Tag Archives: Microsoft Hyper V

July 2021 Update Summary

I hope you and your families are doing well.

As scheduled, Adobe and Microsoft earlier today made available their monthly security updates. They address 29 and 117 vulnerabilities (respectively) also known as CVEs (defined).

Let us begin with summarising Adobe’s updates for this month:

Adobe Acrobat and Reader: Addresses 20x Priority 2 CVEs (14x Critical Severity and 6x Important Severity)

Adobe Bridge: Addresses 5x Priority 3 CVEs (4x Critical Severity and 1x Moderate Severity)

Adobe Dimension: Addresses 1x Priority 3 CVE (1x Critical Severity)

Adobe Framemaker: Addresses 1x Priority 3 CVE (1x Critical Severity)

Adobe Illustrator: Addresses 3x Priority 3 CVEs (2x Critical Severity and 1 Important Severity)

If you use any of the above Adobe products, please make certain to install the relevant updates as soon as possible. This is especially important in the case of the critical severity updates.

====================

A useful source of update related information is the US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

====================

For this month’s Microsoft updates, I will prioritise the order of installation below:

The most important update this month was released earlier in July. It is the Windows Print Spooler Remote Code Execution Vulnerability: CVE-2021-34527 which addresses the vulnerability known as PrintNightmare. After installing this update, please make certain that steps 1, 2 and the Group policy setting from this KB article are also implemented (both registry DWORD entries should be zero) to better protect against other related exploits.

The image below is a flow diagram (courtesy of Carnegie Mellon University, image is Copyright ©2021 Carnegie Mellon University. My thanks to them for publishing this diagram) which details how an exploit may attempt to either remotely or locally compromise your Windows system. In addition, the diagram shows how the extra registry values described in this KB article help to protect your system from the locally exploitable aspect of this vulnerability.

====================

Windows Print Spooler Remote Code Execution Vulnerability: CVE-2021-34527

Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-34473

Windows Kernel Elevation of Privilege Vulnerability: CVE-2021-31979

Windows Kernel Elevation of Privilege Vulnerability: CVE-2021-33771

Scripting Engine Memory Corruption Vulnerability: CVE-2021-34448

Microsoft Exchange Server Elevation of Privilege Vulnerability: CVE-2021-34523

Windows Kernel Remote Code Execution Vulnerability: CVE-2021-34458

Active Directory Security Feature Bypass Vulnerability: CVE-2021-33781

Windows ADFS Security Feature Bypass Vulnerability: CVE-2021-33779

Windows Certificate Spoofing Vulnerability: CVE-2021-34492

Windows DNS Server Remote Code Execution Vulnerability: CVE-2021-34494

Windows Hyper-V Remote Code Execution Vulnerability: CVE-2021-34450

Dynamics Business Central Remote Code Execution Vulnerability: CVE-2021-34474

Microsoft Defender Remote Code Execution Vulnerability: CVE-2021-34464

Microsoft Defender Remote Code Execution Vulnerability: CVE-2021-34522

Microsoft Windows Media Foundation Remote Code Execution Vulnerability: CVE-2021-34439

Microsoft Windows Media Foundation Remote Code Execution Vulnerability: CVE-2021-34503

Windows Media Remote Code Execution Vulnerability: CVE-2021-33740

Windows MSHTML Platform Remote Code Execution Vulnerability: CVE-2021-34497

====================

Following standard best practice, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

I have also provided further details of updates available for other commonly used applications below. I will add to this list over time.

To all of my readers, I hope you and your families are safe and well during these continuing uncertain times. Thank you.

====================
Mozilla Firefox
====================
Earlier today Mozilla released Firefox 90 and Firefox ESR (Extended Support Release) 78.12 to resolve the following vulnerabilities:

Firefox 90: Addresses 5x High Severity CVEs and 4x Moderate Severity CVEs

Firefox ESR 78.12: Addresses 3x High Severity CVEs

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to benefit from the above change. Firefox 90 also introduced the features listed at this link.

====================
VMware
====================
VMware has released 2 security advisories so far in July to resolve vulnerabilities within the following products:

====================
Advisory 1: Severity: Important
VMware ESXi and VMware Cloud Foundation (Cloud Foundation)

Advisory 2: Severity: Moderate:

VMware ThinApp

If you use any of the above VMware products, please review the above advisories and install the applicable security updates as soon as possible.

May 2021 Update Summary

Leave a reply

During the second week of May, Adobe and Microsoft released their expected monthly security updates. They addressed 44 and 55 vulnerabilities (respectively) more formally known as CVEs (defined). System administrators may be pleased to see the decrease in the number of updates from Microsoft for that month. Apologies for not publishing this post sooner.

Adobe’s updates for May month address issues across a diverse range of products:

Adobe Acrobat and Reader: Resolves 14x Priority 1 vulnerabilities (10x Critical Severity and 4x Important Severity)

Adobe After Effects: Resolves 3x Priority 3 vulnerabilities (2x Critical Severity and 1x Important Severity)

Adobe Animate: Resolves 7x Priority 3 vulnerabilities (2x Critical and 5x Important Severity)

Adobe Creative Cloud Desktop: Resolves 1x Priority 3 vulnerability (1x Critical Severity)

Adobe Experience Manager: Resolves 2x Priority 2 vulnerabilities (1x Critical Severity and 1x Important Severity)

Adobe Genuine Service: Resolves 1x Priority 3 vulnerability (1x Important Severity)

Adobe Illustrator: Resolves 5x Priority 3 vulnerabilities (5x Critical Severity)

Adobe InCopy: Resolves 1x Priority 3 vulnerability (1x Critical Severity)

Adobe InDesign: Resolves 3x Priority 3 vulnerabilities (3x Critical Severity)

Adobe Medium: Resolves 1x Priority 3 vulnerability (1x Critical Severity)

Adobe Media Encoder: Resolves 1x Priority 3 vulnerability (1x Important Severity)

Magento Security Updates: Resolves 7x Priority 2 vulnerabilities (1x Important Severity and 6x Moderate Severity)

Just as always, if you use any of the above Adobe products, please make certain to install the relevant updates as soon as possible. This is especially important in the case of the critical severity updates.

====================

A useful source of update related information is the US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

====================

For this month’s Microsoft updates, I will prioritise the order of installation below:

====================

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability: CVE-2021-31166 (This vulnerability is wormable and a proof of concept exploit is available)

Microsoft Hyper-V Remote Code Execution Vulnerability: CVE-2021-28476 (a proof of concept exploit for this vulnerability is also available)

Microsoft Exchange Server Security Feature Bypass Vulnerability: CVE-2021-31207

Microsoft OLE Automation Remote Code Execution Vulnerability: CVE-2021-31194

Microsoft .NET Core and Visual Studio Elevation of Privilege Vulnerability: CVE-2021-31204

Microsoft Common Utilities Remote Code Execution Vulnerability: CVE-2021-31200

Microsoft Scripting Engine Memory Corruption Vulnerability: CVE-2021-26419

====================

As per standard best practice, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

I have also provided further details of updates available for other commonly used applications below.

To all of my readers, I hope you and your families are doing well during these challenging times. Thank you.

====================
Mozilla Firefox
====================
In the first week of May Mozilla released Firefox 88.0.1 and Firefox ESR (Extended Support Release) 78.10.1 to resolve the following vulnerabilities:

Firefox 88.0.1: Addresses 1x Critical Severity CVE and 1x High Severity CVE

Firefox ESR 78.10.1: Addresses 1x Moderate Severity CVE

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to benefit from the above change. Firefox 88 also introduced the features listed at this link.

====================

Google Chrome

====================

Google released 2 Chrome updates in May versions 90.0.4430.212 and 91.0.4472.77 for Linux, Mac and Windows to resolve 19 and 33 security vulnerabilities (respectively).

Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 vertically stacked dots) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.

=======================
Putty
=======================
Putty, the open source and highly popular SSH (defined) client for Windows, was updated to version 0.75 in early May. It contains 1 security fixes (see below). Version 0.75 is downloadable from here.

If you use Putty, please update it to version 0.75. Thank you.

Security vulnerability fixed:

vuln-windows-remote-title-dos: Rapid changes of window title can DoS Windows GUI

====================
VideoLAN VLC
====================
On the 10th of May VideoLAN released version 3.0.13 resolving 4 known vulnerabilities. The other non-security improvements introduced are detailed in the above 3.0.13 link and within the changelog. Version 3.0.14 was later released to address an auto-update issue (not security related).

The most recent versions of VLC can be downloaded from:
http://www.videolan.org/vlc/

====================
VMware
====================
VMware released 4 security advisories to resolve vulnerabilities within the following products:

====================
Advisory 1: Severity: Critical:
VMware vRealize Business for Cloud

Advisory 2: Severity: Low:

VMware Workspace ONE UEM console

Advisory 3: Severity: Low:

VMware Workstation Pro / Player (Workstation)

VMware Horizon Client for Windows

Advisory 4: Severity: Critical:

VMware vCenter Server (vCenter Server)

VMware Cloud Foundation (Cloud Foundation)

If you use any of the above VMware products, please review the above advisories and install the applicable security updates as soon as possible.

March 2021 Update Summary

Leave a reply

====================
Updated Post
====================

To my readers; I hope you and your families are safe and well during these on-going challenging times. Sorry once again for the delay in publishing this post. However, it does contain information made available after the 9th March and should still prove useful.

On Tuesday, 9th March saw the usual release of security updates by both Adobe and Microsoft. Adobe’s updates addressing 17 and Microsoft’s updates addressing 89 vulnerabilities more formally known as CVEs (defined).

====================

Before we begin with Adobe’s updates, Microsoft’s updates for Windows 10 have caused and are continuing to cause issues when printing. Revised updates to resolve these issues partially fixed them and yet more updates to resolve the remaining issues are themselves sometimes failing to install.

Microsoft have since released revised updates which have resolved the installation issues while printing as expected. You should now be able to update your systems (Windows 10 and Windows 8.1) as normal.

====================

Adobe released 2 sets of updates this month to resolve vulnerabilities in the following products:

Adobe Animate: Addresses 7x Priority 3 vulnerabilities (2x Critical Severity and 5x Important Severity)

Adobe ColdFusion: Addresses 1x Priority 3 vulnerability (1x Critical Severity)

Adobe Connect: Addresses 4x Priority 3 vulnerabilities (1x Critical Severity and 3x Important Severity)

Adobe Creative Cloud Desktop: Addresses 3x Priority 3 vulnerabilities (3x Critical Severity)

Adobe Framemaker: Addresses 1x Priority 3 vulnerability (1x Critical Severity)

Adobe Photoshop: Addresses 2x Priority 3 vulnerabilities (2x Critical Severity)

As always, if you use any of the above Adobe products, please make certain to install the relevant updates as soon as possible. This is especially important in the case of the critical severity updates.

====================
A further useful source of update related information is the US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/
====================

For this month’s Microsoft updates, I will prioritise the order of installation below:

====================

Important

====================

If you use Microsoft Exchange (the on-premises, non-cloud Office 365 version); please follow the steps below first to make sure your Exchange server is secure:

It is recommended to first check if a vulnerable system has been compromised before installing the necessary security updates.

You can inventory your systems to check which systems require patching using the guidance from the first Microsoft reference below. You can then use Microsoft Exchange On-Premises Mitigation Tool to temporarily mitigate some of the known security issues and scan for and remove any traces of compromise placed there by threat actors. More thorough investigation of system logs may be necessary if any evidence of compromise is found. Finally; the vulnerable systems can be patched to prevent further exploitation.

Further defence in depth measures are recommended to further harden servers from attacks resulting in web shells being placed upon them.

Microsoft stated recently that 92% of Exchange servers globally were updated against these vulnerabilities but more work still needs to be done to bring the figure as high as possible:
====================

Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-26412

Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-26857

Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-26858

Windows DNS Server Remote Code Execution Vulnerability: CVE-2021-26897

Windows Hyper-V Remote Code Execution Vulnerability: CVE-2021-26867

Microsoft Azure Sphere Unsigned Code Execution Vulnerability: CVE-2021-27080

Git for Visual Studio Remote Code Execution Vulnerability: CVE-2021-21300

OpenType Font Parsing Remote Code Execution Vulnerability: CVE-2021-26876

Microsoft Internet Explorer Memory Corruption Vulnerability: CVE-2021-26411

Microsoft Windows Win32k Elevation of Privilege Vulnerability: CVE-2021-27077

HEVC Video Extensions Remote Code Execution Vulnerabilities: CVE-2021-24089, CVE-2021-26902 and CVE-2021-27061

Microsoft Azure Sphere Unsigned Code Execution Vulnerability: CVE-2021-27074

A revised fix was made available for PsExec in March 2021 following an initial update in February 2021.

I have also provided further details of updates available for other commonly used applications below (I will continue to add to this list).

To all of my readers; I hope you and your families continue to stay well during these challenging times. Thank you.

====================
Mozilla Firefox
====================
In the third week of March Mozilla made available Firefox 87 and Firefox ESR (Extended Support Release) 78.9 to resolve the following vulnerabilities:

Firefox 87: Resolves 2x High severity CVEs, 4x Moderate severity and 2x Low severity

Firefox 78.9: Resolves 2x High Severity CVEs and 1x set of security issues (rated High) and 2x Moderate severity CVEs

Firefox 87 also introduces the following new features (my thanks to ghacks.net for this):

Firefox 87 introduces SmartBlock, a feature to reduce website breakage when using private browsing or strict enhanced tracking protection.
The default HTTP Referrer policy will trim the path so that only the domain name is submitted for cross-origin requests.

====================
Google Chrome
====================

Google has released 4 Chrome updates in March version 89.0.4389.72 , version 89.0.4389.90 and version 89.0.4389.114 for Linux, Mac and Windows to resolve 47, 5 and 8 security vulnerabilities (respectively). Version 89.0.4389.82 for does not contain security updates.

====================
Netmask Library
====================

The netmask npm library disclosed a security issue that was addressed in version 2.0.0. Version 2.0.2 has since been released with the previous version 2.0.1 providing a more complete fix for CVE-2021-29418. Further details are available from BleepingComputer.

The relevant security advisory is here with details of how to download version 2.0.2 available from here. Please update to this version if you use this library.

====================
Original Post
====================

To my readers; I hope you are doing well.

In advance of next Tuesday’s security updates by Adobe and Microsoft I wanted to highlight the following emergency updates from Microsoft intended for Microsoft Exchange. Google also released an important update for Chrome.

If you use Microsoft Exchange 2013, 2016 or 2019, please make certain to install the following updates as soon as possible. Attackers are already seeking to advantage of these vulnerabilities:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065

BleepingComputer also provided the following helpful links:

How to install the Microsoft Exchange Updates

Provided PowerShell console commands to scan event logs for traces of attacks against these vulnerabilities

An Nmap script to scan your network for vulnerable Exchange servers (provided by Microsoft Senior Threat Intelligence Analyst Kevin Beaumont)

Special thanks to BleepingComputer for the above links and advice. Thank you.

====================
Google Chrome
====================
Google released Google Chrome v89.0.4389.72 for Linux, Mac and Windows on the 2nd March to resolve 47 security vulnerabilities. One; CVE-2021-21166 is being exploited by attackers.

December 2020 Update Summary

Leave a reply

To my readers; I hope all is well for you and our families.

As expected, earlier this week Adobe and Microsoft issued their monthly security updates. These updates address 4 and 58 vulnerabilities (respectively) more formally known as CVEs (defined).

Let’s begin with Adobe updates; while 4 updates were made available yesterday.

Adobe Experience Manager: 2x Priority 2 (1x Critical Severity and 1x Important Severity)

Adobe Prelude: Resolves 1x Priority 3 CVE (1x Critical Severity)

Adobe Lightroom: Resolves 1x Priority 3 CVE (1x Critical Severity)

Adobe Acrobat and Reader: Resolves 1x Priority CVEs (1x Important Severity)(at the time of writing the updates have not yet been made available)

If you use any of the above Adobe products, please consider updating them especially those with critical severity updates. Microsoft’s plans for Flash Player are detailed in their blog post.

Microsoft’s monthly summary; lists Known Issues for 15 Microsoft products this month, all but one has a workaround.

https://www.us-cert.gov/

====================
For this month’s Microsoft updates, I will prioritise the order of installation below:
====================
Microsoft Exchange Remote Code Execution Vulnerability: CVE-2020-17132

Windows Hyper-V Remote Code Execution Vulnerability: CVE-2020-17095

Chakra Scripting Engine Memory Corruption Vulnerability: CVE-2020-17131

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability: CVE-2020-17152

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability: CVE-2020-17158

Microsoft Exchange Remote Code Execution Vulnerability: CVE-2020-17117

Microsoft Exchange Remote Code Execution Vulnerability: CVE-2020-17142

Microsoft SharePoint Remote Code Execution Vulnerability: CVE-2020-17118

Microsoft SharePoint Remote Code Execution Vulnerability: CVE-2020-17121

I have also provided further details of updates available for other commonly used applications below.

To all of my readers and your families, I hope you are continuing to stay safe during these challenging times. Happy Holidays and Best Wises for the New Year. Thank you.

====================
Google Chrome
====================
So far this month, Google has made available 1 Chrome update version 87.0.4280.88 for Linux, Mac and Windows to resolve 8 security vulnerabilities. Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 vertically stacked dots) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.

Ransomware Seeks to Encrypt your Virtual Machines

Leave a reply

TL;DR:
While this ransomware is not very active it incorporates some features that make virtual machines particularly vulnerable to it. Please consider adding the additional protection measures to your virtual machine infrastructure to better safeguard them from this ransomware and data theft in general.
====================

Ransomware generally seeks to encrypt data such as business and personal documents in order to force you into paying to re-gain access to them. This recent ransomware variant has the potential to do even more damage.

Why should this ransomware be considered significant?
If you use virtual machine for personal testing of new software or within a corporate environment to run many systems on a single high-performance server; this ransomware will put you at higher risk. It targets the files which a virtual machine (VM) is made up of for both Microsoft Hyper-V (details here and here) and VMware VMs. This malware mounts these files to encrypt separately in order to speed up the process of infiltrating your system. Similar ransomware was seen in 2012.

How can I protect my organisation or myself from this threat?
In addition to the standard practices (please see page 7 of this Sophos white paper) of preventing and mitigating ransomware, please consider the following steps. These will protect your virtual machines from this malware and from future threats that may seek to do the same.

Please note that these techniques will only protect the VMs files when they are not in use; thus recent offline backups of VM files remain essential.

For Microsoft Hyper-V VMs, please consider encrypting your VM (shielding VMs) to protect them from being encrypted by ransomware (protection only applies while the VM is not in use):

Microsoft Hyper-V
Creating Hyper-V Shielded VMs

For VMware:
VMware vSphere 7.0: How vSphere Virtual Machine Encryption Protects Your Environment

Virtual Machine Encryption

VMware Workstation

The above steps should help to better prepare you for evolving ransomware threats. My thanks to BleepingComputer for detailing this threat and to Sophos for the whitepaper referenced above. Thank you and please stay safe.

November 2020 Update Summary

Leave a reply

To my readers; I hope you and your families are doing well. Apologies for not publishing this post sooner.

As scheduled earlier this week; Adobe and Microsoft issued their monthly security updates. These updates address 17 and 112 vulnerabilities (respectively) more formally known as CVEs (defined).

First, let’s detail the Adobe updates; the Acrobat update was released a week ago:

Adobe Connect: Resolves 2x Priority 3 CVEs (2x Important Severity)

Adobe Acrobat and Reader: Resolves 14x Priority 2 CVEs (4x Critical Severity, 6x Important Severity and 4x Moderate Severity)

Adobe Reader Mobile: Resolves 1 x Priority 3 (1x Important Severity)

If you use any of the above Adobe products, especially Acrobat or Reader with its critical severity updates; please install these updates as soon as possible.

Microsoft’s monthly summary; lists Known Issues for 17 Microsoft products again this month but all have workarounds listed.

https://www.us-cert.gov/

====================
For this month’s Microsoft updates, I will prioritise the order of installation below:
====================
Windows Network File System Remote Code Execution Vulnerability: CVE-2020-17051

Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2020-17084

Windows Kernel Local Elevation of Privilege Vulnerability: CVE-2020-17087

Windows Hyper-V Security Feature Bypass Vulnerability: CVE-2020-17040

Chakra Scripting Engine Memory Corruption Vulnerability: CVE-2020-17048

Scripting Engine Memory Corruption Vulnerability: CVE-2020-17052

Internet Explorer Memory Corruption Vulnerability: CVE-2020-17053

Microsoft Browser Memory Corruption Vulnerability: CVE-2020-17058

Azure Sphere Elevation of Privilege Vulnerability: CVE-2020-16988

AV1 Video Extension Remote Code Execution Vulnerability: CVE-2020-17105

HEIF Image Extensions Remote Code Execution Vulnerability: CVE-2020-17101

HEVC Video Extensions Remote Code Execution Vulnerability: CVE-2020-17106

HEVC Video Extensions Remote Code Execution Vulnerability: CVE-2020-17107

HEVC Video Extensions Remote Code Execution Vulnerability: CVE-2020-17108

HEVC Video Extensions Remote Code Execution Vulnerability: CVE-2020-17109

HEVC Video Extensions Remote Code Execution Vulnerability: CVE-2020-17110

Raw Image Extension Remote Code Execution Vulnerability: CVE-2020-17078

Raw Image Extension Remote Code Execution Vulnerability: CVE-2020-17079

Raw Image Extension Remote Code Execution Vulnerability: CVE-2020-17082

Windows Print Spooler Remote Code Execution Vulnerability: CVE-2020-17042

I have also provided further details of updates available for other commonly used applications and devices below.

To all of my readers and your families, I hope you are continuing to stay safe during these tough times. Thank you.

====================
Google Chrome
====================
So far this month, Google has made available 4 Chrome updates version 86.0.4240.183 , 86.0.4240.193, 86.0.4240.198 and 87.0.42809.67 for Linux, Mac and Windows to resolve 10, 1, 2, and 33 security vulnerabilities (respectively) and to introduce new features (please see this BleepingComputer link for details). My thanks to BleepingComputer for this detailed description.

====================
Mozilla Firefox
====================
In the second week of November, Mozilla released Firefox 82.0.3 and Firefox ESR (Extended Support Release) 78.4.1 to resolve the following security vulnerabilities:

Firefox 82.0.3: Resolves 1x Critical severity CVE

Firefox ESR 78.4.1: Resolves 1x Critical severity CVE

Later during the 3rd week of November, Mozilla made Firefox 83 which again resolved security vulnerabilities (details provided below) and introduced new features such as HTTPS only mode, and improved PDF viewer as well as improved JavaScript performance and reduced memory usage etc. My thanks to BleepingComputer for this explanation.

Firefox 83: Resolves 4x High Severity CVEs, 11x Moderate CVEs, 6x Low CVEs

Firefox ESR 78.5: Resolves 2x High Severity CVEs, 8x Moderate and 2x Low CVEs

====================
VMware
====================
VMware released 3 security advisories impacting the following products. If you use any of the VMware products listed below, please review the above advisories and install the applicable security updates as soon as possible:

Advisory 1: Severity: Important:
VMware SD-WAN Orchestrator (SD-WAN Orchestrator)

Advisory 2: Severity: Critical:
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation

Advisory 3: Severity: Critical:
VMware Workspace One Access (Access)
VMware Workspace One Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

October 2020 Update Summary

Leave a reply

I hope all of my readers and your families are doing well. Apologies for not publishing this post sooner.

During the second week of October; as expected Adobe and Microsoft made available their scheduled security updates.

Adobe’s updates were released in two groups; one on the 13th October with a further set on the 20th October. In total, they resolve 21 separate vulnerabilities more formally known as CVEs (defined). Microsoft decreased the number of vulnerabilities addressed this month to 87 an approximate 20% decrease over previous months.

Let’s first details the Adobe vulnerabilities:

Adobe After Effects: Resolves 2x Priority 3 CVEs (2x Critical Severity)

Adobe Animate: Resolves 4x Priority 3 CVEs (4x Critical Severity)

Adobe Creative Cloud Desktop: Resolves 1x Priority 3 CVE (1x Critical Severity)

Adobe Dreamweaver: Resolves 1x Priority 3 CVE (1x Important Severity)

Adobe Flash Player: Resolves 1x Priority 2 CVE (1x Critical Severity)

Adobe Illustrator: Resolves 7x Priority 3 CVEs (7x Critical Severity)

Adobe InDesign: Resolves 1x Priority 3 CVE (1x Critical Severity)

Marketo Sales Insight package for Salesforce: Resolves 1x Priority 2 CVE (1x Important Severity)

Adobe Media Encoder: Resolves 1x Priority 3 CVE (1x Critical Severity)

Adobe Photoshop: Resolves 1x Priority 3 CVE (1x Critical Severity)

Adobe Premiere Pro: Resolves 1x Priority 3 CVE (1x Critical Severity)

The above update for Flash Player is likely the final update before its decommissioning at the end of December 2020. If you use any of the Adobe products, please install the above updates as soon as possible since many address critical vulnerabilities.

https://www.us-cert.gov/

====================
For October’s Microsoft updates, I will prioritise the order of installation below:
====================
Windows TCP/IP Remote Code Execution Vulnerability: CVE-2020-16898

Windows Hyper-V Remote Code Execution Vulnerability: CVE-2020-16891

Microsoft Outlook Remote Code Execution Vulnerability: CVE-2020-16947

Microsoft SharePoint Remote Code Execution Vulnerability: CVE-2020-16951

Microsoft SharePoint Remote Code Execution Vulnerability: CVE-2020-16952

Windows Error Reporting Elevation of Privilege Vulnerability: CVE-2020-16909

.NET Framework Information Disclosure Vulnerability: CVE-2020-16937

Windows Kernel Information Disclosure Vulnerability: CVE-2020-16901

Windows Kernel Information Disclosure Vulnerability: CVE-2020-16938

Windows Setup Elevation of Privilege Vulnerability: CVE-2020-16908

Windows Storage VSP Driver Elevation of Privilege Vulnerability: CVE-2020-16885

GDI+ Remote Code Execution Vulnerability: CVE-2020-16911

Media Foundation Memory Corruption Vulnerability: CVE-2020-16915

Microsoft Graphics Components Remote Code Execution Vulnerability: CVE-2020-16923

Windows Camera Codec Pack Remote Code Execution Vulnerability: CVE-2020-16967

Windows Camera Codec Pack Remote Code Execution Vulnerability: CVE-2020-16968

====================

As always, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

I have also provided further details of updates available for other commonly used applications and devices below.

To all of my readers and your families, I hope you are continuing to stay safe during these challenging times. Thank you.

====================
Google Chrome
====================
Google made available two Google Chrome updates during the month of October; versions 86.0.4240.75 and 86.0.4240.111 for Linux, Mac and Windows to resolve 35 and 5 security vulnerabilities (respectively).

====================
VMware
====================
VMware released just 1 security advisory to resolve a vulnerability within the following product:

====================
Advisory 1: Severity: Moderate:
VMware Horizon Client for Windows

If you use VMware Horizon Client for Windows, please review the above advisory and install the applicable security update as soon as possible.

July 2020 Update Summary

Leave a reply

Earlier this month Adobe and Microsoft made available their expected security updates. These updates resolve 13 and 123 vulnerabilities (respectively) more formally known as CVEs (defined).

An interesting fact as pointed out by ZDI is that for “five straight months of 110+ CVEs released and brings the total for 2020 up to 742. For comparison, Microsoft released patches for 851 CVEs in all of 2019. At this pace, Microsoft will eclipse that number next month. They have already passed their totals for 2017 (665) and 2018 (691)”.

I believe that while this gives us all more work to apply the patches, overall we are becoming safer since more issues are being discovered and resolved.

Let’s begin with Adobe’s updates:

Adobe Bridge: 3x Priority 3 CVEs resolved (3x Critical Severity)

Adobe ColdFusion: 2x Priority 2 CVEs resolved (2x Important Severity)

Adobe Creative Cloud Desktop Application: 4x Priority 2 CVEs (1x Critical and 3x Important Severity)

Adobe Download Manager: 1x Priority 3 (1x Critical Severity)

Adobe Genuine Service: 3x Priority 3 (3x Important Severity)

Adobe Media Encoder: 3x Priority 3 (2x Critical Severity, 1x Important Severity)

Adobe Photoshop: 5x Priority 3 CVEs resolved (5x Critical Severity)

If you use any of the above Adobe products, especially those with critical severity updates; please install these updates as soon as possible.

Microsoft’s monthly summary; lists Known Issues for 11 Microsoft products but all have workarounds or corrective updates.

https://www.us-cert.gov/

====================
For this month’s Microsoft updates, I will prioritize the order of installation below:
====================

The highest priority update for this month is the Windows DNS Server vulnerability. Please see my dedicated post for more details.

Windows SharedStream Library Elevation of Privilege Vulnerability: CVE-2020-1463

Windows Font Library Remote Code Execution Vulnerability: CVE-2020-1436

GDI+ Remote Code Execution Vulnerability: CVE-2020-1435

.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability: CVE-2020-1147

Windows Hyper-V RemoteFX vGPU Vulnerabilities: CVE-2020-1032 , CVE-2020-1036 , CVE-2020-1040 , CVE-2020-1041 , CVE-2020-1042 , CVE-2020-1043

For these Hyper-V vulnerabilities; they affect Intel and AMD GPU drivers. Intel has not yet released updates for these vulnerabilities. AMD has scheduled driver updates for September 2020. Nvidia GPU drivers are not affected.

DirectWrite Remote Code Execution Vulnerability: CVE-2020-1409

GDI+ Remote Code Execution Vulnerability: CVE-2020-1435

LNK Remote Code Execution Vulnerability: CVE-2020-1421

Microsoft Outlook Remote Code Execution Vulnerability: CVE-2020-1349

Microsoft Office Elevation of Privilege: CVE-2020-1025

Remote Desktop Client Remote Code Execution Vulnerability: CVE-2020-1374

VBScript Remote Code Execution Vulnerability: CVE-2020-1403

Windows Address Book Remote Code Execution Vulnerability: CVE-2020-1410

PerformancePoint Services Remote Code Execution Vulnerability: CVE-2020-1439

I have also provided further details of updates available for other commonly used applications and devices below.

To all of my readers and your families, I hope you are continuing to stay safe during these tough times; things are slowly getting better. Thank you.

====================
Nvidia
====================
In early July Nvidia released a security update for GeForce Experience. A further security update was released on the 8th of July for Nvidia’s NVIDIA Jetson AGX Xavier, TX1, TX2, and Nano L4T software development kit (SDK) for Linux.

As was the case with previous Nvidia security updates all of these vulnerabilities are local vulnerabilities rather than remote meaning that an attacker would first need to compromise your system before exploiting the vulnerabilities to elevate their privileges.

To resolve the local vulnerabilities within GeForce Experience apply the necessary update by opening GeForce Experience which will automatically update it or the update can be obtained from here.

An updated version of the Nvidia’s NVIDIA Jetson AGX Xavier, TX1, TX2, and Nano L4T software development kit (SDK) is available from NVIDIA DevZone. An alternative means of mitigating the vulnerability is also provided in the security advisory.

Separately as pointed out above in the update prioritisation for Microsoft’s updates, Nvidia have confirmed that their GPU drivers are not affected by the Windows Hyper-V RemoteFX vGPU vulnerabilities responsibly disclosed by the Cisco Talos team.

====================
Google Chrome
====================
In mid-July Google made available Chrome version 84.0.4147.89 or Linux, Mac and Windows to resolving 38 security vulnerabilities and introducing new features (please the see above Google link for details).

====================
VMware
====================
VMware released 3 security advisories to resolve vulnerabilities within the following products:

====================
Advisory 1: Severity: Critical:

VMware vSphere ESXi (ESXi)

VMware Workstation Pro / Player (Workstation)

VMware Fusion Pro / Fusion (Fusion)

VMware Cloud Foundation

====================
Advisory 2: Severity: Important:

VMware SD-WAN by VeloCloud (VeloCloud)

====================
Advisory 3: Severity: Important:

VMware Fusion Pro / Fusion (Fusion)

VMware Remote Console for Mac (VMRC for Mac)

VMware Horizon Client for Mac

====================
If you use any of the above VMware products, please review the above advisories and install the applicable security updates as soon as possible, especially in the case of the critical security updates.

====================
Wireshark
====================
On the 1st July; Wireshark made available security updates (I’ll detail only the 2 most recent versions here):

v3.2.5: Relating to 1 security advisory for 1 CVE

v3.0.12: Resolves minor non-security bugs.

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v3.2.5 or v3.0.12). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

=======================
Apple Security Updates:
=======================
In mid-July; Apple made available the following updates.

Further details for these updates are as follows:

macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra: Resolves 19 CVEs.
watchOS 6.2.8: Resolves 19 CVEs.
Apple tvOS 13.4.8: Resolves 20 CVEs.
Apple iOS 13.6 and iPadOS 13.6: Resolves 29 CVEs.
Safari 13.1.2: Resolves 11 CVEs.

While the following products do not have CVEs associated with them, it is still best practice to use the most updated versions:

Apple iOS 12.4.8
Apple Xcode 11.6
Apple watchOS 5.3.8
=======================

Please see these links from Apple for advice on backing up your iPhone and iPad. Steps for updating them are here. Advice for updating tvOS is available here while the steps for updating the Apple Watch are available here.

As always; further details of these updates are available on Apple’s dedicated security updates page.

For advice on how to install updates for Apple devices, please see the steps detailed at the end of this Sophos blog post as well as this link (from my “Protecting Your PC”

April 2020 Update Summary

Leave a reply

=======================
Update: 27th April 2020
=======================
Late last week, Microsoft issued a security advisory for Microsoft Office 2019, 365 ProPlus and Paint 3D (available within Windows 10).

These correct 4 remote code execution (an attacker can carry out any action of their choice on a compromised system) and 2 denial of service (in this instance the affected application will become unresponsive) vulnerabilities. These vulnerabilities also affect the following Autodesk products:

FBX-SDK
Maya
Motion Builder
Mudbox
3ds Max
Fusion
Revit
Flame
Infraworks
Navisworks
Autodesk AutoCAD

Please make certain your versions of the affected Autodesk products, Office 2019 or 365 ProPlus and Paint3D are up to date. The steps detailed in this linked to BleepingComputer article will guide you through doing so. The Paint3D app should have already installed the update automatically. However you can manually check for updates with these steps.

The necessary details to update the affected Autodesk products are available in the above linked to Autodesk security advisory. Details for verifying if Paint3D and Microsoft Office have been updated are provided in Microsoft’s advisory. Please see the questions titled: “I am running Office 2019 or Office 365 ProPlus. How do I tell if the security update for this vulnerability is included in my version of Office?” and “I have Paint 3D or 3D Viewer installed. How do I know if I have the security update installed?” Further details of the potential impact of these vulnerabilities as well as a recommended mitigation step are provided in this Sophos blog post.

Thank you.

=======================
Update: 15th April 2020
=======================
Yesterday Microsoft released their scheduled updates to resolve 113 CVEs (defined). Similarly Adobe released 3 security bulletins.

Microsoft’s monthly summary; lists Known Issues for 43 Microsoft products but all have workarounds or resolution steps listed.

To begin with, let’s look at Adobe’s updates:
Adobe After Effects: 1x Priority 3 CVE resolved (1x Important severity)
Adobe ColdFusion: 3x Priority 2 CVEs resolved (3x Important severity)
Adobe Digital Editions: 1x Priority 3 CVE resolved (1x Important severity)

Adobe later issued further updates:
Adobe Bridge: 17x Priority 3 CVEs resolved (14x Critical severity, 3x Important severity)
Adobe Illustrator: 5x Priority 3 CVEs resolved (5x Critical severity)

If you use the above Adobe products, please install these updates (especially in the case of the above critical vulnerabilities within Bridge and Illustrator).

https://www.us-cert.gov/

====================
As always for this month’s Microsoft updates, I will prioritize the order of installation below:
====================
Following disclosure last month, the Adobe Type Manager (ATM) vulnerabilities have been patched in addition to the following zero day vulnerabilities and a further publicly disclosed vulnerability;

Zero Days (defined):
Microsoft Adobe Type Manager: CVE-2020-0938 and CVE-2020-1020
Microsoft Scripting Engine: CVE-2020-0968
Windows Kernel: CVE-2020-1027

Publicly disclosed:
Microsoft OneDrive: CVE-2020-0935

====================
Microsoft Scripting Engine: CVE-2020-0970
Microsoft Chakra Scripting Engine: CVE-2020-0969
Microsoft Graphics: CVE-2020-0687
Microsoft Graphics Components: CVE-2020-0907
Windows DNS: CVE-2020-0993
Windows Hyper-V: CVE-2020-0910
Windows Codecs: CVE-2020-0965
Windows Media Foundation: CVE-2020-0948 , CVE-2020-0949 , CVE-2020-0950
Microsoft SharePoint: CVE-2020-0929 , CVE-2020-0931 , CVE-2020-0932, CVE-2020-0974
Microsoft Office SharePoint XSS: CVE-2020-0927
Microsoft Dynamics: CVE-2020-1022

====================

Please install the remaining updates at your earliest convenience.

I have also provided further details of updates available for other commonly used applications and devices below.

To all of my readers and your families, please stay safe during these challenging times. Thank you.

====================
Mozilla Firefox
====================
On the 7th of April, Mozilla released Firefox 75 and Firefox ESR (Extended Support Release) 68.7 to resolve the following vulnerabilities:

Firefox 75.0: Addresses 3x high severity CVEs, 3x moderate severity CVEs

Firefox 68.7 ESR: Addresses 4x high severity CVEs (1 of which only affects Firefox for Android) and 1x moderate severity CVE

Firefox 75 and the previous 74.0.1 reverse the removal of support for TLs 1.0 and TLS 1.1. due to the current COVID-19 situation. It offers improved performance when installed on systems powered by Intel GPUs (defined), is available in the Flatpak distribution format for Linux and offers improved performance by “locally cache all trusted Web PKI Certificate Authority certificates that Mozilla knows, improving security and HTTPS compatibility with misconfigured web servers as a direct result”. Moreover, an improved address bar is now present in Firefox 75. Its improvements are detailed in Firefox’s release notes. Please also be aware of the new telemetry Mozilla has begun to collect with Firefox 75, you may or may not wish to turn this off.

Firefox 74.0.1 and Firefox ESR 68.6.1 were released on the 3rd of April to resolve the following zero day (defined) vulnerabilities actively being exploited in targeted attacks:

Firefox 74.0.1 and Firefox 68.6.1 ESR: Addresses 2x critical severity CVEs

====================
VMware
====================
VMware released 3 security advisories to resolve vulnerabilities within the following products:

VMware vCenter Server
VMware vRealize Log Insight
VMware ESXi 6.5 up to and including 7.0

====================
Advisory 1: Severity: Critical:
VMware vCenter Server

Advisory 2: Severity: Important
VMware vRealize Log Insight

Advisory 3: Severity: Important:
VMware ESXi 6.5 up to and including 7.0
====================

If you use either of the above products, please review the above advisories and install the applicable security updates as soon as possible.

=======================
Oracle:
=======================
Oracle issued updates to resolve 405 vulnerabilities this month. Further details and installation steps are available here. 15 vulnerabilities affect the Java runtime; all of which are remotely exploitable without an attacker needing to obtain a user’s username and password (their credentials).

Separately Oracle has issued a notice that attacks are being detected attempting to exploit a patched vulnerability (CVE-2020-2883) in Oracle Web Logic server. They strongly suggest installing this month’s update for that product to protect against these attacks.

If you use any of the Oracle products listed here, please install the appropriate security updates as soon as possible.

====================
OpenSSL
====================
On the 21st April the OpenSSL Foundation issued OpenSSL 1.1.1g which includes a high severity security fix.

FTP mirrors to obtain the necessary downloads are available from here. Downloadable Tarballs (compressed/packaged code made for distribution) are available from here.

It should also be possible to use the package manager of a Linux/Unix operating system to update your OpenSSL installation as mentioned within the section titled “Installing updates for Linux distributions” on the “Protecting Your PC” page of this blog.

=======================
WinSCP:
=======================
In early April WinSCP version 5.17.3 was made available upgrading its version of OpenSSL to 1.1.1f (from the previous version of 1.1.1d). This update resolves 1x Low severity vulnerability.

On the 24th of April, WinSCP was upgraded to version 5.17.4 which also upgrades its version of OpenSSL to version 1.1.1g resolving a high severity vulnerability. Please install this update if you use WinSCP.

====================
VideoLAN VLC
====================
On the 28th of April, VideoLAN released version 3.0.10 resolving multiple security issues (version 3.2.12 for Android and version 3.2.7 for iOS were also released) assigned to 7 CVEs (various DOSes (Denial of Services) in the microDNS service discovery). 1 CVE has been rated as critical with the other 6 being of high severity. The most recent versions can be downloaded from:

http://www.videolan.org/vlc/

====================
Wireshark
====================
In early April, Wireshark made available the following updates (I’ll detail only the 2 most recent versions here):

v3.2.3: Relating to 1 security advisory (relating to 1 CVE)
v3.0.10: Relating to 1 security advisory (relating to 1 CVE)

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v3.2.4 or v3.0.9). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

Thank you and please stay safe.

February 2020 Update Summary

Leave a reply

Today marks the release of this year’s second wave of scheduled updates from Adobe and Microsoft. 42 vulnerabilities were resolved by Adobe with Microsoft addressing 99 CVEs (defined).

Let’s start with Adobe’s patches first:
====================
Adobe
====================
Adobe Acrobat and Reader: 17x Priority 2 CVEs resolved (12x Critical, 3x Important, 2x Moderate severity)

Adobe Digital Editions: 2x Priority 3 CVEs resolved (1x Critical and 1x Important severity)

Adobe Experience Manager: 1x Priority 2 CVE resolved (1x Important severity)

Adobe Flash Player: 1x Priority 2 CVE resolved (1x Critical severity)

Adobe Framemaker: 21x Priority 3 CVEs resolved (21x Critical severity)

If you use the above Adobe products, please install these updates (especially in the case of the above critical vulnerabilities within Flash Player, Adobe Acrobat/Reader and Framemaker).
====================

Microsoft’s monthly summary; lists Known Issues for 13 Microsoft products but all have workarounds or resolution steps listed.

====================
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

====================
As always for this month’s Microsoft updates, I will prioritize the order of installation below:
====================
Microsoft Scripting Engine: CVE-2020-0710 , CVE-2020-0711 , CVE-2020-0712 , CVE-2020-0713 , CVE-2020-0767

Internet Explorer: CVE-2020-0674 (this was the zero day (defined) vulnerability reported last month).

Microsoft Edge Chromium: ADV200002

Windows Shell (LNK): CVE-2020-0729

Windows Remote Desktop Client: CVE-2020-0681 , CVE-2020-0734

Windows Hyper-V: CVE-2020-0662

Windows Media Foundation: CVE-2020-0738

Please install the remaining updates at your earliest convenience.

As per standard best practice; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

I have also provided further details of updates available for other commonly used applications below.

Thank you.

====================
Mozilla Firefox
====================
Earlier this month Mozilla released Firefox 73 and Firefox ESR (Extended Support Release) 68.5 to address the following vulnerabilities:

Firefox 73.0: Resolves 3x high severity CVEs and 3x moderate severity CVEs

Firefox ESR 68.5: Resolves 2x high severity CVEs and 3x moderate severity CVEs

Firefox 73 brings the following minor features listed below:

A global zoom level configured from the settings menu
Opt-in notification when the use of virtual reality is being requested
A new DNS over HTTP (DoH) (defined) provider was added within Firefox. The new provider, NextDNS can be selected as follows: Select Options -> General -> Network Settings. Scroll down and place a tick/check in the ‘Enable DNS over HTTPs’ box and finally choose from NextDNS as a DoH provider.

====================
Google Chrome
====================
Google made available a security update in early February; resolving 56 vulnerabilities bringing Google Chrome to version 80. A further 2 updates on the 11th and 13th were also released but are not security updates.

Version 80 of Chrome also brings changes to how it handles cookies (defined). Specifically, restricting them to first party access by default and requiring website developers to specify within their code which cookies are allowed to work across websites. In addition, 3rd party cookies will then only be sent over HTTPS. This change was initially announced by Google in May 2019. As Google states “This change also has a significant security benefit for users, protecting cookies from cross-site injection and data disclosure attacks like Spectre and CSRF by default”. Further advice to developers is available in this video.

Separately in late February Google released Chrome version 80.0.3987.122 to address 3 security vulnerabilities, the most severe being a zero day (defined) vulnerability designated CVE-2020-6418 which is a type confusion vulnerability within Chrome’s JavaScript (defined) and Web Assembly (defined) engine known as V8.

====================
Realtek Audio/Sound Card Drivers
====================
In early February, the hardware manufacturer Realtek released an updated audio/sound card driver. This driver addressed a security vulnerability that requires an attacker to have already compromised your Windows system and to have obtained administrative privileges. More information on this vulnerability is available from the security researchers who responsibly disclosed (defined) it to Realtek. The vulnerability has been assigned CVE-2019-19705 by Mitre.

This vulnerability is a DLL search-order hijacking vulnerability (defined) which if exploited could allow an attacker to download and run a malicious executable file on your system. They also have the ability to achieve persistence on your system namely that any malware they install will remain on your system after it is shutdown or restarted.

If your system uses a Realtek audio device (use Windows Device Manager and expand the category named “Sound, video and game controllers” looking for a device with Realtek in its name), please refer to the manufacturer of your desktop, laptop or motherboard for a driver update. If no driver is available, please contact them to request that a driver be made available. As per Realtek’s security advisory, drivers with versions later than 1.0.0.8856 (legacy , non DCH (what is the difference between DCH and standard drivers?) are not vulnerable.

====================
Nvidia
====================
On the 28th of February Nvidia released security updates for its drivers which power their Geforce, Tesla and Quadro/NVS GPUs as well and updates for its vGPU software (for Linux, Windows, Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM, Nutanix AHV). Not all updates for the vGPU software are available at this time but are in progress and will be released over the coming weeks (timelines are provided within Nvidia’s security advisory).

As was the case with November’s security updates all of these vulnerabilities are local vulnerabilities rather than remote meaning that an attacker would first need to compromise your system before exploiting the vulnerabilities to elevate their privileges. The steps to install the drivers are located here. If you use the affected Nvidia graphics cards or software, please consider installing these updates.

====================
Intel Security Advisories
====================
Intel have released a series of security advisories this month. The advisories are prioritised below. If you use any of these products, software or devices, please update them as soon as possible especially in the case of the high severity advisories.

High
Intel CSME Advisory (Intel Management Engine (ME) Firmware)

Medium
Intel RWC3 Advisory
Intel RWC2 Advisory
Intel MPSS Advisory
Intel Renesas Electronics USB 3.0 Driver Advisory

Low
Intel SGX SDK Advisory

====================
VMware
====================
In the latter half of February, VMware released a critical security advisory to address vulnerabilities within the following product:

vRealize Operations for Horizon Adapter

If you use VMware vRealize Operations for Horizon Adapter, please install the applicable security updates (depending upon which version of this product you are using) as soon as possible.

====================
Wireshark
====================
In the final week of February, updates were released for Wireshark (I’ll detail only the 2 most recent versions here):

v3.2.2: Relating to 4 security advisories (relating to 4 CVEs)

v3.0.9: Relating to 3 security advisories (relating to 3 CVEs)

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v3.2.2 or v3.0.9). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

Thank you.

securityinaction

A blog dedicated to sharing security best practice advice for organisations and individuals.

Tag Archives: Microsoft Hyper V

July 2021 Update Summary

May 2021 Update Summary

March 2021 Update Summary

December 2020 Update Summary

Ransomware Seeks to Encrypt your Virtual Machines

November 2020 Update Summary

October 2020 Update Summary

July 2020 Update Summary

April 2020 Update Summary

February 2020 Update Summary