Microsoft Releases September 2017 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft's September 2017 Security Update Summary and Deployment...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe RoboHelp, Flash Player, and ColdFusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security...

Mozilla Releases Security Update

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3...

Juniper Issues Security Alert Tied to Routers and Switches

Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS. The alert was in conjunction with a warning from the U.S. Computer Emergency Readiness Team...

Microsoft Releases August 2017 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft's August 2017 Security Update Summary and Deployment...

Adobe Acrobat and Reader Memory Corruption Vulnerability (CNVD-2017-22740)

Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. Adobe Acrobat and Reader memory corruption vulnerabilities, attackers can control the...

Google Releases Security Updates for Chrome OS

Google has released Chrome OS version 60.0.3112.80 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Google Chrome blog entry...

McAfee Releases Security Bulletin for Web Gateway

McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review McAfee Security Bulletin SB10205 and apply the necessary...

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle July...

EUVD-2017-15792

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in its WebEx browser extension on Google Chrome and Mozilla Firefox. A remote attacker could exploit this vulnerability to take control of a system. US-CERT encourages users and administrators to review the Cisco Security Advisory for...

Juniper Networks Releases Multiple Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS and ScreenOS. A remote attacker could exploit several of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Juniper Security Advisorie...

Patch Tuesday - July 2017

Most of the critical vulnerabilities patched this month concern client-side systems, with 14 separate Remote Code Execution RCE issues being addressed for the Microsoft Edge browser and five for Internet Explorer. One of the three Adobe Flash Player vulnerabilities being patched is also a critica...

Windows ALPC Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...

Microsoft Windows Kernel 'Win32k.sys' CVE-2017-8577 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete contro...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:...

Adobe Shockwave Player Memory Corruption Vulnerability (APSB17-18)

Adobe Shockwave Player is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4022718)

This host is missing a critical security update according to Microsoft KB4022718 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Office remote code execution: May 9, 2017

Microsoft Office remote code execution: May 9, 2017 Summary A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library DLL files. An attacker who successfully exploited this vulnerability could take control of an affected...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...