Critical remote code execution vulnerability in Windows DNS server (CVE-2020-1350)
Hello there, Patch Tuesday July 2020 comes with a fix for the critical vulnerability CVE-2020-1350 in Windows DNS Server. This vulnerability is classified 'wormable' and has been given a CVSS score of 10. Cause of this vulnerability: This vulnerability exists due to the improper handling of requests by Windows Domain Name System (DNS) Servers. Impact of this vulnerability: To exploit this vulnerability, an unauthenticated attacker should send malicious requests to a Windows DNS server.
Patch Tuesday July 2020 - Supported updates
Hello everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-07 Servicing Stack Update for Windows 10 Version 1809 and Windows Server 2019 (KB4558997) 2020-07 Servicing Stack Update for Windows 10 Version 1803 (KB4565552) 2020-07 Servicing Stack Update for Windows 10 Version 1709 (KB4565553) 2020-07 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4565554) 2020-07 Servicing Stack Update for Windows 10 Version
Google stable channel updated to 84.0.4147.89
Hello everyone, Chrome 84 has been updated to stable channel 84.0.4147.89 for Windows, Mac, and Linux. Various security issues have been fixed with this release, the details of which are as follows: CVE-ID Vulnerability details Severity CVE-2020-6510 Heap buffer overflow in background fetch Critical CVE-2020-6511 Side-channel information leakage in content security policy High CVE-2020-6512 Type Confusion in V8 High CVE-2020-6513 Heap buffer overflow in PDFium High
Google releases chrome stable channel update 83.0.4103.116
Hello everyone, Google has updated its chrome stable channel to 83.0.4103.116 for Windows, Mac, and Linux. This following high severity vulnerability has been fixed in this release. CVE-2020-6509: Use-after-free in extensions To patch this vulnerability using Vulnerability Manager Plus, initiate a sync between the Patch Database and Vulnerability Manager Plus server. Once this is done, search for the following Patch IDs or Bulletin ID and install them in target systems. Patch ID Bulletin
Chrome stable channel update fixes 3 vulnerabilities
Hello folks, Google has updated its chrome stable channel to 83.0.4103.106 for Windows, Mac, and Linux. This update comes with fixes for three vulnerabilities. The details of these vulnerabilities are as follows: CVE ID Vulnerability Severity CVE-2020-6505 Use after free in speech High CVE-2020-6506 Insufficient policy enforcement in WebView High CVE-2020-6507 Out of bounds write in V8 High To install this update using Vulnerability Manager Plus, initiate a sync between the Patch Database
Windows SMB protocol hit again by a new critical vulnerability - SMBleed
Hello everyone, A mere three months after patching a wormable SMBv3 vulnerability dubbed SMBGhost (CVE-2020-0796), cybersecurity researchers have identified another similar vulnerability in Windows SMB protocol. This vulnerability is called SMBleed (CVE-2020-1206) and has a severity rating score of 10. What is SMBleed? SMBleed is a new critical wormable vulnerability found in the Windows Server Message Block (SMB) protocol. This vulnerability allows attackers to leak kernel memory remotely. SMBleed
Patch Tuesday June 2020 - Supported updates
Hello everyone, This month, we are witnessing the largest ever Patch Tuesday with 129 security fixes. Here is the list of supported updates New Security Bulletins : 2020-06 Security Update for Adobe Flash Player for Windows (KB4561600) 2020-06 Security Only Quality Update for Windows Server 2008 (KB4561645) (ESU) 2020-06 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4561669) (ESU) 2020-06 Security Only Quality Update for Windows Server 2012 (KB4561674) 2020-06 Security
Chrome releases security updates to fix critical vulnerabilities
Hello everyone, Chrome has updated its stable channel to 83.0.4103.97 for Windows, Mac, and Linux. This update comes with security fixes for several vulnerabilities. The details of the vulnerabilities are as follows: CVE ID Vulnerabilities Severity CVE-2020-6493 Use after free in WebAuthentication High CVE-2020-6494 Incorrect security UI in payments High CVE-2020-6495 Insufficient policy enforcement in developer tools High CVE-2020-6496 Use after free in payments High To patch these vulnerabilities
Mozilla releases security fixes for Firefox 77
Hello everyone, Mozilla has released security fixes for vulnerabilities in Firefox 77. The details of the vulnerabilities fixed are as follows CVE ID Vulnerability Severity CVE-2020-12399 Timing attack on DSA signatures in NSS library High CVE-2020-12405 Use-after-free in SharedWorkerService High CVE-2020-12406 JavaScript type confusion with NativeTypes High CVE-2020-12407 WebRender leaking GPU memory when using border-image CSS directive Moderate CVE-2020-12408 URL spoofing when using IP
Rollout of Windows 10 2004 Feature updates
Hello All, A Quick heads-up, Microsoft has released its Windows 10 2004 feature updates for users. Below you can find a few highlights of this feature update. Fast identity authentication through Windows Hello is now supported across all major browsers. Windows Defender system guard enables a higher level of firmware protection. Setup Diag is automatically installed. Improvements in Windows Powershell cmdlets. Go ahead and read this document to know what the pre-requisites are and how
Chrome 83.0.4103.61 fixes 38 security flaws
Hello everyone, The latest stable version of the web browser ' Google Chrome ', version 83.0.4103.61, aka Chrome 83, is released for Windows, Mac and Linux. This update contains 38 security fixes and packs a number of new features including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature. Here's a quick glance at the list
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Critical issue while deploying Cisco Webex patch
Hello everyone, The Cisco Webex patch with Patch ID 313977 was released on Apr-28-2020 at 04:40 pm GMT. Regrettably, on installing this patch in certain machines, few of our customers got in touch with us stating a few issues. Following this, the patch was removed from the Vulnerability Manager Plus repository on the morning of Apr-29-2020, for further analysis of the situation. Issue when deploying Cisco Webex patch: Customers who have synced the database and deployed the Cisco Webex patch
Chrome fixes critical vulnerabilities in the latest stable channel update
Hello everyone, Google Chrome stable channel has been updated to 81.0.4044.129 for Windows, Mac, and Linux. This update comes with security fixes for two critical vulnerabilities. The details of the vulnerabilities are as follows: CVE-ID Vulnerability Severity CVE-2020-6461 Use after free in storage High CVE-2020-6462 Use after free in task scheduling High To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. Search
Chrome releases stable channel update to address critical vulnerabilities
Hello everyone, Google has updated its Chrome stable channel to 81.0.4044.122 for Windows, Mac, and Linux. This update comes with fixes for three critical vulnerabilities CVE ID Vulnerability Severity CVE-2020-6458 Out of bounds read and write in PDFium High CVE-2020-6459 Use after free in payments High CVE-2020-6460 Insufficient data validation in URL formatting High To patch these vulnerabilities using Vulnerability Manager Plus, initiate a sync between the Vulnerability Manager Plus server
Google chrome patches critical vulnerability - CVE-2020-6457
Hello folks, Chrome has updated its stable channel to 81.0.4044.113 for Windows, Mac, and Linux systems. This update includes the security fix for the critical vulnerability CVE-2020-6457. This is a use-after free vulnerability in Speech recognizer component in Google Chrome. A remote attacker who exploits this vulnerability can create a specially crafted web page and trick victims into clicking it, triggering the use-after-free error to execute arbitrary codes on the target systems. Initiate
Patch Tuesday April 2020 - updates breakdown
Hello guys, Here is a quick breakdown of the April Patch Tuesday updates New Security Bulletins : 2020-04 Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809 (KB4549947) 2020-04 Servicing Stack Update for Windows 10 Version 1607 and Windows Server 2016 (KB4550994) 2020-04 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4552152) 2020-04 Servicing Stack Update for Windows 10 Version 1909 and Windows Server, version 1909 (KB4552152) 2020-04
Firefox 75 and Firefox ESR 68.7 fix high severity vulnerabilities
Firefox rolled out the latest stable version Firefox 75.0 and its corresponding ESR version Firefox ESR 68.7 to fix a number of vulnerabilities found in their earlier versions. Here's a list of CVEs fixed and their details: CVE ID Severity Vulnerability Description Fixed in CVE-2020-6828 High Preference overwrite via crafted Intent from malicious Android application Firefox ESR 68.7 CVE-2020-6827 High Custom Tabs in Firefox for Android could have the URI spoofed Firefox ESR 68.7 CVE-2020-6821
Mozilla fixes 2 wildly exploited zero-day vulnerabilities in Firefox
Mozilla has released fixes for 2 zero-day vulnerabilities in Firefox. The fixes are available in the newly released version of the browser, Firefox 74.0.1.The updated version fixes the vulnerabilities CVE-2020-6819 and CVE-2020-6820 Vulnerability and impact Both CVE-2020-6819 and CVE-2020-6820 are use-after-free vulnerabilities and occur due to improper memory space management by Firefox. These bugs when exploited allow the hacker to write codes into Firefox's memory and have it executed in the
Zoom issued fix for an UNC vulnerability that compromises Windows credentials
Zoom patched a fatal flaw in the Zoom Windows client that allows attackers to use its chat feature to share malicious links that once clicked will leak the Windows network credentials of the victim. Such attacks are possible because Zoom for Windows not only converts normal URLs into a clickable link but also Windows networking Universal Naming Convention (UNC) paths. UNC is used to locate a network resource, such as a file hosted on an attacker-controlled SMB (Server Message Block) server. When
Google Chrome releases Stable Channel Update
Hello guys, Google Chrome has updated its stable channel to 80.0.3987.162 for Windows, Mac, and Linux systems. This update also includes 8 security fixes. Below are the fixes that require immediate attention CVE ID Severity Vulnerability CVE-2020-6450 High Use after free in WebAudio CVE-2020-6451 High Use after free in WebAudio CVE-2020-6452 High Heap buffer overflow in media Initiate a sync between the Vulnerability Manager Plus server and the Central Vulnerability database
All Windows versions compromised due to critical Zero-day vulnerabilities
Hello folks, Two critical zero-day vulnerabilities have been discovered in Windows Adobe Type Manager Library. Both these vulnerabilities are unpatched and allows attackers to take remote control of the systems affected (Remote Code Execution vulnerability). As of now, the attacks are not widespread and only limited targeted systems are hit. Versions affected All versions of the Windows Operating system is susceptible to attacks including Windows version 10, 8.1, 7, and Server 2008, 2012, 2016,
Remote Access Plus for remote work
Due to the recent outbreak of COVID-19, most global enterprises are adopting work from home policies. Organizations may extend their remote work operations well into the future to keep their employees safe. This is the new normal for IT administrators, who now have to work around the clock to monitor all of their enterprise’s endpoints remotely. The go-to solution for IT technicians is ManageEngine Remote Access Plus, which can help you adapt to remote work culture. Benefits of having this remote
Google Chrome releases stable version 80.0.3987.149
Hello folks, Google Chrome has recently updated the stable channel to 80.0.3987.149. This version comes with fixes for 13 security bugs, of which nine are rated High in severity. The CVE IDs of the patches released are as follows. CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2019-20503 CVE-2020-6449 Vulnerability Manager Plus now supports Google Chrome's latest version 80.0.3987.149 for Windows, Mac, and Linux. If you're looking
Critical vulnerabilities fixed in Adobe Reader and Acrobat
Hello folks, The lack of Adobe updates in the March Patch Tuesday might have come as a surprise to many of us. However a week from Patch Tuesday, Adobe has released updates to fix 13 vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. 9 of them are rated 'Critical'. Affected versions These versions are applicable for both Windows and mac platforms Acrobat DC Continuous 2020.006.20034 and earlier versions Acrobat Reader DC Continuous 2020.006.20034 and earlier versions Acrobat
"EternalDarkness" - unpatched SMB v3 compression RCE bug details leaked
Microsoft has announced in its security advisory the details of a remote code execution vulnerability(RCE), tracked as (CVE-2020-0796) in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles connections that use compression. This vulnerability has been named 'EternalDarkness' and 'SMBGhost', along the lines of the EternalBlue exploit that leveraged the SMB vulnerability to launch the 2017 WannaCry ransomware. Affected products: Product Version Windows Server Version
"Out-of-band" fix rolled out for the leaked Eternal Darkness bug
Hello folks, Earlier in March 2020 Patch Tuesday, Microsoft has announced a security advisory on an unpatched vulnerability in the SMBv3 protocol (CVE-2020-0796) with a temporary workaround in place. Now a fix is available for this vulnerability as KB4551762, for Windows 10, versions 1903 and 1909, and Windows Server 2019, versions 1903 and 1909. Microsoft strongly recommends that you install the updates for this vulnerability. In case you have applied the workaround published earlier and wish
March 2020 Patch Tuesday updates
Hello folks, Good day. Quick update on the March 2020 Patch Tuesday. New Security Bulletins : 2020-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB4541506) (ESU) 2020-03 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB4540688) (ESU) 2020-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4541510) 2020-03 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 for
Critical vulnerabilities fixed in Mozilla Firefox 74 and Firefox ESR 68.6
March updates include two advisories from Mozilla, one for Firefox 74 and one for Firefox ESR 68.6, featuring 6 CVEs rated as high. Product Title CVE ID Severity Firefox 74 & Firefox ESR 68.6 Use-after-free when removing data about origins CVE-2020-6805 High Firefox 74 & Firefox ESR 68.6 BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6806 High Firefox 74 & Firefox ESR 68.6 Use-after-free in cubeb during stream destruction CVE-2020-6807 High Firefox 74
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge number of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, Fix for the Remote Code Execution vulnerability in Vulnerability Manager Plus has been released in the build 100346 This hotfix is available at https://www.manageengine.com/vulnerability-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support Regards, Team ManageEngine
Critical PPP Daemon vulnerability opens up Linux systems to RCE attacks
Hello guys, The US-CERT has issued an advisory warning users of the new remote code execution (RCE) vulnerability CVE-2020-8597, affecting the PPPD (Point-to-Point Protocol Daemon) installed in almost all flavors of Linux based systems. Other than Linux systems, this vulnerability also affects few other networking applications and devices such as Cisco CallManager, TP-Link products, Synology, and OpenWRT Embedded OS. The vulnerability The vulnerability CVE-2020-8597 exists due to an error in
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
Google Chrome critical updates
Hello folks, On February 24, Google released a new stable channel update 80.0.3987.122, for Windows, Mac, and Linux. This was done to address several vulnerabilities in Google chrome. There were 3 security updates released out of which CVE-2020-6418 is rumored to be exploited in the wild. Google further affirms this saying that they were aware this exploit existed in the wild and could have been exploited as a zero-day. List of the security updates released: CVE-2020-6407: Out of bounds memory
Problematic updates found in February Patch Tuesday release
Hello everyone, Three standalone security updates released as part of the February Patch Tuesday cycle were found to be problematic. Known issues in KB4524244: The security update KB4524244 released for all versions of Windows 10 addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability. Microsoft has confirmed at least two known issues in the KB4524244: Using the “Reset this PC” feature,
Firefox 73 released with fixes for high-severity security vulnerabilities
Hello everyone, Mozilla has released Firefox 73 to the stable desktop channel for Windows, macOS, and Linux operating systems with several new features and security fixes for some high-severity vulnerabilities. What's new in Firefox 73? Following are the new features included in the latest release of Mozilla Firefox. Global default zoom setting High contrast theme improvements Improved audio quality New DoH provider - Next DNS and more Security vulnerabilities fixed Here's the list
Patch Tuesday Updates for February 2020!
Hello everyone, Given below are all the updates released on this month's Patch Tuesday! New Security Bulletins : 2020-02 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4538674) 2020-02 Servicing Stack Update for Windows 10 Version 1909 and Windows Server, version 1909 (KB4538674) 2020-02 Servicing Stack Update for Windows 7 and Windows Server 2008 R2 (KB4537829) (ESU) 2020-02 Servicing Stack Update for Windows Server 2008 (KB4537830) (ESU) 2020-02 Cumulative
Next Page