ADV200005
• CERT Coordination Center’s Vulnerability Note VU#872016
3/10/20:
Microsoft Exchange Servers affected by a remote code execution vulnerability, known as CVE-2020-0688, continue to be an attractive target for malicious cyber actors. A remote attacker can exploit this vulnerability to take control of an affected system that is unpatched. Although Microsoft disclosed the vulnerability and provided software patches for the various affected products in February 2020, advanced persistent threat actors are targeting unpatched servers, according to recent open-source reports. We urge users and administrators review Microsoft’s Advisory and the National Security Agency’s tweet on CVE-2020-0688 for more information and apply the necessary patches as soon as possible. Microsoft has also released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s March 2020 Security Update Summary and Deployment Information and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 74 and Firefox ESR 68.6 and apply the necessary updates.
3/5/20:
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:
- Intelligent Proximity SSL Certificate Validation Vulnerability cisco-sa-proximity-ssl-cert-gBBu3RB
- Prime Network Registrar Cross-Site Request Forgery Vulnerability cisco-sa-cpnr-csrf-WWTrDkyL
- Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities cisco-sa-20200304-webex-player
3/4/20:
Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses
2/27/20:
Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco advisories, as well as the Cisco Event Response page, and apply the necessary updates:
- UCS Manager Software Local Management CLI Command Injection Vulnerability cisco-sa-20200226-ucs-cli-cmdinj
- Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability cisco-sa-20200226-nexus-1000v-dos
- MDS 9000 Series Multilayer Switches Denial of Service Vulnerability cisco-sa-20200226-mds-ovrld-dos
- FXOS and UCS Manager Software CLI Command Injection Vulnerability cisco-sa-20200226-fxos-ucs-cmdinj
- FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability cisco-sa-20200226-fxos-ucs-cli-cmdinj
- XOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability cisco-sa-20200226-fxos-nxos-cdp
2/25/20:
Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
2/21/20:
Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
2/20/20:
Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB20-09 and APSB20-10 and apply the necessary updates.
2/11/20:
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:
- Framemaker APSB20-04
- Acrobat and Reader APSB20-05
- Flash Player APSB20-06
- Digital Editions APSB20-07
- Experience Manager APSB20-08
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2020 Security Update Summary and Deployment Information and apply the necessary updates.
2/5/20:
Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
1/24/20:
Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Cisco Security Advisory cisco-sa-20200124-webex-unauthjoin for more information.
1/23/20:
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the Advisories and apply the necessary updates.
Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of Compromise Scanner that aims to identify evidence of successful exploitation of CVE-2019-19781. We strongly recommend users and administrators review the Citrix Security Bulletin CTX267027 and apply the necessary updates. We also recommend the following:
- Run the Indicators of Compromise Scanner.
- Review the Citrix article on CVE-2019-19781: Fixes now available for Citrix SD-WAN WANOP, published January 23, 2020.
- Review CISA’s Activity Alert on Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP.
1/17/20:
Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC’s Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.
1/14/20:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2020 Security Update Summary and Deployment Information and apply the necessary updates.
Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. We encourage users and administrators to review the following Intel advisories and apply the necessary updates: SNMP Subagent Stand-Alone Advisory for Windows INTEL-SA-00300; Chipset Device Software Advisory INTEL-SA-00306; RWC 3 for Windows Advisory INTEL-SA-00308; Processor Graphics Advisory INTEL-SA-0031; VTune Amplifier for Windows Advisory INTEL-SA-00325; DAAL Advisory INTEL-SA-00332.
VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0002 and apply the necessary update.
Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB20-03 and APSB20-01 and apply the necessary updates.
Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2020 Critical Patch Update and apply the necessary updates.
1/9/20:
Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. We encourage users and administrators to review the Cisco Webex Video Mesh Advisory and the Cisco IOS and IOS XE Software Advisory and apply the necessary updates.
1/8/20:
Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 72 and Firefox ESR 68.4 and apply the necessary updates.
Citrix has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. We encourage users and administrators to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 for more information and workarounds.
12/18/19:
Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Microsoft Security Advisory for CVE-2019-1491 and apply the necessary updates.
Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
12/10/19:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s December 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Google has released security updates for Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- Xcode 11.3
- watchOS 5.3.4
- watchOS 6.1.1
- tvOS 13.3
- macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra
- Safari 13.0.4
- iOS 12.4.4
- iOS 13.3 and iPadOS 13.3
Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. We encourage users and administrators to review the following Intel advisories and apply the necessary updates and recommended mitigations:
- Linux Administrative Tools for Intel Network Adapters Advisory INTEL-SA-00237
- Processors Voltage Settings Modification Advisory INTEL-SA-00289
- Control Center-I Advisory INTEL-SA-00299
- Quartus Prime Pro Edition Advisory INTEL-SA-00311
- SCS Platform Discovery Utility Advisory INTEL-SA-00312
- Unexpected Page Fault in Virtualized Environment Advisory INTEL-SA-00317
- NUC Firmware Advisory INTEL-SA-00323
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
12/6/19:
VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0022 and apply the necessary updates and workarounds.
12/5/19:
Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system. We encourage users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations.
12/4/19:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3.
11/12/19:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2019 Security Update Summary and Deployment Information and apply the necessary updates.
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.
10/31/19:
Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
10/30/19:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- macOS Catalina 10.15.1 for macOS Catalina 10.15, Security Update 2019-001, and Security Update 2019-006
- watchOS 6.1 for Apple Watch
- watchOS 5.3.3
- Safari 13.0.3
- iOS 13.2 and iPadOS 13.2
- iOS 12.4.3
- tvOS 13.2
10/23/19:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages user and administrators to review the Mozilla Security Advisories for Firefox 70 and Firefox ESR 68.2.
Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
10/17/19:
Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:
- Aironet Access Points Unauthorized Access Vulnerability cisco-sa-20191016-airo-unauth-access
- Wireless LAN Controller Secure Shell Denial of Service Vulnerability cisco-sa-20191016-wlc-ssh-dos
- SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities cisco-sa-20191016-spa-rce
- Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability cisco-sa-20191016-sbss-csrf
- Aironet Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability cisco-sa-20191016-airo-pptp-dos
10/16/19:
VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0016 and apply the necessary update.
10/15/19:
WordPress 5.2.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. We encourage users and administrators to review the WordPress Security Release and upgrade to WordPress 5.2.4.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:
- Experience Manager APSB19-48
- Acrobat and Reader APSB19-49
- Experience Manager Forms APSB19-50
- Download Manager APSB19-51
Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2019 Critical Patch Update and apply the necessary updates.
10/11/19:
Google has released Chrome version 77.0.3865.120 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
10/9/19:
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review the following Intel advisories and apply the necessary updates:
- Active System Console Advisory INTEL-SA-00261
- Smart Connect Technology for Intel NUC Advisory INTEL-SA-00286
- NUC Advisory INTEL-SA-00296
10/8/19:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2019 Security Update Summary and Deployment Information and apply the necessary updates.
10/3/19:
Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Event Response page and apply the necessary updates.
Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services. We encourage users and administrators to review Microsoft Security Advisory for CVE-2019-1367 and apply the necessary updates.
9/27/19:
Apple has released security updates to address a vulnerability in multiple products. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, and Security Update 2019-005 Sierra
- watchOS 5.3.2
- iOS 12.4.2
9/25/19:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review Apple’s security updates page and apply the necessary updates for the following products: iOS 13.1 and iPadOS 13.1, Safari 13.0.1 & tvOS 13.
VMware has released security updates to address vulnerabilities in Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0015 and apply the necessary updates and workarounds.
Adobe has released security updates to address vulnerabilities in ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB19-47 and apply the necessary updates.
9/23/19:
Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software. A remote attacker could exploit of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft Security Advisories for CVE-2019-1367, CVE-2019-1255, and Microsoft’s Cumulative security update for Internet Explorer and apply the necessary updates.
9/20/19:
VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0014 and apply the necessary updates.
Cybersecurity Services:
Threat Assessment Vulnerability Management Detection & Defense Incident Response Compliance Cybersecurity Training
Learn about Advanced Cybersecurity in Business Systems such as Microsoft Dynamics 365 / Dynamics NAV, Azure Cloud, Dynamics CRM, Office 365 / SharePoint & Intuit QuickBooks Enterprise.
9/19/19:
Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
9/10/19:
Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review Intel’s Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. We encourage users and administrators to review Microsoft’s September 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. We encourage users and administrators to review Adobe Security Bulletins APSB19-45 and APSB19-46 and apply the necessary updates.
9/6/19:
WordPress Releases Security Update. WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. We encourage users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.2.3.
9/5/19:
Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:
- Webex Teams Logging Feature Command Execution Vulnerability cisco-sa-20190904-webex-teams
- Industrial Network Director Configuration Data Information Disclosure Vulnerability cisco-sa-20190904-ind
- Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability cisco-sa-20190904-unified-ccx-ssrf
- Content Security Management Appliance Information Disclosure Vulnerability cisco-sa-20190904-sma-info-dis
- Jabber Client Framework for Mac Code Execution Vulnerability cisco-sa-20190904-jcf-codx
- Identity Services Engine Cross-Site Scripting Vulnerability cisco-sa-20190904-ise-xss
- Finesse Request Processing Server-Side Request Forgery Vulnerability cisco-sa-20190904-finesse-ssrf
9/4/19:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9.
8/29/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:
- REST API Container for IOS XE Software Authentication Bypass Vulnerability cisco-sa-20190828-iosxe-rest-auth-bypass
- Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability cisco-sa-20190828-ucs-privescalation
- NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability cisco-sa-20190828-nxos-memleak-dos
- NX-OS Software IPv6 Denial of Service Vulnerability cisco-sa-20190828-nxos-ipv6-dos
- NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability cisco-sa-20190828-nxos-fsip-dos
- FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability cisco-sa-20190828-fxnxos-snmp-dos
- NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability cisco-sa-20190828-nxos-snmp-bypass
- NX-OS Software Network Time Protocol Denial of Service Vulnerability cisco-sa-20190828-nxos-ntp-dos
- NX-OS Software NX-API Denial of Service Vulnerability cisco-sa-20190828-nxos-api-dos
- Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability cisco-sa-20190828-nexus-aci-dos
8/27/19:
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourages users and administrators to review the Chrome Release page and apply the necessary updates.
8/22/19:
Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Authentication Bypass Vulnerability in IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases cisco-sa-20190821-imcs-ucs-authby
- Authentication Bypass Vulnerability in IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases cisco-sa-20190821-imcs-ucs-authbypass
- Secure Copy (SCP) User Default Credentials Vulnerability in IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases cisco-sa-20190821-imcs-usercred
- Application Programming Interface (API) Authentication Bypass Vulnerability in UCS Director and UCS Director Express for Big Data releases cisco-sa-20190821-ucsd-authbypass
8/14/19:
Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:
- Windows 7 SP1; Windows Server 2008 R2 SP1; Windows Server 2012; Windows 8.1; Windows Server 2012 R2 & Windows 10
An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems. We encourage users and users and administrators to review the following resources and apply the necessary updates:
- Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
- Microsoft Security Vulnerability Information for CVE-2019-1181
- Microsoft Security Vulnerability Information for CVE-2019-1182
- Microsoft Security Blog Post: Protect Against BlueKeep
- Microsoft Customer Guidance for CVE-2019-0708
8/13/19:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s August 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:
- After Effects CC APSB19-31
- Character Animator CC APSB19-32
- Premiere Pro CC APSB19-33
- Prelude CC APSB19-35
- Creative Cloud Desktop Application APSB19-39
- Acrobat and Reader APSB19-41
- Experience Manager APSB19-42
- Photoshop CC APSB19-44
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review the following Intel advisories and apply the necessary updates:
- RAID Web Console 2 Advisory INTEL-SA-00246
- NUC Advisory INTEL-SA-00272
- Authenticate Advisory INTEL-SA-00275
- Driver and Support Assistant Advisory INTEL-SA-00276
- Remote Displays SDK Advisory INTEL-SA-00277
- Processor Identification Utility for Windows Advisory INTEL-SA-00281
- Computing Improvement Program Advisory INTEL-SA-00283
8/8/19:
Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Webex Network Recording Player and Webex Player Arbitrary Code Execution Vulnerabilities cisco-sa-20190807-webex-player
- Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability cisco-sa-20190807-nfvis-vnc-authbypass
- IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability cisco-sa-20190807-iosxr-isis-dos-1918
- IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability cisco-sa-20190807-iosxr-isis-dos-1910
- Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability cisco-sa-20190807-asa-privescala
- Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities cisco-sa-20190806-sb220-rce
- Small Business 220 Series Smart Switches Authentication Bypass Vulnerability cisco-sa-20190806-sb220-auth_bypass
8/3/19:
VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0012 and apply the necessary updates and workarounds.
8/1/19:
Cisco has released security updates to address a vulnerability in Cisco Nexus 9000 Series Fabric Switches. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.
7/31/19:
Google has released Chrome version 76.0.3809.87 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
7/22/19:
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- iOS 12.4
- tvOS 12.4
- Safari 12.1.2
- macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
- watchOS 5.3
7/17/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:
- Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability cisco-sa-20190717-cvdsd-wmauth
- FindIT Network Management Software Static Credentials Vulnerability cisco-sa-20190717-cfnm-statcred
- IOS Access Points Software 802.11r Fast Transition Denial-of-Service Vulnerability cisco-sa-20190717-aironet-dos
7/16/19:
Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary updates.
Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates.
7/15/19:
Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
7/10/19:
Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.
Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.
7/9/19:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s July 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourages users and administrators to review Intel Security Advisories INTEL-SA-00267 and INTEL-SA-00268 and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 68 and Firefox ESR 60.8 and apply the necessary updates.
Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-37, APSB19-38, and APSB19-40 and apply the necessary updates.
7/3/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates
7/2/19:
VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available.
6/27/19:
Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.
6/26/19:
Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:
- DCNM Arbitrary File Upload and Remote Code Execution Vulnerability cisco-sa-20190626-dcnm-codex
- DCNM Authentication Bypass Vulnerability cisco-sa-20190626-dcnm-bypass
- DCNM Arbitrary File Download Vulnerability cisco-sa-20190626-dcnm-file-dwnld
- DCNM Information Disclosure Vulnerability cisco-sa-20190626-dcnm-infodiscl
6/21/19:
Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information. We encourage users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.
6/20/19:
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.4 and Firefox ESR 60.7.2 and apply the necessary updates.
Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.
Apple releases security updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.8.1 and apply the necessary updates.
6/19/19:
Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Oracle Security Alert and apply the necessary updates.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review and apply the necessary updates.
6/18/19:
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.
6/13/19:
Mozilla has released a security update to address vulnerabilities in Thunderbird. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.
Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
6/12/19:
Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.
6/11/9:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.
6/6/19:
VMware has released security updates to address vulnerabilities affecting Tools 10 and Workstation 15. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply the necessary updates.
6/5/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:
- Industrial Network Director Remote Code Execution Vulnerability cisco-sa-20190605-ind-rce
- Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability cisco-sa-20190605-cucm-imp-dos
- Webex Meetings Server Information Disclosure Vulnerability cisco-sa-20190605-webexmeetings-id
- TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability cisco-sa-20190605-vcs
- Unified Computing System BIOS Signature Bypass Vulnerability cisco-sa-20190605-ucs-biossig-bypass
- IOS XR Software Secure Shell Authentication Vulnerability cisco-sa-20190605-iosxr-ssh
- Industrial Network Director Stored Cross-Site Scripting Vulnerability cisco-sa-20190605-ind-xss
- Industrial Network Director Cross-Site Request Forgery Vulnerability cisco-sa-20190605-ind-csrf
- Enterprise Chat and Email Cross-Site Scripting Vulnerability cisco-sa-20190605-ece-xss
6/4/19:
Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.
The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable. We encourage users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s “A Reminder to Update Your Systems to Prevent a Worm“, and Microsoft Customer Guidance for CVE-2019-0708.
CISA recommends patching the affected operating systems:
5/30/19:
Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.9.1 and apply the necessary updates.
5/21/19:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 67 and Firefox ESR 60.7 and apply the necessary updates.
5/16/19:
Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:
- In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008
- Out-of-support systems: Windows 2003 and Windows XP
A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates.
5/15/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
5/14/19:
VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s May 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates.
Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available.
Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. We encourage users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate WhatsApp version on their smart phones.
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- watchOS 5.2.1
- Safari 12.1.1
- Apple TV Software 7.3
- tvOS 12.3
- iOS 12.3
- macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra
5/13/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco IOS XE Software Web UI Command Injection Vulnerability cisco-sa-20190513-webui
- Cisco Secure Boot Hardware Tampering Vulnerability cisco-sa-20190513-secureboot
5/7/19:
Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.
5/1/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.
4/30/19:
Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.
4/26/19:
Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Oracle Security Alert for more information and apply the necessary updates.
4/23/19:
Google has released Chrome version 74.0.3729.108 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.
4/17/19:
Cisco has released a security update to address a vulnerability in Cisco IOS XR. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.
4/16/19:
Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.
4/12/19:
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0006 and apply the necessary updates.
4/9/19:
Adobe has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletins and Advisories page and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Intel Security Advisories and apply the necessary updates and mitigations:
4/4/19:
The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates.
3/29/19:
VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisories VMSA-2019-0004 and VMSA-2019-0005 and apply the necessary updates.
3/28/19:
Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.
3/27/19:
Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.
3/25/19:
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update.
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- iCloud for Windows 7.11
- iTunes 12.9.4 for Windows
- Safari 12.1
- macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
- tvOS 12.2
- Xcode 10.2
- iOS 12.2
3/22/19:
Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1 and Firefox 66.0.1 and apply the necessary updates.
3/20/19:
Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates.
- Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptv
- Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudos
- Cisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipab
- Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rce
- Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf
3/19/19:
Microsoft Ending Support for Windows 7 – After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free Technical support for any issues, Software updates & Security updates or fixes. Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats. We encourage users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.We encourage users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.
3/15/19:
Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.
VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.
3/13/19:
Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encurage users and administrators to review the Chrome Release and apply the necessary updates.
Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:
- Common Services Platform Collector Static Credential Vulnerability cisco-sa-20190313-cspcscv
- Small Business SPA514G IP Phones SIP Denial-of-Service Vulnerability cisco-sa-20190313-sip
3/12/19:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates.
3/7/19:
Google has released Chrome version 72.0.3626.121 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.
3/6/19:
Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.
3/1/19:
Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review Adobe Security Bulletin APSB19-14 and apply the necessary updates or mitigation.
2/27/19:
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:
- Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability cisco-sa-20190227-rmi-cmd-ex
- Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability cisco-sa-20190227-wmda-cmdinj
2/21/19:
Adobe has released security updates to address a vulnerability in Adobe Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletin APSB19-13 and apply the necessary updates.
2/20/19:
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.
2/15/19:
VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.
2/14/19:
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.
2/12/19:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.
Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates.
2/7/19:
Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
2/6/19:
Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. We encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center’s Vulnerability Note VU#465632 and consider the workarounds until an update is available.
1/29/19:
Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates.
1/23/19:
Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.
1/22/19:
Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletins APSB19-03 and APSB19-09 and apply the necessary updates.
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple Security Updates page and apply the necessary updates.
1/15/19:
Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.
1/9/19:
Cisco has released security updates to address vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability [cisco-sa-20190109-esa-dos]
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability [cisco-sa-20190109-esa-url-dos]
1/8/19:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2019 Security Update Summary and Deployment Information and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in Adobe Connect and Adobe Digital Editions. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Advisories APSB19-05 and APSB19-04, and apply the necessary updates.
1/4/19:
The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review CERT/CC’s Vulnerability Notes VU#289907 and VU#531281 and Microsoft’s security advisories for CVE-2018-8611 and CVE-2018-8626 and apply the necessary updates.
1/3/19:
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletin APSB19-02 and apply the necessary updates.
12/19/18:
Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Update Guide and the CERT Coordination Center’s Vulnerability Note VU#573168 and apply the necessary updates.
12/12/18:
Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.
12/11/18:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review Microsoft’s December 2018 Security Update Summary and Deployment Information and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 64 and Firefox ESR 60.4 and apply the necessary updates.
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-41 and apply the necessary updates.
12/6/18:
Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-42 and apply the necessary updates.
12/5/18:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:
- iCloud for Windows 7.9
- Safari 12.0.2
- iTunes 12.9.2 for Windows
- macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra
- tvOS 12.1.1
- iOS 12.1.1
12/4/18:
Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.
11/28/18:
Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.
11/22/18:
VMware has released security updates to address a vulnerability in Workstation and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0030 and apply the necessary updates.
11/20/18:
Adobe has released security updates to address a vulnerability in Adobe Flash Player. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-44 and apply the necessary updates.
11/13/18:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates.
11/7/18:
Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco Stealthwatch Management Console Authentication Bypass Vulnerability cisco-sa-20181107-smc-auth-bypass
- Cisco Unity Express Arbitrary Command Execution Vulnerability cisco-sa-20181107-cue
- Cisco Meraki Local Status Page Privilege Escalation Vulnerability cisco-sa-20181107-meraki
10/31/18:
Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.
10/24/18:
Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.
10/19/18:
Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.
10/17/18:
Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.
10/16/18:
The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details. We encourage users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2018 Critical Patch Update and apply the necessary updates.
VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.
Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. we encourage users and administrators to review the Chrome Releases page and apply the necessary update.
10/12/18:
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.
10/9/18:
Adobe has released security updates to address vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-27, APSB18-37, and APSB18-38 and apply the necessary updates.
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2018 Security Update Summary and Deployment Information and apply the necessary updates.
VMware has released a security advisory to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to cause a denial-of-service condition. we encourage users and administrators to review VMware Security Advisory VMSA-2018-0025 and apply the necessary workarounds.
10/3/18:
Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.
The Federal Trade Commission (FTC) has released an alert to provide Facebook users with recommended precautions against identity theft after the recent breach of the Facebook social media platform. We encourage users and administrators to review the FTC Alert and the NCCIC Tip on Preventing and Responding to Identity Theft. If you believe you are a victim of identity theft, visit the FTC’s identity theft website to make a report.
Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 62.0.3 and Firefox ESR 60.2.2 and apply the necessary updates.
9/26/18:
Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.
9/24/18:
Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple’s security page for macOS Mojave 10.14 and apply the necessary update.
9/21/18:
Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.
9/19/18:
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB-18-34 and apply the necessary updates.
9/17/18:
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple security pages for the following products and apply the necessary updates:
9/11/18:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2018 Security Update Summary and Deployment Information and apply the necessary updates.
Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary update.
Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-31 and APSB18-33 and apply the necessary updates.
9/6/18:
VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.
8/28/18:
VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.
8/22/18:
The Federal Trade Commission has released an alert on Bitcoin blackmail scams. In these schemes, scammers threaten victims with public disclosure of their “secret” unless they send a payment in Bitcoin. NCCIC encourages users and administrators to refer to the FTC Alert and a related FBI press release for more information.
Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates.
8/15/18:
Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service situation. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Web Security Appliance Web Proxy Memory Exhaustion Denial-of-Service Vulnerability cisco-sa-20180815-wsa-dos; Unified Communications Manager IM & Presence Service Denial-of-Service Vulnerability cisco-sa-20180815-ucmimps-dos.
8/14/18:
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s August 2018 Security Update Summary and Deployment Information and apply the necessary updates.
7/24/18:
Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.
6/13/18:
Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update.
5/13/18:
Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.
4/17/18:
Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates.
4/10/18:
Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-15, APSB18-13, APSB18-11, APSB18-10, and APSB18-08, and apply the necessary updates.
3/21/18:
Citrix has released security updates to address vulnerabilities in its XenServer. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Citrix Security Bulletin CTX232655 and apply the necessary updates.
1/30/18 – 2/2/18:
The Internet Crime Complaint Center (IC3) has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited messages. Please refer to the IC3 Alert here.
Mozilla has released a security update to address a vulnerability in Firefox.
Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. You can review the Cisco Security Advisory here.
The Federal Trade Commission (FTC) has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FTC article on Online Dating Scams.
1/23/18:
Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox 58.
Apple has released security updates to address vulnerabilities in multiple products: Safari 11.0.3, watchOS 4.2.2, iOS 11.2.5, macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, and tvOS 11.2.5.
1/12/18:
VMware Releases Security Updates for Workstation and Fusion.
1/9/18:
Microsoft Releases January 2018 Security Updates for the following software: Internet Explorer, Windows, Office, .NET Framework, SQL Server and more.
12/12/17:
Microsoft has released December updates to address vulnerabilities in Microsoft software.
12/7/17:
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.
12/6/17:
Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products.
Apple has released security updates to address vulnerabilities in multiple products:
- macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
- tvOS 11.2
- iOS 11.2
- watchOS 4.2
Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux.
11/29/17:
Mozilla has released a security update to address multiple vulnerabilities in Firefox 57.
11/29/17:
Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.
11/20/17:
Symantec has released an update to address a vulnerability in the Symantec Management Console.
11/16/17:
Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo.
11/15/17:
Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
11/14/17:
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Deployment information can be found here.
Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.
Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The Security Bulletins are: APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41.
11/6/17:
Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.