There has been found a race condition vulnerability in the Microsoft Windows MsiAdvertiseProduct function. By exploiting the vulnerability an autheticated attackaer can get elevated privilege to read protected files. Exploit for this vulnerability is publicly available.
Currently there is no fix available for the vulnerability. More information in CERT/CC vulnerability note here.
Thursday, December 27, 2018
Friday, December 21, 2018
Critical Vulnerability In Internet Explorer
There has been found a critical vulnerability in Microsoft Internet Explorer. The vulnerability (CVE-2018-8653) is in Internet Explorer's Jscript engine and by exploiting the vulnerability an attacker could execute arbitrary code in the context of the current user. A web-based attack example could be that an attacker hosts a specifically crafted website that is designed to exploit the vulnerability and lures user to view the website (for example by sharing a link in an email message).
The vulnerability is being exploited in targeted attacks and it is recommended to apply the patch as soon as possible. More information (patch instructions included) can be read from the related advisory.
The vulnerability is being exploited in targeted attacks and it is recommended to apply the patch as soon as possible. More information (patch instructions included) can be read from the related advisory.
Labels:
internet explorer,
Microsoft,
security,
security threat,
update,
vulnerability
New Version Of Foxit Quick PDF Library Available
Foxit Software has released new version of their Quick PDF Library. The new version contain fixes for security vulnerabilities and stability issues.
Affected versions:
Quick PDF Library 16.11 and earlier
More information can be read here.
Affected versions:
Quick PDF Library 16.11 and earlier
More information can be read here.
Labels:
foxit,
pdf,
security,
security threat,
update,
vulnerability
Friday, December 14, 2018
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix a bunch of vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting some of the vulnerabilities could lead to arbitrary code execution in the context of the current user.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20064
*Acrobat 2017 and Acrobat Reader 2017
versions earlier than 2017.011.30110
*Acrobat DC and Acrobat Reader DC, classic track
versions earlier than 2015.006.30461
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20064
*Acrobat 2017 and Acrobat Reader 2017
versions earlier than 2017.011.30110
*Acrobat DC and Acrobat Reader DC, classic track
versions earlier than 2015.006.30461
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Labels:
acrobat,
adobe,
pdf reader,
security,
security threat,
update,
vulnerability
Latest PHP Versions Available
PHP development team has released 7.3.0, 7.2.13, 7.1.25, 7.0.33 and 5.6.39 versions of the PHP scripting language Among other minor bugs one security bug have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.3.0
Version 7.2.13
Version 7.1.25
Version 7.0.33
Version 5.6.39
Changelogs:
Version 7.3.0
Version 7.2.13
Version 7.1.25
Version 7.0.33
Version 5.6.39
Labels:
PHP,
security,
security threat,
update,
vulnerability
Wednesday, December 12, 2018
Symantec Intelligence Report: November 2018
Symantec have published their Intelligence report that sums up the latest threat trends for November 2018.
The report can be viewed here.
The report can be viewed here.
Mozilla Firefox Updated
Mozilla have released updated versions of Firefox browser to address security vulnerabilities.
Affected products are:
- Mozilla Firefox earlier than 64 (advisory)
- Mozilla Firefox earlier than ESR 60.4 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Affected products are:
- Mozilla Firefox earlier than 64 (advisory)
- Mozilla Firefox earlier than ESR 60.4 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Labels:
Firefox,
Mozilla,
security,
security threat,
update,
vulnerability
Microsoft Security Updates For December 2018
Microsoft have released security updates for December 2018.
Summary of the updates (filter by inserting 11/13/2018 to the From field and 12/11/2018 to the To field) here.
Summary of the updates (filter by inserting 11/13/2018 to the From field and 12/11/2018 to the To field) here.
Labels:
Microsoft,
security,
security threat,
update,
vulnerability
Thursday, December 6, 2018
Adobe Flash Player Updated
Adobe have released updated versions of their Flash Player. The new versions fix two security vulnerabilities that could lead to remote execution of arbitrary code (CVE-2018-15982) and privilege escalation (CVE-2018-15983) in the context of the current user.
Affected versions:
- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.101
- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Macintosh should update to Adobe Flash Player 32.0.0.101
- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.101
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
- Flash Player Installer 31.0.0.108 and earlier versions for Windows should be replaced with version 31.0.0.122
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.101
- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Macintosh should update to Adobe Flash Player 32.0.0.101
- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.101
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
- Flash Player Installer 31.0.0.108 and earlier versions for Windows should be replaced with version 31.0.0.122
More information can be read from Adobe's security bulletin.
Labels:
adobe,
flash,
security,
security threat,
update,
vulnerability
Google Chrome Updated To New Version
Google have released a version 71.0.3578.80 of their Chrome web browser. New version contains fixes to 43 security vulnerabilities. More information about changes in Google Chrome Releases blog.
Labels:
chrome,
google,
security,
security threat,
update,
vulnerability
New Version Of iCloud For Windows Released
Apple have released version 7.9 of their iCloud client for Windows. New version fixes security vulnerabilities.
More information about the security content of iCloud for Windows 7.9 can be read from related security advisory.
Users of old versions should update to the latest one available here.
More information about the security content of iCloud for Windows 7.9 can be read from related security advisory.
Users of old versions should update to the latest one available here.
Labels:
Apple,
iCloud,
security,
security threat,
update,
vulnerability,
Windows
ITunes 12.9.2 For Windows Released
Apple have released version 12.9.2 of their iTunes media player. New version fixes security vulnerabilities.
More information about the security content of iTunes 12.9.2 can be read from related security advisory.
Users of old versions should update to the latest one available.
More information about the security content of iTunes 12.9.2 can be read from related security advisory.
Users of old versions should update to the latest one available.
Labels:
Apple,
iTunes,
security,
security threat,
update,
vulnerability,
Windows
Subscribe to:
Posts (Atom)