Update now to Chrome 80 to quash an array of security issues
Hello folks, Google Chrome has rolled out Chrome 80 (Chrome 80.0.3987.87) to the Stable channel for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms. This update resolves a bunch of security issues and also contains bug fixes, and new features. What's new? Included in this update are new features such as a new secure-by-default cookie classification system, auto-upgraded mixed content, text URL fragments, SVG favicons, and more. Here's a list of CVEs resolved in this update:
Winodws all set to initiate automatic upgrade to the latest 1909 feature pack
Hi everyone, The support for Windows 10 Home, Pro, Pro Education, and Pro for Workstations editions on 1809 ends May 12, 2020. Microsoft pushes computers running on the October 2018 update, version 1809, to update to the November 2019 update, version 1909 automatically. The process that will initiate this automatic update will be rolled out real soon, says Microsoft. In case of such automatic updates in a diverse network environment, there are high chances of incompatibilities. If you are using
Internet Explorer zero-day vulnerability actively under-attack
Microsoft, on Friday, has published a security advisory detailing a zero-day vulnerability in Internet Explorer that's actively under attack. This vulnerability (CVE-2020-0674) is a scripting engine flaw which when exploited can lead to arbitrary code execution in the context of the current user. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and there is no patch available so far. This forum thread will be updated with the patch information as soon as it's
Patch Tuesday January 2020 updates
Hello everyone, The first Patch Tuesday updates for the year 2020 are here, Let's take a quick look at the updates released New Security Bulletins : 2020-01 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB4534251) 2020-01 Cumulative Security Update for Internet Explorer 10 for Windows Server 2012 (KB4534251) 2020-01 Cumulative Security Update for Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB4534251) 2020-01 Cumulative Security Update for Internet
Gear up for Windows 7 end of life
Hello everyone, As most of you are already aware, Microsoft is pulling the plug on Windows 7 on January 14, 2020. This means that the Patch Tuesday of this month is the last time that free security updates will be released for Windows 7. After this Patch Tuesday, the Windows 7 machines running in your environment will not receive any security updates or tech support. The lack of security updates can put your Windows 7 machines at severe risk. Considering its been over a year since Microsoft announced
Actively Exploited Zero-Day Vulnerability in Mozilla Firefox
A Remote Code Execution vulnerability CVE-2019-17026 in Mozilla Firefox and Firefox ESR is being actively exploited in the wild. This vulnerability was categorized as a type confusion, which is potentially a critical error that could impact data processing. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system. Mozilla's security advisory reads, “Incorrect alias information in
Patch Tuesday - December 2019
Hey guys, Here is a quick run-down on all the updates released this Patch Tuesday New Security Bulletins : 2019-12 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB4530719) 2019-12 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4530692) 2019-12 Security Only Quality Update for Windows Server 2012 (KB4530698) 2019-12 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4530730) 2019-12 Cumulative Update for Windows 10 and
Patch Tuesday December 2019 - Forecast
Hey guys, The last Patch Tuesday of this year is almost here, let's take a quick look at what to expect in December 2019 - Patch Tuesday We can expect the usual monthly rollups and security - only patches from Microsoft. This will ideally include patches for the various operating systems, along with updates for Office, SharePoint server, Internet explorer and .NET There are possibilities for updates from Apple as well in the form of updates for MacOS, iTunes and iCloud for Windows. Google has also
Cyborg Ransomware reported!!
Hello All, A quick heads-up on the spreading cyborg ransomware phishing e-mails. It is not new that intruders make use of trending events to manipulate Internet users into cyber-attacks. Now that Windows has rolled-out its Vanadium 1909 feature pack update, what could be more trending in the cyber-space? So yes, Phishing e-mails are out seeking for victims. The e-mails come with subject lines like "Install Latest Microsoft Windows Update now!" or "Critical Microsoft Windows Update!". Just in
Patch Tuesday November 2019 updates
Hi there, This Patch Tuesday brings the following fixes and updates New Security Bulletins : 2019-11 Security Monthly Quality Rollup for Windows Server 2008 (KB4525234) 2019-11 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 (KB4525235) 2019-11 Security Monthly Quality Rollup for Windows Server 2012 (KB4525246) 2019-11 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 (KB4525243) 2019-11 Cumulative Security Update for Internet Explorer 9 for Windows
Free support for Windows 7 Extended Security Updates (ESU)
Hello everyone, Microsoft has announced the end of life for Windows 7 and Windows Server 2008/2008 R2. This means that you will no longer get bug fixes, security updates, or new functionalities for this version of the OS. We would suggest you to migrate to the latest version of Windows 10 as soon as possible to avoid potential cyber attacks. Incase you are unable to migrate on time or reluctant to upgrade, you can purchase and avail the Extended Security Updates (ESUs) that Microsoft offers for
Patch now! 2 new use-after-free zero day vulnerabilities in Chrome.
Google Chrome decided to spook its users this Halloween by issuing an update that fixes 2 new use-after-free vulnerabilities "CVE-2019-13720" and "CVE-2019-13721", of which CVE-2019-13720 is already exploited in the wild. Use-after-free flaw, which in the least could result in a crash or could be leveraged by an attacker to run arbitrary codes or even enable remote code execution. CVE-2019-13720 - affects the Chrome's audio component. CVE-2019-13721- affects the PDFium library. Google also announced,
"Aw, Snap!" messages in the latest Chrome M78 update
Hello All! The latest Google Chrome M78 update faces a high number of "Aw, Snap!" crashes. This is found to be a result of incompatible older versions of Symantec Endpoint Protection running on the computers on your network. Resolution: Update your Symantec Endpoint Protection to version 14.2 or above. Disable the RendererCodeIntegrityEnabled policy. Listed below are few other applications that might be causing the crash, contact the application vendor for a fix. 1. PC Matic 2. Print Audit
Adobe releases out-of-band security updates in its products
Adobe is considered one of the widely used third-party applications in the market with over 15 million active subscriptions. As announced earlier, Adobe has released out-of-band security updates today to patch a total of 82 security vulnerabilities across products listed below. Adobe Acrobat and Reader Adobe Experience Manager Adobe Experience Manager Forms Adobe Download Manager Of these 82 vulnerabilities, 45 are rated critical and if exploited, attackers can execute arbitrary code in the context
Scan Systems Stuck at "In Progress"
I am using Vulnerability Manager Plus v10.0.337. I am trying to scan 2 PC's that are part of domain. The OS of both machines is Windows 7. The agent is installed on both PC's. The scan is successful on the server that has Vulnerability Manager Plus. PC's can ping to the server, vice versa. .
Patch Tuesday September 2019 updates from ManageEngine
Good day. Quick update on the September 2019 Patch Tuesday. New Security Bulletins : 2019-09 Security Update for Adobe Flash Player for Windows (KB4516115) 2019-09 Security Only Quality Update for Windows Server 2008 (KB4516051) 2019-09 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4516033) 2019-09 Security Only Quality Update for Windows Server 2012 (KB4516062) 2019-09 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4516064) 2019-09 Cumulative
Patch Tuesday August 2019 updates from ManageEngine
Good day. Quick update on the August 2019 Patch Tuesday. New Security Bulletins : 2019-08 Security Only Quality Update for Windows Server 2008 (KB4512491) 2019-08 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4512486) 2019-08 Security Only Quality Update for Windows Server 2012 (KB4512482) 2019-08 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4512489) 2019-08 Cumulative Update for Windows 10 Version 1809 and Windows Server 2019 (KB4511553) 2019-08
July 2019 Patch Tuesday updates
New Security Bulletins : 2019-07 Security Only Quality Update for Windows Server 2008 (KB4507461) (CVE-2019-1132) 2019-07 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4507456) (CVE-2019-1132) 2019-07 Security Only Quality Update for Windows Server 2012 (KB4507464) (CVE-2019-0880) 2019-07 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4507457) (CVE-2019-0880) 2019-07 Cumulative Update for Windows 10 Version 1803 and Windows Server 2016 (1803)
Mozilla fixed Zero-day vulnerabilities in Firefox
Mozilla addressed two zero-day vulnerabilities in Mozilla Firefox that were being used in targeted attacks in the wild. CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox that can result in an exploitable crash. CVE-2019-11708 is a sandbox escape vulnerability. Combining both CVE-2019-11708 and CVE-2019-11707, attackers can perform arbitrary code execution. Thunderbird is also affected but generally cannot be exploited since scripting is disabled when reading mail. Following this,
Microsoft Patch Tuesday updates for June 2019
New Security Bulletins : 2019-06 Security Update for Adobe Flash Player for Windows (KB4503308) 2019-06 Security Only Quality Update for Windows Server 2008 (KB4503287) 2019-06 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4503269) 2019-06 Security Only Quality Update for Windows Server 2012 (KB4503263) 2019-06 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4503290) 2019-06 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
Microsoft releases a fix for the Wormable vulnerability(CVE-2019-0708)
Microsoft released this month's edition of Patch Tuesday with fix for a highly critical vulnerability. This vulnerability (CVE-2019-0708), dubbed "Wormable vulnerability", resides in "Remote Desktop Services" component and could be exploited remotely by sending specially crafted requests over RDP(Remote Desktop Protocol) to a targeted system. This vulnerability is present in Windows 7, Windows Server 2008 R2, Windows Server 2008 and in older versions like Windows XP and Windows 2003 as well.
Critical bug fixes in Google Chrome 74.0.3729.108
The Chrome team has rolled out the latest version Chrome 74.0.3729.108 with a huge list of bug fixes and improvements. This update comes with nearly 39 security fixes. Below is the list of CVE IDs that are mentioned 'Critical' CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 To patch
Remote code execution vulnerability found in Apache Tomcat for Windows
Almots all the major versions (Apache Tomcat 7.x, Apache Tomcat 8.x and Apache Tomcat 9.x ) of the widely used server application Apache Tomcat, are affected with a remote code execution vulnerability (CVE-2019-0232). A Remote code execution vulnerability is a critical vulnerability that allows an attacker to access your system and make changes, no matter where they are. This vulnerability is fixed in the latest update for each Apache Tomcat release. Thererefore, it is imperative that you detect
Apache 2.4.39 to fix important web server vulnerabilities
The CVE-2019-0211, a privilege escalation vulnerability, affecting Apache versions 2.4.17 to 2.4.38 could allow any under-privileged user to execute arbitrary code on the targeted server with root privileges. This vulnerability along with three low and two other important severity issues are addressed in the latest Apache httpd 2.4.39 version. With Vulnerability Manager Plus, you can detect these vulnerabilities and your network servers that are affected by these vulnerabilities. It is advisable
Google Chrome is affected by zero day vulnerabilities
Zero day vulnerabilities have been disclosed for different versions of Chrome. Vulnerability Affected versions Type confusion vulnerability in JSPromise::TriggerPromiseReactions Google Chrome 72.0.3626.96 (Official Build) (64-bit) Google Chrome 74.0.3702.0 (Official Build) dev (64-bit) Type confusion vulnerability in V8TrustedTypePolicyOptions::ToImpl Google Chrome 72.0.3626.81 (Official Build) (64-bit) Internal object leak vulnerability in ReadableStream Not known To know which systems
Microsoft warns BSOD on devices after enabling EUDC
Microsoft has warned that if per font end-user-defined characters (EUDC) is enabled, the system will stop working and a blue screen will appear at startup. But it can be avoided if you don't install the following updates: KB4489894, KB4489890, KB4489888 and KB4489889. Vulnerability Manager Plus has suspended these updates and for users who already have these updates in your endpoints, kindy follow the steps given in the Microsoft's official KB article. https://support.microsoft.com/en-in/help/4496149
Critical updates released for Mozilla Thunderbird, iCloud, and iTunes
Apple and Mozilla have released critical updates in their products — iCloud 7.11.0.19, iTunes 12.9.4.102 and Thunderbird 60.6.1 respectively. Vulnerability Manager Plus now supports patching for these updates. Below are the CVE IDs of the vulnerabilities that are addressed in the latest update for each application. Application: iCloud (7.11.0.19) CVE IDs addressed: CVE-2019-8542,CVE-2019-6232,CVE-2019-8506,CVE-2019-8535,CVE-2019-6201,CVE-2019-8518,CVE-2019-8523,CVE-2019-8524,CVE-2019-8558,CVE-2019-8559,CVE-2019-8563,CVE-2019-8515,CVE-2019-8536,CVE-2019-8544,CVE-2019-7285,CVE-2019-8556,CVE-2019-8503,CVE-2019-7292,CVE-2019-8551,CVE-2019-6236.
Critical security updates released for Firefox 66.0.1
Mozilla has released updates to address two critical vulnerabilities in Firefox 66.0.1 and Firefox 66.6.1 ESR (Extended Support Release). These vulnerabilities, that are addressed in CVE-2019-9810 and CVE-2019-9813, come as fixes for incorrect handling of files in IonMonkey (Mozilla's JIT compiler for SpiderMonkey). Vulnerability Manager Plus now supports these critical Mozilla updates. To patch your Mozilla Firefox with these latest critical updates, look for Patch IDs 309305,309306,309307 and 309309.
Chrome 73 to patch a huge list of critical vulnerabilities
Google Chrome has rolled out Chrome 73 for Windows, Mac and Linux. Around 60 security fixes are included in the Chrome 73.0.3683.75 update. Below is a highlighted list of fixes that address critical vulnerabilities: Workaround: Search for the following patch IDs: 309179 (for 32 bit) ,309181 (for 64) in Vulnerability Manager Plus and deploy them immediately to stay secure against the above mentioned vulnerabilities.
Launching Vulnerability Manager Plus: Hunt down security loopholes with 100% precision
Amp up your endpoint security game with ManageEngine's all-new Vulnerability Manager Plus. Pinpoint, prioritize, and eliminate vulnerabilities with ease. With Vulnerability Manager Plus' 360-degree visibility, you can eliminate blind spots, uncover exposed areas of your network, and seal security loopholes before they lead to a breach. Vulnerability Manager Plus delivers the threat intelligence necessary to predict real risks from a plethora of vulnerabilities, and acts as a strategic partner in