by CIRT Team
Oracle Critical Patch Update – January 2018
Description: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Impact: A remote attacker could exploit some of these vulnerabilities to obtain...
Read More
by CIRT Team
Adobe Releases Security Updates
Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an important out-of-bounds read vulnerability that could lead to information exposure. Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
by CIRT Team
Microsoft Releases Security Updates
Description: Microsoft has released updates to address vulnerabilities in Microsoft software. The January security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps SQL Server ChakraCore .NET Framework .NET Core ASP.NET Core Adobe Flash Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Read More
by CIRT Team
Apple Releases Multiple Security Updates Recommended For All Users
Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : iOS 11.2.2 Safari 11.0.2 macOS High Sierra 10.13.2 Impact: An attacker could exploit these vulnerabilities to obtain access to sensitive information. Mitigation: Updates are available. Please see the Apple security pages for more information. Reference URL’s: https://support.apple.com/en-us/HT208401 https://support.apple.com/en-us/HT208403 https://support.apple.com/en-us/HT208397
by CIRT Team
VMware Releases Security Updates!!
Description: VMware has released security updates to address multiple vulnerabilities for the following products vRealize Operations for Horizon (V4H) vRealize Operations for Published Applications (V4PA) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) Horizon View Client for Windows Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references...
Read More
by CIRT Team
Mozilla Security Update for Thunderbird!!
Description: Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. This attack only affects Windows operating systems. Other operating systems are unaffected. Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
by CIRT Team
Microsoft Releases Security Updates for its Malware Protection Engine
Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
by CIRT Team
Huawei Smart Phones CVE-2017-8205 Integer Overflow Vulnerability
Description: The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution. Impact: Attackers can exploit...
Read More
by CIRT Team
Xen Information Disclosure Vulnerability: CVE-2017-17046
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
by CIRT Team
Xen Information Disclosure Vulnerability: CVE-2017-17046
Description: An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Impact: Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Mitigation: Updates are available. Please see the references...
Read More
