Out-Of-Band Security Update for Windows 7 And Windows Server 2008 Available

Microsoft has released a new security update (KB4100480) for Windows 7 and Windows Server 2008 to address an elevation of privilege vulnerability (CVE-2018-1038). The update can be obtained from Windows Update, Windows Server Update Service or download from Microsoft Update Catalog.

More information (including methods to get the update) of the update here.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address one high categorized security vulnerability.

Affected products are:
- Mozilla Firefox earlier than ESR 52.7.3
- Mozilla Firefox earlier than 59.0.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.7

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome Updated

Google have released a version 65.0.3325.181 of their Chrome web browser. New version contains one security vulnerability fix. More information about changes in Google Chrome Releases blog.

VMware Denial-of-Service Vulnerability

There has been found a denial-of-service vulnerability (CVE-2018-6957) in VMware virtualization applications. The vulnerability can be triggered by opening a large number of VNC sessions. This is only possible if VNC is manually enabled.

Affected versions:
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.1
- VMware Workstation Pro / Player 12.x versions, mitigation
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.1
- VMware Fusion Pro / Fusion 8.x versions, mitigation

Further information including updating instructions can be read from VMware's security advisory.

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address critical security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.7.2
- Mozilla Firefox earlier than 59.0.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Google Chrome Updated

Google have released a version 65.0.3325.162 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Adobe Dreamweaver CC Updated

Adobe have released updated version of their Dreamweaver CC. This update resolves a critical OS command injection vulnerability in the Dreamweaver URI handler on Windows (CVE-2018-4924) that could result in arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Dreamweaver CC earlier than 18.1

More information can be read from Adobe's security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an unrestricted SWF file upload vulnerability (CVE-2018-4921), which could be exploited to conduct cross-site scripting attacks. This update also resolves an OS command injection vulnerability in the Adobe Connect URI handler on Windows (CVE-2018-4923) that could result in unintended arbitrary local file removal or forced uninstall of the application.

Affected versions:
- Adobe Connect earlier than 9.7.5

More information can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix two critical vulnerabilities (CVE-2018-4919 and CVE-2018-4920) that could allow remote execution of arbitrary code.

Affected versions:
- Users of Adobe Flash Player 28.0.0.161 and earlier versions for Windows should update to Adobe Flash Player 29.0.0.113

- Users of Adobe Flash Player 28.0.0.161 and earlier versions for Macintosh should update to Adobe Flash Player 29.0.0.113

- Users of Adobe Flash Player 28.0.0.161 and earlier versions for Linux should update to Adobe Flash Player 29.0.0.113

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.7 (advisory)
- Mozilla Firefox earlier than 59 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Microsoft Security Updates For March 2018

Microsoft have released security updates for March 2018.

Summary of the updates (filter by inserting 2/14/2018 to the From field and 3/14/2018 to the To field) here.

Symantec Intelligence Report: February 2018

Symantec have published their Intelligence report that sums up the latest threat trends for February 2018.

The report can be viewed here.

Google Chrome Updated

Google have released a version 65.0.3325.146 of their Chrome web browser. New version contains fixes to 45 security vulnerabilities. More information about changes in Google Chrome Releases blog.

Research On Cryptominers

Price of cryptocurrencies have been on raise and in 2017 for example Bitcoin broke records many times. Cybercriminals have noticed that too and have started to use malicious miners. They infect victims and make coins using CPU or GPU power.

Kaspersky have written a research on these cryptominers. It can be viewed here.

New PHP Versions Released

PHP development team has released 7.2.3, 7.1.15, 7.0.28 and 5.6.34 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.3
Version 7.1.15
Version 7.0.28
Version 5.6.34