Highlights and Updates

Exim Releases Security Update

Tuesday, 1st October 2019

Exim has released a security update to address a vulnerability affecting Exim versions 4.92 to 4.92.2. A remote attacker could exploit this vulnerability to take control of an affected email server.

We encourage users and administrators to review the Exim CVE-2019-16928 page and upgrade to Exim 4.92.3.

Cisco Releases Security Updates

Thursday, 22nd August 2019

Cisco has released security updates to addressvulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor,Unified Computing System (UCS) Director, and UCS Director Express for Big Data.A remote attacker could exploit these vulnerabilities to take control of anaffected system.

 

We encourage users and administrators to review the following Cisco SecurityAdvisories and apply the necessary updates:

 

-Authentication Bypass Vulnerability in IMCSupervisor, UCS Director, and UCS Director Express for Big Data releasescisco-sa-20190821-imcs-ucs-authbypass.

-Authentication Bypass Vulnerability in IMCSupervisor, UCS Director, and UCS Director Express for Big Data releasescisco-sa-20190821-imcs-ucs-authbypass.

-Secure Copy (SCP) User Default CredentialsVulnerability in IMC Supervisor, UCS Director, and UCS Director Express for BigData releases cisco-sa-20190821-imcs-usercred.

-Application Programming Interface (API)Authentication Bypass Vulnerability in UCS Director and UCS Director Expressfor Big Data releases cisco-sa-20190821-ucsd-authbypass.

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

Friday, 16th August 2019

Microsoft has released a security update to address an elevation of privilege vulnerability(CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.



Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Thursday, 15th August 2019

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:

- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10
- Windows Server 2016
- Windows Server 2019

An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.

Google Releases Security Updates for Chrome

Thursday, 8th August 2019

Google has released Chrome version76.0.3809.100 for Windows, Mac, and Linux. This version addresses avulnerability that an attacker could exploit to take control of an affectedsystem.

We encourage users and administrators toreview the Chrome Release andapply the necessary updates.

Cisco Releases Security Updates for Multiple Products

Thursday, 8th August 2019

Cisco has released security updates to addressvulnerabilities in multiple Cisco products. An attacker could exploit some ofthese vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure SecurityAgency (CISA) encourages users and administrators to review the following CiscoSecurity Advisories and apply the necessary updates:

VMware Releases Security Updates for Multiple Products

Saturday, 3rd August 2019

VMware has released a security advisory toaddress vulnerabilities affecting multiple products. An attacker could exploitone of these vulnerabilities to take control of an affected system.

We encourage users and administrators toreview VMware Security Advisory VMSA-2019-0012 and apply the necessary updatesand workarounds.

Apple Releases Multiple Security Updates

Monday, 22nd July 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Drupal Releases Security Update

Saturday, 20th July 2019

Drupal has released a security update to address a vulnerability in Drupal Core. An attacker could exploit this vulnerability to take control of an affected website.

We encourage users and administrators to review Drupal’s security advisory SA-CORE-2019-008 and apply the necessary update.

Cisco Releases Security Updates for Multiple Products

Friday, 19th July 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the following advisories and apply the necessary updates: