Highlights and Updates

Cisco Releases Security Updates for Multiple Products

Thursday, 6th August 2020

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take obtain sensitive information.

The Cyber security and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

·        Small Business Smart and Managed Switches Denial of Service Vulnerability cisco-sa-sbss-ipv6-dos-3bLk6vA

·        DNA Center Information Disclosure Vulnerability cisco-sa-dna-info-disc-3bz8BCgR

·        StarOS IPv6 Denial of Service Vulnerability cisco-sa-asr-dos-zJLJFgBf

·        Any Connect Secure Mobility Client for Windows DLL Hijacking Vulnerability cisco-sa-anyconnect-dll-F26WwJW

·        For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Citrix Releases Security Updates for Workspace App for Windows

Thursday, 23rd July 2020

Citrix has released security updates to address a vulnerability in Workspace app for Windows.  A remote attacker could exploit this vulnerability to take control of an affected system if Windows Server Message Block (SMB) is enabled.

We recommend users and administrators review Citrix Security Bulletin CTX277662 and apply the necessary updates.

Cisco Releases Security Updates for ASA and FTD Software

Wednesday, 22nd July 2020

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance(ASA) Software and Firepower Threat Defense (FTD) Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information.

We encourage users and administrators to review Cisco Security Advisory cisco-sa-asaftd-ro-path-KJuQhB86 for more information and apply the necessary updates.

Adobe Releases Security Updates

Wednesday, 22nd July 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

·        Bridge APSB20-44

·        Photoshop APSB20-45

·        Prelude APSB20-46

·        Reader MobileAPSB20-50

Cisco Releases Security Updates for Multiple Products

Wednesday, 15th July 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

 

·        Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability cisco-sa-rv110w-static-cred-BMTWBWTy

·        Small Business RV110W,RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability cisco-sa-rv-rce-AQKREqp

·        RV110W, RV130,RV130W,and RV215W Routers Authentication Bypass Vulnerability cisco-sa-rv-auth-bypass-cGv9EruZ

·        RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability cisco-sa-code-exec-wH3BNFb

·        Cisco Prime License Manager Privilege Escalation Vulnerability cisco-sa-cisco-prime-priv-esc-HyhwdzBA

 

Oracle Releases July 2020 Security Bulletin

Tuesday, 14th July 2020

Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Oracle July 2020 Critical Patch Update and apply the necessary updates.

Google Releases Security Updates for Chrome

Tuesday, 14th July 2020

Google has releasedChrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addressesvulnerabilities that an attacker could exploit to take control of an affectedsystem.

We encourage users andadministrators to review the Chrome Release and apply the necessary updates.

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server

Tuesday, 14th July 2020

Microsoft has released a security update to address a remote code execution (RCE)vulnerability—CVE-2020-1350—in Windows DNS Server. A remote attacker could exploit this vulnerability to take control of an affected system. This is considered a “wormable” vulnerability that affects all Windows Server versions.

We encourage users and administrators to review Microsoft’s Security Advisory and Blog for more information,and apply the necessary update and workaround.

Microsoft Releases July 2020 Security Updates

Monday, 13th July 2020

Microsoft has releasedupdates to address multiple vulnerabilities in Microsoft software. A remoteattacker could exploit some of these vulnerabilities to take control of anaffected system.

We encourage users andadministrators to review Microsoft’s July 2020 Security Update Summary andDeployment Information and apply the necessary updates.

Adobe Releases Security Updates for Multiple Products

Monday, 13th July 2020

Adobe has releasedsecurity updates to address vulnerabilities in multiple Adobe products. Anattacker could exploit some of these vulnerabilities to take control of anaffected system.

We encourage users andadministrators to review the following Adobe Security Bulletins and apply thenecessary updates.

·        Download ManagerAPSB20-49

·        ColdFusion APSB20-43

·        Genuine ServiceAPSB20-42

·        Media EncoderAPSB20-36

·        Creative Cloud DesktopApplication APSB20-33