Highlights and Updates

SAP Releases March 2021 Security Updates

Tuesday, 9th March 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the SAP Security Notes for March 2021 and apply the necessary updates.

Microsoft Releases Out-of-Band Security Updates for Exchange Server

Tuesday, 2nd March 2021

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, andCVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

We encourage users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.

Cisco Releases Security Updates?

Thursday, 25th February 2021

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox

Wednesday, 24th February 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Mozilla security advisories for Firefox 86Firefox ESR 78.8, and Thunderbird 78.8 and apply the necessary updates.

VMware Releases Multiple Security Updates

Wednesday, 24th February 2021

VMware has released security updates to address multiple vulnerabilities—CVE-2021-21972,CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review VMware Security Advisory VMSA-2021-0002 and apply the necessary updates.

VMware Releases Security Update

Thursday, 18th February 2021

VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update.

Google Releases Security Updates for Chrome

Wednesday, 3rd February 2021

Google has released Chrome version 88.0.4324.146 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that that an attacker could exploit to take control of an affected system.

We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Apple Releases Security Updates

Tuesday, 2nd February 2021

Apple has released security updates to address vulnerabilities in macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Apple security update and apply the necessary updates.

Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

Tuesday, 2nd February 2021

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to update to sudo version 1.9.5p2, refer to vendors for available patches, and review the following resources for additional information.

Apple Releases Security Updates

Wednesday, 27th January 2021

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users to review the Apple security pages for the following products and apply the necessary updates.