Please see Security Advisories for the week ending October 23, 2020
- Adobe Releases Security Updates for Multiple Products
- Cisco Releases Security Updates for Multiple Products
- Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
- Google Releases Security Updates for Chrome
- Oracle releases major security updates for October
- VMware Releases Security Updates for Multiple Products
________________________________
Adobe Releases Security Updates for Multiple Products
Situation
Adobe is releasing security updates across multiple software applications to prevent vulnerabilities which may allow a remote attacker to exploit unpatched software and gain remote access or control to the machine with the software installed.
Problem
Adobe has found and patched vulnerabilities in their software packages. These vulnerabilities could allow a remote attacker to exploit the software and gain remote access or control the affected machine or obtain leaked information from the application. The affected programs are Illustrator, Dreamweaver, Marketo, Premiere Pro, Animate, After Effects, Photoshop, Media Encoder, InDesign, Creative Cloud Desktop Application
Implication
If this software remains unpatched it leaves vulnerabilities exposed where a remote attacker could exploit the software and obtain remote access or remote control over the machine affected or obtain information from the software.
Need
Adobe Recommends installing the latest patches for the affected software distributions as soon as possible.
- Illustrator APSB20-53
- Dreamweaver APSB20-55
- Marketo APSB20-60
- Animate APSB20-61
- After Effects APSB20-62
- Photoshop APSB20-63
- Premiere Pro APSB20-64
- Media Encoder APSB20-65
- InDesign APSB20-66
- Creative Cloud Desktop Application APSB20-68
For a brief overview:
For a more detailed overview please click the link after each software title above.
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has discovered and patched numerous vulnerabilities in several products: Cisco Adaptive Security Appliance, Cisco Firepower Management Center, Cisco Firepower Threat Defense Software,
Problem
Cisco has found and patched 17 known vulnerabilities across its products and has issued patches. Unpatched systems are exposed to a multitude of vulnerabilities that could allow attackers to: cause denial of service, preform information gathering attacks, conduct a cross-site scripting attack, and gain complete control of compromised systems.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Cisco advises patching the software and hardware to the most recent security update. There are several security updates so please follow the Cisco technical link provided to ensure all necessary systems are patched.
For a brief overview:
For a more detailed overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Situation
Mozilla has discovered and patched numerous vulnerabilities in its open source email client Thunderbird.
Problem
Mozilla has found and patched several bugs in its most recent version of Thunderbird that an attacker can exploit to take control of unpatched system.
Implication
Failure to patch systems could result in loss of control of affected systems.
Need
Mozilla advises patching to the most up to date version of; Firefox 82, Firefox ESR78.4 and Thunderbird version 78.4.
For a brief overview:
For a more detailed overview:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/
________________________________
Google Releases Security Updates for Chrome
Situation
Google has discovered and patched several vulnerabilities for its Chrome web browser software, including four CVE’s classified as High.
Problem
Google has identified several security vulnerabilities for its Chrome web browser software that an attacker can exploit to take control of affected systems.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. Please upgrade to latest version to ensure that you are protected.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/10/21/google-releases-security-updates-chrome
For a more detailed overview:
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
________________________________
Oracle releases major security updates for October
Situation
Oracle has released security updates for their products. These address 402 vulnerabilities across multiple products.
Problem
Oracle has patched a large number of severe vulnerabilities in their major products including Enterprise Manager, Oracle Database Server, Oracle Java SE, Oracle VM VirtualBox, and much more.
Implication
Attackers can exploit these vulnerabilities to take over systems.
Need
If you are using any Oracle product, make sure to update to the latest version.
For a more detailed overview:
https://www.oracle.com/security-alerts/cpuoct2020.html
________________________________
VMware Releases Security Updates for Multiple Products
Situation
VMware has released security updates to address multiple vulnerabilities have been found in VMware's ESXi, Workstation, Fusion and NSX-T products.
Problem
Of these multiple vulnerabilities the most sever ones are CVE-2020-3992 which is rated as critical and CVE-2020-3982-and-CVE-2020-3981 which are both rated as important.
The most severe vulnerability is an ESXi OpenSLP use-after-free remote code execution (CVE-2020-3992). The vulnerability exists due to a use-after-free error within the OpenSLP service. A remote attacker could send specially crafted SLP messages to trigger a use-after-free error and execute arbitrary code on the system.
Implication
Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.
Need
VMware strongly recommends updating all affected products to protect against this type of attack. For additional and patch information please visit the link below.
For a more detailed overview:
https://www.vmware.com/security/advisories/VMSA-2020-0023.html