May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in your target
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Critical issue while deploying Cisco Webex patch
Hello everyone, The Cisco Webex patch with Patch ID 313977 was released on Apr-28-2020 at 04:40 pm GMT. Regrettably, on installing this patch in certain machines, few of our customers got in touch with us stating a few issues. Following this, the patch was removed from the Patch Manager Plus repository on the morning of Apr-29-2020, for further analysis of the situation. Issue when deploying Cisco Webex patch: Customers who have synced the database and deployed the Cisco Webex patch in the
Chrome fixes critical vulnerabilities in the latest stable channel update
Hello everyone, Google Chrome stable channel has been updated to 81.0.4044.129 for Windows, Mac, and Linux. This update comes with security fixes for two critical vulnerabilities. The details of the vulnerabilities are as follows: CVE-ID Vulnerability Severity CVE-2020-6461 Use after free in storage High CVE-2020-6462 Use after free in task scheduling High To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. Search for the
Chrome releases stable channel update to address critical vulnerabilities
Hello everyone, Google has updated its Chrome stable channel to 81.0.4044.122 for Windows, Mac, and Linux. This update comes with fixes for three critical vulnerabilities CVE ID Vulnerability Severity CVE-2020-6458 Out of bounds read and write in PDFium High CVE-2020-6459 Use after free in payments High CVE-2020-6460 Insufficient data validation in URL formatting High To patch these vulnerabilities using Patch Manager Plus, initiate a sync between the Patch Manager Plus server and the Central
Google chrome patches critical vulnerability - CVE-2020-6457
Hello folks, Chrome has updated its stable channel to 81.0.4044.113 for Windows, Mac, and Linux systems. This update includes the security fix for the critical vulnerability CVE-2020-6457. This is a use-after free vulnerability in Speech recognizer component in Google Chrome. A remote attacker who exploits this vulnerability can create a specially crafted web page and trick victims into clicking it, triggering the use-after-free error to execute arbitrary codes on the target systems. Initiate
Patch Tuesday April 2020 - updates breakdown
Hello guys, Here is a quick breakdown of the April Patch Tuesday updates New Security Bulletins : 2020-04 Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809 (KB4549947) 2020-04 Servicing Stack Update for Windows 10 Version 1607 and Windows Server 2016 (KB4550994) 2020-04 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4552152) 2020-04 Servicing Stack Update for Windows 10 Version 1909 and Windows Server, version 1909 (KB4552152) 2020-04
Firefox 75 and Firefox ESR 68.7 fix high severity vulnerabilities
Firefox rolled out the latest stable version Firefox 75.0 and its corresponding ESR version Firefox ESR 68.7 to fix a number of vulnerabilities found in their earlier versions. Here's a list of CVEs fixed and their details: CVE ID Severity Vulnerability Description Fixed in CVE-2020-6828 High Preference overwrite via crafted Intent from malicious Android application Firefox ESR 68.7 CVE-2020-6827 High Custom Tabs in Firefox for Android could have the URI spoofed Firefox ESR 68.7 CVE-2020-6821
Mozilla fixes 2 wildly exploited zero-day vulnerabilities in Firefox
Mozilla has released fixes for 2 zero-day vulnerabilities in Firefox. The fixes are available in the newly released version of the browser, Firefox 74.0.1.The updated version fixes the vulnerabilities CVE-2020-6819 and CVE-2020-6820 Vulnerability and impact Both CVE-2020-6819 and CVE-2020-6820 are use-after-free vulnerabilities and occur due to improper memory space management by Firefox. These bugs when exploited allow the hacker to write codes into Firefox's memory and have it executed in the
Zoom issued fix for an UNC vulnerability that compromises Windows credentials
Zoom patched a fatal flaw in the Zoom Windows client that allows attackers to use its chat feature to share malicious links that once clicked will leak the Windows network credentials of the victim. Such attacks are possible because Zoom for Windows not only converts normal URLs into a clickable link but also Windows networking Universal Naming Convention (UNC) paths. UNC is used to locate a network resource, such as a file hosted on an attacker-controlled SMB (Server Message Block) server. When
Google Chrome releases Stable Channel Update
Hello guys, Google Chrome has updated its stable channel to 80.0.3987.162 for Windows, Mac, and Linux systems. This update also includes 8 security fixes. Below are the fixes that require immediate attention CVE ID Severity Vulnerability CVE-2020-6450 High Use after free in WebAudio CVE-2020-6451 High Use after free in WebAudio CVE-2020-6452 High Heap buffer overflow in media Initiate a sync between the Patch Manager Plus server and the Central Vulnerability database and search
All Windows versions compromised due to critical Zero-day vulnerabilities
Hello folks, Two critical zero-day vulnerabilities have been discovered in Windows Adobe Type Manager Library. Both these vulnerabilities are unpatched and allows attackers to take remote control of the systems affected (Remote Code Execution vulnerability). As of now, the attacks are not widespread and only limited targeted systems are hit. Versions affected All versions of the Windows Operating system is susceptible to attacks including Windows version 10, 8.1, 7, and Server 2008, 2012, 2016,
Patch Manager and Office365 Channel Updates
We are currently researching why some endpoints are missing patches to Office products despite PM telling us that there are no patches left to deploy. Is there something different we need to do with Patch Manager as we use Office365 ProPlus which use Channel Updates. Will PM collect from Channel Updates?
Remote Access Plus for remote work
Due to the recent outbreak of COVID-19, most global enterprises are adopting work from home policies. Organizations may extend their remote work operations well into the future to keep their employees safe. This is the new normal for IT administrators, who now have to work around the clock to monitor all of their enterprise’s endpoints remotely. The go-to solution for IT technicians is ManageEngine Remote Access Plus, which can help you adapt to remote work culture. Benefits of having this remote
Google Chrome releases stable version 80.0.3987.149
Hello folks, Google Chrome has recently updated the stable channel to 80.0.3987.149. This version comes with fixes for 13 security bugs, of which nine are rated High in severity. The CVE IDs of the patches released are as follows. CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2019-20503 CVE-2020-6449 Patch Manager Plus now supports Google Chrome's latest version 80.0.3987.149 for Windows, Mac, and Linux. If you're looking to update
Critical vulnerabilities fixed in Adobe Reader and Acrobat
Hello folks, The lack of Adobe updates in the March Patch Tuesday might have come as a surprise to many of us. However a week from Patch Tuesday, Adobe has released updates to fix 13 vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. 9 of them are rated 'Critical'. Affected versions These versions are applicable for both Windows and mac platforms Acrobat DC Continuous 2020.006.20034 and earlier versions Acrobat Reader DC Continuous 2020.006.20034 and earlier versions Acrobat
"EternalDarkness" - unpatched SMB v3 compression RCE bug details leaked
Microsoft has announced in its security advisory the details of a remote code execution vulnerability(RCE), tracked as (CVE-2020-0796) in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles connections that use compression. This vulnerability has been named 'EternalDarkness' and 'SMBGhost', along the lines of the EternalBlue exploit that leveraged the SMB vulnerability to launch the 2017 WannaCry ransomware. Affected products: Product Version Windows Server Version
"Out-of-band" fix rolled out for the leaked Eternal Darkness bug
Hello folks, Earlier in March 2020 Patch Tuesday, Microsoft has announced a security advisory on an unpatched vulnerability in the SMBv3 protocol (CVE-2020-0796) with a temporary workaround in place. Now a fix is available for this vulnerability as KB4551762, for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909. Microsoft strongly recommends that you install the updates for this vulnerability. In case you have applied the workaround published earlier and wish
March 2020 Patch Tuesday updates
Hello folks, Good day. Quick update on the March 2020 Patch Tuesday. New Security Bulletins : 2020-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB4541506) (ESU) 2020-03 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB4540688) (ESU) 2020-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4541510) 2020-03 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 for
Critical vulnerabilities fixed in Mozilla Firefox 74 and Firefox ESR 68.6
March updates include two advisories from Mozilla, one for Firefox 74 and one for Firefox ESR 68.6, featuring 6 CVEs rated as high. Product Title CVE ID Severity Firefox 74 & Firefox ESR 68.6 Use-after-free when removing data about origins CVE-2020-6805 High Firefox 74 & Firefox ESR 68.6 BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6806 High Firefox 74 & Firefox ESR 68.6 Use-after-free in cubeb during stream destruction CVE-2020-6807 High Firefox 74
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge numbers of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, The fix for Remote Code Execution vulnerability in Patch Manager Plus has been released in the build 100426 This hotfix is available at https://www.manageengine.com/patch-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support. Regards, Team ManageEngine
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
Problematic updates found in February Patch Tuesday release
Hello everyone, Three standalone security updates released as part of the February Patch Tuesday cycle were found to be problematic. Known issues in KB4524244: The security update KB4524244 released for all versions of Windows 10 addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability. Microsoft has confirmed at least two known issues in the KB4524244: Using the “Reset this PC” feature,
Firefox 73 released with fixes for high-severity security vulnerabilities
Hello everyone, Mozilla has released Firefox 73 to the stable desktop channel for Windows, macOS, and Linux operating systems with several new features and security fixes for some high-severity vulnerabilities. What's new in Firefox 73? Following are the new features included in the latest release of Mozilla Firefox. Global default zoom setting High contrast theme improvements Improved audio quality New DoH provider - Next DNS and more Security vulnerabilities fixed Here's the list
Patch Tuesday Updates for February 2020
Hello everyone! Given below all the updates released for this month's Patch Tuesday. New Security Bulletins : 2020-02 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4538674) 2020-02 Servicing Stack Update for Windows 10 Version 1909 and Windows Server, version 1909 (KB4538674) 2020-02 Servicing Stack Update for Windows 7 and Windows Server 2008 R2 (KB4537829) (ESU) 2020-02 Servicing Stack Update for Windows Server 2008 (KB4537830) (ESU) 2020-02 Cumulative Update
Patch Tuesday Forecast for February 2020!
Hi everyone! There are some major updates from Microsoft coming our way this Patch Tuesday. As per usual, OS and office updates are scheduled but in addition, there's going to be special attention given to SharePoint, Exchange and SQL components as well. With Valentine's day nearly underway, tune in to ManageEngine's FREE Patch Tuesday webinar this February 13th to get the scoop on which patches are the perfect match for your endpoints! Register now! Cheers from ManageEngine
Update now to Chrome 80 to quash an array of security issues
Hello folks, Google Chrome has rolled out Chrome 80 (Chrome 80.0.3987.87) to the Stable channel for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms. This update resolves a bunch of security issues and also contains bug fixes, and new features. What's new? Included in this update are new features such as a new secure-by-default cookie classification system, auto-upgraded mixed content, text URL fragments, SVG favicons, and more. Here's a list of CVEs resolved in this update: CVE-2019-18197
Win10 1909 via Enablement Package
Hi, Microsoft's way of upgrading from Win10 1903 to 1909 is via an enablement package KB4517245 which toggles on features already installed in the October cumulative update - see https://support.microsoft.com/en-gb/help/4517245/feature-update-via-windows-10-version-1909-enablement-package However I don't see KB4517245 in PMP. PMP's method of updating seems to require a 1909 ISO and be a full blown heavyweight re-imaging of the OS. I'd prefer to use the enablement package option as it should be quicker,
Windows all set to initiate automatic upgrade to the latest 1909 feature pack
Hi everyone, The support for Windows 10 Home, Pro, Pro Education, and Pro for Workstations editions on 1809 ends May 12, 2020. Microsoft pushes computers running on the October 2018 update, version 1809, to update to the November 2019 update, version 1909 automatically. The process that will initiate this automatic update will be rolled out real soon, says Microsoft. In case of such automatic updates in a diverse network environment, there are high chances of incompatibilities. If you are using
Internet Explorer zero-day vulnerability actively under-attack
Microsoft, on Friday, has published a security advisory detailing a zero-day vulnerability in Internet Explorer that's actively under attack. This vulnerability (CVE-2020-0674) is a scripting engine flaw which when exploited can lead to arbitrary code execution in the context of the current user. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and there is no patch available so far. This forum thread will be updated with the patch information as soon as it's
Patch Tuesday January 2020 updates
Hello everyone, The first Patch Tuesday updates for the year 2020 are here, Let's take a quick look at the updates released New Security Bulletins : 2020-01 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB4534251) 2020-01 Cumulative Security Update for Internet Explorer 10 for Windows Server 2012 (KB4534251) 2020-01 Cumulative Security Update for Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB4534251) 2020-01 Cumulative Security Update for Internet
Gear up for Windows 7 end of life
Hello everyone, As most of you are already aware, Microsoft is pulling the plug on Windows 7 on January 14, 2020. This means that the Patch Tuesday of this month is the last time that free security updates will be released for Windows 7. After this Patch Tuesday, the Windows 7 machines running in your environment will not receive any security updates or tech support. The lack of security updates can put your Windows 7 machines at severe risk. Considering its been over a year since Microsoft announced
Patch Tuesday Forecast for January 2020!
Hi everyone! Insider information regarding an essential security release by Microsoft has elevated the anticipation for this month's Patch Tuesday to an all time high. Rumors have surfaced that updates to address a significant vulnerability will be released this January 14th 2020, that applies to ALL Windows versions and will address a potentially dire flaw present in key cryptographic elements. Allegedly, fixes have been discreetly dispatched to only military and other key enterprises till
Actively Exploited Zero-day Vulnerability in Mozilla Firefox
A Remote Code Execution vulnerability CVE-2019-17026 in Mozilla Firefox and Firefox ESR is being actively exploited in the wild. This vulnerability was categorized as a type confusion, which is potentially a critical error that could impact data processing. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. Mozilla's security advisory reads, “Incorrect alias information
Planned maintenance of our US Data center on Dec 19th & 21st
Dear Customers, We have planned a network infrastructure upgrade on our primary Data center in the USA on Dec 19, 2019 from 6:30 PM to 10:00 PM PST and Dec 21st, 2019 from 6:30 PM to 10:00 PM PST. During this upgrade, we will be switching Patch Manager Plus, Mobile Device Manager Plus, and Remote Access Plus from the endpoint management suite to our secondary Data Center to ensure that our services continue functioning. We do not expect any disturbances to the services during this period, but should
Patch Tuesday - December 2019 updates
Hey guys, Here is a quick run-down on all the updates released this Patch Tuesday New Security Bulletins : 2019-12 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB4530719) 2019-12 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4530692) 2019-12 Security Only Quality Update for Windows Server 2012 (KB4530698) 2019-12 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4530730) 2019-12 Cumulative Update for Windows 10 and
Next Page