Highlights and Updates

OpenSSL Releases Security Update

Thursday, 10th December 2020

OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.

We encourage users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

Apache Releases Security Update for Apache Struts 2

Tuesday, 8th December 2020

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to review Apache Security Bulletin S2-061 and Apache security advisory for CVE-2020-17530 and apply the necessary update or workaround.

Microsoft Releases December 2020 Security Updates

Tuesday, 8th December 2020

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review Microsoft’s December 2020 Security Update Summary and Deployment Information and apply the necessary updates.

High-Severity Chrome Bugs Allow Browser Hacks

Monday, 7th December 2020

Google has updated its Chrome web browser, fixing four bugs with a severity rating of “high” and eight overall.

Three high-severity bugs each include use-after-free elements impacting memory, tied to Chrome’s clipboard, media and extensions components. The bugs are tracked as CVE-2020-16037, CVE-2020-16038 and CVE-2020-16039.

The fourth high-severity bug (CVE-2020-16040) impacts Google’s open-source and high-performance JavaScript and Web Assembly engine, called V8.

The bug is identified as an insufficient-data-validation flaw, which in some cases opens targets to cross-site scripting attacks.

To manually update your Chrome browser, visit Chrome’s customization drop-down menu in the upper-right hand side of the client. From that menu select “Help” and then “About Google Chrome.” Opening that menu item automatically triggers Chrome to look for updates.

Cisco Releases Security Updates for Security Manager

Tuesday, 17th November 2020

Cisco has released security updates to address vulnerabilities in Cisco Security Manager. A remote attacker could exploit these vulnerabilities to obtain sensitive information.

We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

Cisco Releases Security Update for IOS XR Software

Wednesday, 11th November 2020

Cisco has released a security update to address a vulnerability in IOS XR Software for ASR 9000Series Aggregation Services Routers. An unauthenticated, remote attacker could exploit this vulnerability to cause a denial-of-service condition.

We encourage users and administrators to review the Cisco security advisory and apply the necessary update.

Adobe Releases Security Updates for Multiple Products

Tuesday, 10th November 2020

Adobe has released security updates to address vulnerabilities in multiple products.  An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Adobe security advisories for Adobe Connect and Adobe Reader for Android and apply the necessary updates.

Microsoft Releases November 2020 Security Updates

Tuesday, 10th November 2020

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review Microsoft’s November 2020 Security Update Summary and Deployment Information and apply the necessary updates.

Mozilla Releases Security Updates For Firefox, Firefox ESR, And Thunderbird

Wednesday, 21st October 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Mozilla Security Advisories for Firefox 82Firefox ESR 78.4, and Thunderbird 78.4 and apply the necessary updates.

Oracle Releases October 2020 Security Bulletin

Tuesday, 20th October 2020

Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Oracle October 2020 Critical Patch Update and apply the necessary updates.