Security News

Two of these vulnerabilities are under active attack. The first of two flaws under attack is a critical vulnerability that exists in the migration tool component of Apex One and OfficeScan.

Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion, and Bridge. A total of 13 flaws were patched in Acrobat and Reader for Windows and macOS, nine of which are rated critical severity, leading to arbitrary code execution in the context of the current user.

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. In this most recent group, Adobe Photoshop had the most vulnerabilities fixed, with 22 CVEs addressed overall, 16 of which were critical: "Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical and important vulnerabilities," according to Adobe's advisory.

Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical.

Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical.

VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system. "Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine," VMware said in an advisory.

CyberArk, the global leader in privileged access management, announced expanded capabilities of CyberArk Alero to support emerging business continuity priorities. Building on its core use case of enabling privileged access for remote vendors, Alero, a SaaS-based solution combining Zero Trust access and biometric multi-factor authentication, now allows remote employees simple and secure access to critical systems managed by CyberArk. Securing access for remote workers is a critical element of business continuity strategies.

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The latest vulnerability, for which a patch update is now available on the Microsoft website, exists in the way SMBv3 protocol handles requests with compression headers, making it possible for unauthenticated remote attackers to execute malicious code on target servers or clients with SYSTEM privileges.

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The latest vulnerability, for which a patch update is now available on the Microsoft website, exists in the way SMBv3 protocol handles requests with compression headers, making it possible for unauthenticated remote attackers to execute malicious code on target servers or clients with SYSTEM privileges.

By turning on this capability, these customers' IT teams can ensure uninterrupted remote access to corporate networks, business applications and data for remote workers amid the global coronavirus outbreak. "As we hear from customers globally that they are encouraging more employees and/or students to work and study remotely, never has there been a more critical time for ensuring security controls remain installed and effective," said Christy Wyatt, President and CEO at Absolute.