Microsoft have released an update to Internet Explorer web browsers. The update contains a fix to scripting engine memory corruption vulnerability (CVE-2019-1367). By exploiting the vulnerability an attacker may be able to execute arbitrary code and get the same user rights as the current user.
Affected versions
-Internet Explorer 9, 10 and 11
More information and instructions for updating can be read in the correspondent security advisory
Friday, September 27, 2019
Adobe ColdFusion Fixed
Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve two critical (CVE-2019-8073, CVE-2019-8074) and one important (CVE-2019-8072) vulnerabilities of which one may allow an attacker to execute arbitrary code in the affected system.
Affected versions:
- ColdFusion (2018 release): update 4 and earlier versions
- ColdFusion (2016 release): update 11 and earlier versions
More information can be read from Adobe's security bulletin.
Affected versions:
- ColdFusion (2018 release): update 4 and earlier versions
- ColdFusion (2016 release): update 11 and earlier versions
More information can be read from Adobe's security bulletin.
VMware Patches A Critical Vulnerability
VMware have released new versions of their Cloud Foundation and Harbor Container Registry for PCF products. The new versions fix a critical vulnerability (CVE-2019-16097) that may allow for a remote escalation of privilege.
Affected versions
-VMware Cloud Foundation is affected if the optional 'Harbor Registry' component has been deployed.
-VMware Harbor Container Registry for PCF 1.8.x versions earlier than 1.8.3
-VMware Harbor Container Registry for PCF 1.7.x versions earlier than 1.7.6
More information can be read from the correspondent security advisory
Affected versions
-VMware Cloud Foundation is affected if the optional 'Harbor Registry' component has been deployed.
-VMware Harbor Container Registry for PCF 1.8.x versions earlier than 1.8.3
-VMware Harbor Container Registry for PCF 1.7.x versions earlier than 1.7.6
More information can be read from the correspondent security advisory
Tuesday, September 24, 2019
VMware Updates Available
VMware have released updated versions of their virtualization software patching one important (CVE-2019-5527) and one moderate (CVE-2019-5535) categorized vulnerability.
Affected versions:
-ESXi 6.7 without Patch Release ESXi670-201904101-SG
-ESXi 6.5 without Patch Release ESXi650-201903401-SG
-ESXi 6.0 without Patch Release ESXi600-201909101-SG
-VMRC for Windows earlier than 10.0.5
-VMRC for Linux earlier than 10.0.5
-Horizon Client for Windows earlier than 5.2.0
-Horizon Client for Linux earlier than 5.2.0
-Horizon Client for Mac earlier than 5.2.0
-VMware Workstation Pro/Player versions earlier than 15.5.0
-VMware Fusion earlier than 11.5.0
More information in VMware advisory here.
Affected versions:
-ESXi 6.7 without Patch Release ESXi670-201904101-SG
-ESXi 6.5 without Patch Release ESXi650-201903401-SG
-ESXi 6.0 without Patch Release ESXi600-201909101-SG
-VMRC for Windows earlier than 10.0.5
-VMRC for Linux earlier than 10.0.5
-Horizon Client for Windows earlier than 5.2.0
-Horizon Client for Linux earlier than 5.2.0
-Horizon Client for Mac earlier than 5.2.0
-VMware Workstation Pro/Player versions earlier than 15.5.0
-VMware Fusion earlier than 11.5.0
More information in VMware advisory here.
Wednesday, September 18, 2019
Mozilla Thunderbird Update Available
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.
Affected versions:
Mozilla Thunderbird versions earlier than 68.1
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 68.1
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Google Chrome Vulnerabilities Fixed
Google have released a version 77.0.3865.75 of their Chrome web browser. The new version contains fixes to 52 security vulnerabilities.
More information about changes can be viewed in Google Chrome Releases blog.
More information about changes can be viewed in Google Chrome Releases blog.
VMware Updates Available
VMware have released updated versions of their virtualization software patching two important and two moderate categorized vulnerabilities.
Affected versions:
-vCenter 6.7 earlier than U3
-vCenter 6.5 earlier than U3
-vCenter 6.0 earlier than U3j
-ESXi 6.7 without Patch Release ESXi670-201904101-SG
-ESXi 6.5 without Patch Release ESXi650-201907101-SG
-ESXi 6.0 without Patch Release ESXi600-201909101-SG
More information in VMware advisories here.
Affected versions:
-vCenter 6.7 earlier than U3
-vCenter 6.5 earlier than U3
-vCenter 6.0 earlier than U3j
-ESXi 6.7 without Patch Release ESXi670-201904101-SG
-ESXi 6.5 without Patch Release ESXi650-201907101-SG
-ESXi 6.0 without Patch Release ESXi600-201909101-SG
More information in VMware advisories here.
Friday, September 13, 2019
Symantec Intelligence Report: August 2019
Symantec have published their Intelligence report that sums up the latest threat trends for August 2019.
The report can be viewed here.
The report can be viewed here.
Adobe Flash Player Updated
Adobe have released updated versions of their Flash Player. The new versions contain fixes to two critical vulnerabilities. By exploiting the vulnerabilities an attacker may be able to execute arbitrary code in the context of the current user.
Affected versions:
- Users of Adobe Flash Player 32.0.0.238 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.255
- Users of Adobe Flash Player 32.0.0.238 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.255
- Users of Adobe Flash Player 32.0.0.238 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.255
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 32.0.0.238 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.255
- Users of Adobe Flash Player 32.0.0.238 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.255
- Users of Adobe Flash Player 32.0.0.238 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.255
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Adobe Application Manager Updated
Adobe have released a new version of their Application Manager installer for Windows. The new version contains a fix to a vulnerability that could allow arbitrary code execution in vulnerable system.
Affected version
Adobe Application Manager installer version 10.0 and earlier on Windows
More information in the security bulletin here
Affected version
Adobe Application Manager installer version 10.0 and earlier on Windows
More information in the security bulletin here
Microsoft Security Updates For September 2019
Microsoft have released security updates for September 2019.
Summary of the updates (filter by inserting 08/15/2019 to the From field and 09/10/2019 to the To field) here.
Summary of the updates (filter by inserting 08/15/2019 to the From field and 09/10/2019 to the To field) here.
Tuesday, September 10, 2019
New WordPress Version Released
There has been released a new version of WordPress (blogging tool and content management system) which contains patches to security vulnerabilities too. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.
Affected versions:
WordPress versions earlier than 5.2.3
More information can be read from the WordPress blog.
Affected versions:
WordPress versions earlier than 5.2.3
More information can be read from the WordPress blog.
Vulnerabilities In Mozilla Firefox
Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.
Affected versions:
-Mozilla Firefox earlier than 69 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.1 (advisory)
-Mozilla Firefox ESR 60.x earlier than 60.9 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
Affected versions:
-Mozilla Firefox earlier than 69 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.1 (advisory)
-Mozilla Firefox ESR 60.x earlier than 60.9 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
Tuesday, September 3, 2019
New PHP versions available
PHP development team has released 7.3.9, 7.2.22 and 7.1.32 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.3.9
Version 7.2.21
Version 7.1.32
Changelogs:
Version 7.3.9
Version 7.2.21
Version 7.1.32
Subscribe to:
Posts (Atom)
