Please see Security Advisories for the week ending June 11, 2021
- Google Releases Security Updates for Chrome
- SAP Releases June 2021 Security Updates
- Microsoft Releases June 2021 Security Updates
- Adobe Releases Security Updates for Multiple Products
_______________________________
Google Releases Security Updates for Chrome
Situation
Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses one “critical” and several “high” level vulnerabilities found in the previous version.
Problem
These vulnerabilities span several conditions in which could leave one open to compromise, including use-after-free in BFcache (critical), Extensions (high), Autofill (high), Loader (high), Spell check (high), Accessibility (high), and in Network service (high), as well as out-of-bounds write in ANGLE (high), and Type confusion in Chrome’s open-source JavaScript engine, in which the bug is exploited in remote execution through a crafted HTML page.
Implication
If users of Chrome do not update to the new stable channel, an attacker could exploit these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/06/10/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
________________________________
SAP Releases June 2021 Security Updates
Situation
SAP has released security updates for SAP Commerce, SAP NetWeaver, SAP Business One, SAP 3D Visual Enterprise Viewer, SAP Manufacturing Execution, and more.
Problem
SAP has addressed vulnerabilities ranging from medium to high, such as remote code execution, cross-site scripting (XSS), missing authorization checks, memory corruption, information disclosure, and improper input validation.
Implication
If an attacker is able to successfully exploit some of these vulnerabilities it could allow them to take control of an affected system
Need
If you use SAP products, make sure to apply the security updates as soon as possible.
For a more technical overview:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
________________________________
Microsoft Releases June 2021 Security Updates
Situation
Microsoft has released June 2021 Security Updates for Windows 10 and other Microsoft products.
Problem
Microsoft has released updates that address vulnerabilities such as RCE, memory corruption, security bypass, privilege escalation, and more.
Implication
Remote attackers can exploit these vulnerabilities to take control of the affected system.
Need
Apply the update from Windows as soon as possible.
For a more detailed overview:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Jun
https://msrc.microsoft.com/update-guide/vulnerability
________________________________
Adobe Releases Security Updates for Multiple Products
Situation
Adobe has released security updates for their products: Adobe Connect, Acrobat, Photoshop, Photoshop Elements, Experience Manager, Creative Cloud, RoboHelp, Premiere Elements, After Effects, and Animate.
Problem
A large number of vulnerabilities have been found and patched in the latest update including buffer overflows, improper access control, improper input validation, Cross-site Scripting, out-of-bound read/writes, and more.
Implication
If an attackers is able to exploit some of these vulnerabilities it could allow them to perform actions such as, arbitrary code execution, privilege escalation, arbitrary file system read/write , application denial-of-service and more. Some of these vulnerabilities could allow the attacker to take control of the affected system.
Need
If you use any of the listed Adobe products, update to the latest version. Adobe’s security bulletins for each affected product an be found in the link below.
For a more technical overview: