VMware Patches Available

VMware has released updated versions of their virtualization software patching security vulnerabilities (CVE-2020-4004, CVE-2020-4005).

Affected versions:
-VMware ESXi 7.0 without ESXi70U1b-17168206
-VMware ESXi 6.7 without ESXi670-202011101-SG update
-VMware ESXi 6.5 without ESXi650-202011301-SG update
-VMware Cloud Foundation (ESXi) 4.x earlier than 4.1.0.1
-VMware Cloud Foundation (ESXi) 3.x earlier than 3.10.1.2
-VMware Workstation Pro/Player 15.x for Windows earlier than 15.5.7
-VMware Fusion Pro / Fusion 11.x earlier than 11.5.7

More information in the VMware advisory.

Google Chrome Vulnerabilities Fixed

Google have released a version 87.0.4280.66 of their Chrome web browser for Windows and Linux and version 87.0.4280.67 for macOS. In addition to other changes 33 security vulnerabilities were fixed.

 

More information about changes can be viewed in Google Chrome release blog.

Security Updates To NVIDIA GeForce NOW For Windows

NVIDIA has released an updated version of NVIDIA GeForce NOW for Windows. The update contains a fix to a vulnerabilities (CVE‑2020‑5992) that when exploited may allow code execution or escalation of privileges.

Affected versions
GeForce NOW for Windows versions earlier than 2.0.25.119.

Open the client to automatically apply the security update or install manually by following instructions here.

More information can be read in the NVIDIA security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an important categorized reflected cross-site scripting vulnerability (CVE-2020-24442, CVE-2020-24443). Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.

Affected versions:
- Adobe Connect earlier than 11.0.5

More information can be read from Adobe's security bulletin.

New Version For Chrome released

Google have released version 86.0.4240.198 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to two security vulnerabilities.

More information can be read from Google Chrome releases blog.

Microsoft Security Updates For November 2020

Microsoft have released security updates for November 2020.

Summary of the updates (filter by inserting 10/14/2020 to the From field and 11/10/2020 to the To field) here.

Mozilla Firefox and Thunderbird Updated

Mozilla have released new versions for Firefox web browser and Thunderbird email client. New versions fix a critical vulnerability (CVE-2020-26950).

Affected versions
- Firefox 82.x earlier than 82.0.3
- Firefox ESR 78.x earlier than 78.4.1
- Thunderbird 78.x earlier than 78.4.2

More information in Mozilla security advisory.

Mozilla VPN Updated

Mozilla have updated their Mozilla VPN versions for Android, iOS and Windows. New versions fix an OAuth session fixation vulnerability.

Affected versions
-Mozilla VPN Android earlier than 1.1.0 (1360)
-Mozilla VPN iOS earlier than 1.0.7 (929)
-Mozilla VPN Windows earlier than 1.2.2


More information in Mozilla security advisory.

New PHP versions available

PHP development team has released 7.4.12 and 7.3.24 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.12
Version 7.3.24

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2020.013.20064

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30010

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30180


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's  security bulletin.

Google Chrome Updated

Google have released a version 86.0.4240.183 of their Chrome web browser for Windows, Mac and Linux. In addition to other changes ten security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Vulnerability In Windows Kernel Cryptography Driver

There has been found a critical vulnerability (CVE-2020-17087) in Windows. The vulnerability is in the Windows Kernel Cryptography driver and an attacker may be able to exploit it for privilege escalation. The vulnerability was found by Google researchers and made public. The vulnerability is being exploited in the wild in tandem with a Google Chrome vulnerability (CVE-2020-15999).

Microsoft is expected to patch the vulnerability on November 10 as a part of the monthly Patch Tuesday.

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to ten security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.5.2

More information can be read from the WordPress blog.