Security Updates
Contact us for more information

System Protection

9/8/20:

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2020 Security Update Summary and Deployment Information and apply the necessary updates.


Cybersecurity Services:

Threat Assessment      Vulnerability Management     Detection & Defense     Incident Response     Compliance     Cybersecurity Training


Learn about Advanced Cybersecurity in Business Systems such as Microsoft Dynamics 365, Dynamics NAV, Azure Cloud, Dynamics CRM, Office 365 / SharePoint & Intuit QuickBooks Enterprise.


8/11/20:

Apple has released security updates to address vulnerabilities in iCloud for Windows 7.20 (for Windows 7 and later) and 11.3 (for Windows 10 and later). An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for iCloud 7.20 and iCloud 11.3 and apply the necessary updates.

Google has released Chrome version 84.0.4147.125 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat, Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB20-48 and APSB20-51 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s August 2020 Security Update Summary and Deployment Information and apply the necessary updates.

7/29/20 & 7/30/20:

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

7/28/20:

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

Adobe has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review Adobe Security Bulletin APSB20-47 and apply the necessary updates.

7/27/20:

Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

7/23/20:

Citrix has released security updates to address a vulnerability in Workspace app for Windows. A remote attacker could exploit this vulnerability to take control of an affected system if Windows Server Message Block (SMB) is enabled. We recommend that users and administrators review Citrix Security Bulletin CTX277662 and apply the necessary updates.

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Cisco Security Advisory cisco-sa-asaftd-ro-path-KJuQhB86 for more information and apply the necessary updates.

7/22/20:

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

7/17/20:

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit this vulnerability to drop Dynamic Link Library (DLL) files and gain elevated privileges. We encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1341 and apply the necessary update.

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 78 and apply the necessary update.

7/15/20:

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

7/14/20:

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle July 2020 Critical Patch Update and apply the necessary updates.

6/25/20:

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary workarounds.

6/24/20:

VMware has released security updates to address multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0015 and apply the necessary updates or workarounds.

6/23/20:

Adobe has released security updates to address vulnerabilities in Magento Commerce 1 and Magento Open Source 1. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB20-41 and apply the necessary updates.

Google has released Chrome version 83.0.4103.116 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to cause a denial-of-service condition. We encourage users and administrators to review the Chrome Release Note and apply the necessary updates.

6/19/20:

Microsoft has released security updates to address a vulnerability in Windows 10 version 1903. An attacker could exploit this vulnerability to overwrite or modify a protected file and gain elevated privileges. We encourage users and administrators to review Microsoft’s Security Advisory for CVE-2020-1441 and apply the necessary updates.

6/18/20:

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We We encourage users and administrators to review the advisories and apply the necessary updates.

6/16/20:

Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

6/10/20:

VMware has released a security update to address a vulnerability in Horizon Client for Windows. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0013 and apply the necessary update.

6/9/20:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2020 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Flash Player, Experience Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the latest Adobe security bulletins and apply the necessary updates.

6/4/20:

Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco security advisories page and apply the necessary updates.

6/2/20:

Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Cisco has released security updates to address a vulnerability in NX-OS Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates or workarounds.

5/29/20:

Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition (CML) and Virtual Internet Routing Lab Personal Edition (VIRL-PE). A remote attacker could exploit these vulnerabilities to take control of an affected system. We ecourage users and administrators to review the Cisco Security Advisory and apply the necessary updates or workaround.

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory VMSA-2020-0011 and apply the necessary updates

5/27/20:

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

5/22/20:

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges. We encourage users and administrators to review Microsoft’s Security Advisory for CVE-2020-1195 and apply the necessary update.

5/19/20:

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release Notes and apply the necessary updates.

Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review Microsoft Advisory ADV200009 for more information and to apply the necessary mitigation or workaround.

VMware has released security updates to address a vulnerability in VMware Cloud Director (formerly known as vCloud Director). A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory and apply the necessary updates or workaround.

5/7/20:

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

5/6/20:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 76 and Firefox ESR 68.8 and apply the necessary updates.

Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourages users and administrators to review the Chrome Release and apply the necessary updates.

5/1/20:

Oracle has released a blog post warning users that a previously disclosed Oracle WebLogic Server remote code execution vulnerability (CVE-2020-2883) is being exploited in the wild. Oracle disclosed the vulnerability and provided software patches in their April 2020 Critical Patch Update; however, malicious cyber actors are now known to be targeting unpatched servers. We urge users and administrators to review the Oracle Blog and the April 2020 Critical Patch Updates for more information and apply the necessary patches as soon as possible.

4/30/20:

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

4/22/20:

Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library. These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote attacker can exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft Advisory ADV200004 and apply the necessary updates.

OpenSSL version 1.1.1g has been released to address a vulnerability affecting versions 1.1.1d–1.1.1f. An attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

4/17/20:

Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Apple security page for Xcode 11.4.1 and apply the necessary update.

4/16/20:

Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

4/14/20:

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s April 2020 Security Update Summary and Deployment Information and apply the necessary updates.

VMware has released security updates to address vulnerabilities in VMware vRealize Log Insight. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0007 and apply the necessary updates.

Oracle has released its Critical Patch Update for April 2020 to address 397 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review the Oracle April 2020 Critical Patch Update and apply the necessary updates.

4/8/20:

Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourages users and administrators to review the Chrome Release and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Mozilla Security Advisories for Firefox 75 and Firefox ESR 68.7 and apply the necessary updates.

4/3/20:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. We encourage users and administrators to review Mozilla’s security advisory for Firefox 74.0.1 and Firefox ESR 68.6.1 and apply the necessary update.

4/1/20:

Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

3/25/20:

Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB20-11 and apply the necessary update.

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

3/23/20:

Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild. We encourage users and administrators to review Microsoft Advisory ADV200006 and the CERT Coordination Center (CERT/CC) Vulnerability Note VU#354840 for more information and apply the necessary mitigations until patches are made available.

3/19/20:

Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates.

Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

3/18/20:

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

3/16/20:

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0004 and apply the necessary updates.

3/12/20:

Microsoft has released out-of-band security updates to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker could exploit this vulnerability to take control of an affected system. We  encourage users and administrators to review the following resources and apply the necessary updates or workarounds.
•    Microsoft Security Guidance for CVE-2020-0796
•    Microsoft Advisory ADV200005
•    CERT Coordination Center’s Vulnerability Note VU#872016

3/10/20:

Microsoft Exchange Servers affected by a remote code execution vulnerability, known as CVE-2020-0688, continue to be an attractive target for malicious cyber actors. A remote attacker can exploit this vulnerability to take control of an affected system that is unpatched. Although Microsoft disclosed the vulnerability and provided software patches for the various affected products in February 2020, advanced persistent threat actors are targeting unpatched servers, according to recent open-source reports. We urge users and administrators review Microsoft’s Advisory and the National Security Agency’s tweet on CVE-2020-0688 for more information and apply the necessary patches as soon as possible. Microsoft has also released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s March 2020 Security Update Summary and Deployment Information and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 74 and Firefox ESR 68.6 and apply the necessary updates.

3/5/20:

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:

3/4/20:

Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

2/27/20:

Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System (UCS) software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco advisories, as well as the Cisco Event Response page, and apply the necessary updates:

2/25/20:

Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

2/21/20:

Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

2/20/20:

Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB20-09 and APSB20-10 and apply the necessary updates.

2/11/20:

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2020 Security Update Summary and Deployment Information and apply the necessary updates.

2/5/20:

Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

1/24/20:

Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Cisco Security Advisory cisco-sa-20200124-webex-unauthjoin for more information.

1/23/20:

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. We encourage users and administrators to review the Advisories and apply the necessary updates.

Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of Compromise Scanner that aims to identify evidence of successful exploitation of CVE-2019-19781. We strongly recommend users and administrators review the Citrix Security Bulletin CTX267027 and apply the necessary updates. We also recommend the following:

1/17/20:

Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC’s Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.

1/14/20:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2020 Security Update Summary and Deployment Information and apply the necessary updates.

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. We encourage users and administrators to review the following Intel advisories and apply the necessary updates: SNMP Subagent Stand-Alone Advisory for Windows INTEL-SA-00300; Chipset Device Software Advisory INTEL-SA-00306; RWC 3 for Windows Advisory INTEL-SA-00308; Processor Graphics Advisory INTEL-SA-0031; VTune Amplifier for Windows Advisory INTEL-SA-00325; DAAL Advisory INTEL-SA-00332.

VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2020-0002 and apply the necessary update.

Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB20-03 and APSB20-01 and apply the necessary updates.

Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2020 Critical Patch Update and apply the necessary updates.

1/9/20:

Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. We  encourage users and administrators to review the Cisco Webex Video Mesh Advisory and the Cisco IOS and IOS XE Software Advisory and apply the necessary updates.

1/8/20:

Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 72 and Firefox ESR 68.4 and apply the necessary updates.

Citrix has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. We encourage users and administrators to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 for more information and workarounds.

12/18/19:

Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Microsoft Security Advisory for CVE-2019-1491 and apply the necessary updates.

Google has released security updates for Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

12/10/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s December 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Google has released security updates for Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. We encourage users and administrators to review the following Intel advisories and apply the necessary updates and recommended mitigations:

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

12/6/19:

VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0022 and apply the necessary updates and workarounds.

12/5/19:

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system. We encourage users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations.

12/4/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3.

11/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2019 Security Update Summary and Deployment Information and apply the necessary updates.

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.

10/31/19:

Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

10/30/19:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

10/23/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages user and administrators to review the Mozilla Security Advisories for Firefox 70 and Firefox ESR 68.2.

Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

10/17/19:

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

10/16/19:

VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0016 and apply the necessary update.

10/15/19:

WordPress 5.2.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. We encourage users and administrators to review the WordPress Security Release and upgrade to WordPress 5.2.4.

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2019 Critical Patch Update and apply the necessary updates.

10/11/19:

Google has released Chrome version 77.0.3865.120 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

10/9/19:

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review the following Intel advisories and apply the necessary updates:

10/8/19:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2019 Security Update Summary and Deployment Information and apply the necessary updates.

10/3/19:

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Event Response page and apply the necessary updates.

Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services. We encourage users and administrators to review Microsoft Security Advisory for CVE-2019-1367 and apply the necessary updates.

9/27/19:

Apple has released security updates to address a vulnerability in multiple products. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

9/25/19:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review Apple’s security updates page and apply the necessary updates for the following products: iOS 13.1 and iPadOS 13.1, Safari 13.0.1 & tvOS 13.

VMware has released security updates to address vulnerabilities in Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0015 and apply the necessary updates and workarounds.

Adobe has released security updates to address vulnerabilities in ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB19-47 and apply the necessary updates.

9/23/19:

Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software. A remote attacker could exploit of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft Security Advisories for CVE-2019-1367, CVE-2019-1255, and Microsoft’s Cumulative security update for Internet Explorer and apply the necessary updates.

9/20/19:

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0014 and apply the necessary updates.

 


Cybersecurity Services:

Threat Assessment      Vulnerability Management     Detection & Defense     Incident Response     Compliance     Cybersecurity Training


Learn about Advanced Cybersecurity in Business Systems such as Microsoft Dynamics 365 / Dynamics NAV, Azure Cloud, Dynamics CRM, Office 365 / SharePoint & Intuit QuickBooks Enterprise.


 

 

9/19/19:

Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

9/10/19:

Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review Intel’s Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. We encourage users and administrators to review Microsoft’s September 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. We encourage users and administrators to review Adobe Security Bulletins APSB19-45 and APSB19-46 and apply the necessary updates.

9/6/19:

WordPress Releases Security Update. WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. We encourage users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.2.3.

9/5/19:

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

9/4/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9.

8/29/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:

8/27/19:

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourages users and administrators to review the Chrome Release page and apply the necessary updates.

8/22/19:

Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

8/14/19:

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:

  • Windows 7 SP1; Windows Server 2008 R2 SP1; Windows Server 2012; Windows 8.1; Windows Server 2012 R2 & Windows 10

An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems. We encourage users and users and administrators to review the following resources and apply the necessary updates:

8/13/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s August 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review the following Intel advisories and apply the necessary updates:

8/8/19:

Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

8/3/19:

VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0012 and apply the necessary updates and workarounds.

8/1/19:

Cisco has released security updates to address a vulnerability in Cisco Nexus 9000 Series Fabric Switches. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

7/31/19:

Google has released Chrome version 76.0.3809.87 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

7/22/19:

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

7/17/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:

7/16/19:

Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary updates.

Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates.

7/15/19:

Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

7/10/19:

Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.

7/9/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s July 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourages users and administrators to review Intel Security Advisories INTEL-SA-00267 and INTEL-SA-00268 and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 68 and Firefox ESR 60.8 and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-37, APSB19-38, and APSB19-40 and apply the necessary updates.

7/3/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates

7/2/19:

VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available.

6/27/19:

Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.

6/26/19:

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:

6/21/19:

Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information. We encourage users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.

6/20/19:

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.4 and Firefox ESR 60.7.2 and apply the necessary updates.

Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.

Apple releases security updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.8.1 and apply the necessary updates.

6/19/19:

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Oracle Security Alert and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review and apply the necessary updates.

6/18/19:

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.

6/13/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.

Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

6/12/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

6/11/9:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.

6/6/19:

VMware has released security updates to address vulnerabilities affecting Tools 10 and Workstation 15. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply the necessary updates.

6/5/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:

6/4/19:

Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.

The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable. We encourage users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s “A Reminder to Update Your Systems to Prevent a Worm“, and Microsoft Customer Guidance for CVE-2019-0708.

CISA recommends patching the affected operating systems:

5/30/19:

Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.9.1 and apply the necessary updates.

5/21/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 67 and Firefox ESR 60.7 and apply the necessary updates.

5/16/19:

Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:

  • In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008
  • Out-of-support systems: Windows 2003 and Windows XP

A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates.

5/15/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

5/14/19:

VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s May 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates.

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available.

Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. We encourage users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate WhatsApp version on their smart phones.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

5/13/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

5/7/19:

Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

5/1/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

4/30/19:

Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

4/26/19:

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Oracle Security Alert for more information and apply the necessary updates.

4/23/19:

Google has released Chrome version 74.0.3729.108 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.

4/17/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XR. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

4/16/19:

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.

4/12/19:

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0006 and apply the necessary updates.

4/9/19:

Adobe has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletins and Advisories page and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Intel Security Advisories and apply the necessary updates and mitigations:

4/4/19:

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.  We encourage users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates.

3/29/19:

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisories VMSA-2019-0004 and VMSA-2019-0005 and apply the necessary updates.

3/28/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

3/27/19:

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.

3/25/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

3/22/19:

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1 and Firefox 66.0.1 and apply the necessary updates.

3/20/19:

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

3/19/19:

Microsoft Ending Support for Windows 7 – After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free Technical support for any issues, Software updates & Security updates or fixes. Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats. We encourage users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.We encourage users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.

3/15/19:

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.

3/13/19:

Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encurage users and administrators to review the Chrome Release and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

3/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates.

3/7/19:

Google has released Chrome version 72.0.3626.121 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.

3/6/19:

Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.

3/1/19:

Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review Adobe Security Bulletin APSB19-14 and apply the necessary updates or mitigation.

2/27/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

2/21/19:

Adobe has released security updates to address a vulnerability in Adobe Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletin APSB19-13 and apply the necessary updates.

2/20/19:

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

2/15/19:

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.

2/14/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.

2/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates.

2/7/19:

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

2/6/19:

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. We encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center’s Vulnerability Note VU#465632 and consider the workarounds until an update is available.

1/29/19:

Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates.

1/23/19:

Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

1/22/19:

Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletins APSB19-03 and APSB19-09 and apply the necessary updates.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple Security Updates page and apply the necessary updates.

1/15/19:

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.

1/9/19:

Cisco has released security updates to address vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability [cisco-sa-20190109-esa-dos]
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability [cisco-sa-20190109-esa-url-dos]

1/8/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Connect and Adobe Digital Editions. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Advisories APSB19-05 and APSB19-04, and apply the necessary updates.

1/4/19:

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review CERT/CC’s Vulnerability Notes VU#289907 and VU#531281 and Microsoft’s security advisories for CVE-2018-8611 and CVE-2018-8626 and apply the necessary updates.

1/3/19:

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletin APSB19-02 and apply the necessary updates.

12/19/18:

Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Update Guide and the CERT Coordination Center’s Vulnerability Note VU#573168 and apply the necessary updates.

12/12/18:

Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

12/11/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review Microsoft’s December 2018 Security Update Summary and Deployment Information and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 64 and Firefox ESR 60.4 and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-41 and apply the necessary updates.

12/6/18:

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-42 and apply the necessary updates.

12/5/18:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

12/4/18:

Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

11/28/18:

Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

11/22/18:

VMware has released security updates to address a vulnerability in Workstation and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0030 and apply the necessary updates.

11/20/18:

Adobe has released security updates to address a vulnerability in Adobe Flash Player. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-44 and apply the necessary updates.

11/13/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates.

11/7/18:

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

10/31/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

10/24/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

10/19/18:

Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.

10/17/18:

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

10/16/18:

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details. We encourage users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2018 Critical Patch Update and apply the necessary updates.

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. we encourage users and administrators to review the Chrome Releases page and apply the necessary update.

10/12/18:

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.

10/9/18:

Adobe has released security updates to address vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-27, APSB18-37, and APSB18-38 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2018 Security Update Summary and Deployment Information and apply the necessary updates.

VMware has released a security advisory to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to cause a denial-of-service condition. we encourage users and administrators to review VMware Security Advisory VMSA-2018-0025 and apply the necessary workarounds.

10/3/18:

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

The Federal Trade Commission (FTC) has released an alert to provide Facebook users with recommended precautions against identity theft after the recent breach of the Facebook social media platform. We encourage users and administrators to review the FTC Alert and the NCCIC Tip on Preventing and Responding to Identity Theft. If you believe you are a victim of identity theft, visit the FTC’s identity theft website to make a report.

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 62.0.3 and Firefox ESR 60.2.2 and apply the necessary updates.

9/26/18:

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

9/24/18:

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple’s security page for macOS Mojave 10.14 and apply the necessary update.

9/21/18:

Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

9/19/18:

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB-18-34 and apply the necessary updates.

9/17/18:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple security pages for the following products and apply the necessary updates:

9/11/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2018 Security Update Summary and Deployment Information and apply the necessary updates.

Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary update.

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-31 and APSB18-33 and apply the necessary updates.

9/6/18:

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.

8/28/18:

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.

8/22/18:

The Federal Trade Commission has released an alert on Bitcoin blackmail scams. In these schemes, scammers threaten victims with public disclosure of their “secret” unless they send a payment in Bitcoin. NCCIC encourages users and administrators to refer to the FTC Alert and a related FBI press release for more information.

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates.

8/15/18:

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service situation. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Web Security Appliance Web Proxy Memory Exhaustion Denial-of-Service Vulnerability cisco-sa-20180815-wsa-dos; Unified Communications Manager IM & Presence Service Denial-of-Service Vulnerability cisco-sa-20180815-ucmimps-dos.

8/14/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s August 2018 Security Update Summary and Deployment Information and apply the necessary updates.

7/24/18:

Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

6/13/18:

Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update.

5/13/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.

4/17/18:

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates.

4/10/18:

Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-15, APSB18-13, APSB18-11, APSB18-10, and APSB18-08, and apply the necessary updates.

3/21/18:

Citrix has released security updates to address vulnerabilities in its XenServer. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Citrix Security Bulletin CTX232655 and apply the necessary updates.

1/30/18 – 2/2/18:

The Internet Crime Complaint Center (IC3) has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited messages. Please refer to the IC3 Alert here.

Mozilla has released a security update to address a vulnerability in Firefox.

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. You can review the Cisco Security Advisory here.

The Federal Trade Commission (FTC) has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FTC article on Online Dating Scams.

1/23/18:

Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox 58.

Apple has released security updates to address vulnerabilities in multiple products: Safari 11.0.3, watchOS 4.2.2, iOS 11.2.5, macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, and tvOS 11.2.5.

1/12/18:

VMware Releases Security Updates for Workstation and Fusion.

1/9/18:

Microsoft Releases January 2018 Security Updates for the following software: Internet Explorer, Windows, Office, .NET Framework, SQL Server and more.

12/12/17:

Microsoft has released December updates to address vulnerabilities in Microsoft software.

12/7/17:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.

12/6/17:

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products.

Apple has released security updates to address vulnerabilities in multiple products:

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux.

11/29/17:

Mozilla has released a security update to address multiple vulnerabilities in Firefox 57.

11/29/17:

Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

11/20/17:

Symantec has released an update to address a vulnerability in the Symantec Management Console.

11/16/17:

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo.

11/15/17:

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

11/14/17:

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Deployment information can be found here.

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The Security Bulletins are: APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41.

11/6/17:

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.