Jenkins 2.56 CLI Deserialization / Code Execution Exploit

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data...

September 8, 2020-KB4576481 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

September 8, 2020-KB4576481 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: September 8, 2020 Version: .NET Framework 4.8 Summary Security improvementsClickOnce will no longer download applications from untrusted servers which use NTLM authentication, but,...

September 8, 2020-KB4576480 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

September 8, 2020-KB4576480 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 Release Date: September 8, 2020 Version: .NET Framework 4.8 Summary Security improvementsClickOnce will no longer download applications from untrusted servers which use NTLM authentication, but,...

July 31, 2020-KB4562899 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004

July 31, 2020-KB4562899 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 Release Date: July 31, 2020 Version: .NET Framework 3.5 and 4.8 The July 31, 2020 update for Windows 10 Version 2004 includes cumulative reliability improvements in .NET 3.5 and 4.8. We...

August 11, 2020-KB4569747 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

August 11, 2020-KB4569747 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS...

August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS...

August 11, 2020-KB4569746 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016

August 11, 2020-KB4569746 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web...

Documalis Free PDF Editor and Scanner JPEG Stack Buffer Overflow

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the us...

Azure File Sync Agent v10.1 Release – June 2020

Azure File Sync Agent v10.1 Release – June 2020 Introduction This article describes the improvements and issues that are fixed in the Azure File Sync Agent v10.1 release that is dated June 2020. Additionally, this article contains installation instructions for this release. Improvements and issue...

Is 97% Network Traffic Offload Interesting?

Sports, gaming, and other live events have the potential to overwhelm network capacity due to the sheer volume of traffic generated when large numbers of viewers or gamers engage. These "peak" events may only occur once a month or even once a year sports championships, election results, gaming...

Bolt CMS 3.7.0 Authenticated Remote Code Execution Exploit

This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7. Th...

Cisco Gather Device General Information

This module collects a Cisco IOS or NXOS device information and configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Gather Device General Information', 'Description' = %q This...

June 18, 2020—KB4567518 (OS Build 10240.18609)

June 18, 2020—KB4567518 OS Build 10240.18609 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates an issue that might prevent certain printers from printing, generate pri...

June 9, 2020—KB4561608 (OS Build 17763.1282)

June 9, 2020—KB4561608 OS Build 17763.1282 IMPORTANT We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the Home,...

September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709

September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1709 includes cumulative reliability improvements in Microsoft .NET Framework 4....

May 12, 2020—KB4556854 (Security-only update)

May 12, 2020—KB4556854 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of...

May 12, 2020—KB4556826 (OS Build 10240.18575)

May 12, 2020—KB4556826 OS Build 10240.18575 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...

5 reasons to move your endpoint security to the cloud now

As the world has adopts work from home initiatives, we’ve seen many organizations accelerate their plans to move from on-premises endpoint security and Detection and Response EDR/XDR solutions to Software as a Service versions. And several customers who switched to the SaaS version last year,...

ThinkPHP 5.0.23 Remote Code Execution Exploit

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the...

April 14, 2020—KB4549949 (OS Build 17763.1158)

April 14, 2020—KB4549949 OS Build 17763.1158 NEW IMPORTANT We have been evaluating the public health situation and understand the impact this is having on many of our customers. To help ease some of the burdens customers are facing, we are going to delay the scheduled end of service date for the...