CVE-2020-8207

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...

Exploit for Code Injection in Cisco Telepresence_Video_Communication_Server

I started looking at Cisco Expressway after I noticed quite a fe...

‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to...

CVE-2020-8207

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...

Improper access control

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...

CVE-2020-8207

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running...

CVE-2020-8207

CVE-2020-8207 concerns Citrix Workspace app for Windows (1912 CU1 and 2006.1) where an improper access control in the Citrix Workspace Updater Service allows privilege escalation and code execution when the automatic updater is running. The vulnerability stems from the UpdateFilePath/UpdateFileHa...

Dropbox: Local Privilege Escalation on Dropbox Desktop for Windows

This report describes a local privilege escalation in the Dropbox automatic updater process on Windows. It would allow a malicious actor who had already gained non-admin access to a Windows computer to obtain admin privileges, if Dropbox had previously been installed with admin privileges. This...

Microsoft Revokes Leaked D-Link Certificates

Microsoft today revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link. Microsoft said it has modified its Certificate Trust List removing trust for the four certs, which could have been used to sign malicious code used in attacks. Th...

MS KB3050995: Improperly Issued Digital Certificates Could Allow Spoofing (deprecated)

The remote host is missing KB3050995, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...

Microsoft Warns Fraudulent Certificate Could Lead to MiTM Attacks

Microsoft has blacklisted a phony SSL certificate that’s been making the rounds and is in the process of warning the general public that the certificate could be leveraged to stage man-in-the-middle attacks. In a security advisory published yesterday the company stressed that an improper...

MS KB2982792: Improperly Issued Digital Certificates Could Allow Spoofing

The remote host is missing KB2982792, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 is installed, it is missing the latest auto-updates. Note that this plugin checks that the updaters have actually updated the disallowed CTL...

Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes

Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...

Microsoft Releases Automatic Updater for Certificate Revocation Lists, Plans to Invalidate Short RSA Keys

As part of its response to the Flame malware and its usage of a forged Microsoft certificate to sign malicious files, Microsoft has changed the way that Windows handles certificates, releasing an automatic updater function that will recognize and flag untrusted certificates. The new functionality...

Adobe Patches Flash Player, Unveils New Silent Updater

Adobe pushed out a security update for its Flash Player Wednesday, patching two critical holes and introducing a new silent update option. The update, Adobe Flash Player 11.2, addresses two memory corruption vulnerabilities in Windows, Mac, Linux and early Android builds that could lead to remote...

Mozilla Readies Silent Updater with New Versions of Firefox

Mozilla announced this week that it plans to integrate a silent updater in the next build of its flagship browser, Firefox, allowing future patches for Firefox 12 to be downloaded and installed in the background while the browser is running, according to a blog post by Robert Nyman, Mozilla’s...

Adobe Releases Quarterly Patches, Enables Auto Updater

Adobe on Tuesday released its quarterly load of patches, including an update for Adobe Reader that fixes several critical vulnerabilities. The company also used the opportunity to enable the new automatic updater in both Reader and Acrobat. The vulnerabilities in Reader could give an attacker the...

Adobe Patches, Auto-Updater Coming on April 13

Adobe today announced plans to ship a critical security patch next Tuesday April 13, 2010 to fix multiple high-risk security holes in its Reader and Acrobat product lines. The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading...

Adobe PDF Reader Gets Another Security Makeover

Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities. The update comes with significant security improvements, including the on-by-default addition “Enhanced Security,” a feature that provides a set of default...