Security News

Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw. Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.

Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. The three TCP/IP security vulnerabilities impact computers running Windows client and server versions starting with Windows 7 and higher.

Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day. With today's update, Microsoft has fixed for 56 vulnerabilities, with eleven classified as Critical, two as Moderate, and 43 as Important.

SolarWinds Orion exploited by another group of state-sponsored hackersAnother group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday. February 2021 Patch Tuesday forecast: The human communication aspectWe spend a lot of time each month discussing the technical details surrounding vulnerabilities, software updates, and the tools we use for patch management in our organizations.

Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser. The phrase "Exploit exists in the wild" is shorthand for "The crooks found this vulnerability before we did and are already using it in real-life attacks".

We spend a lot of time each month discussing the technical details surrounding vulnerabilities, software updates, and the tools we use for patch management in our organizations. It is critical that these application owners and administrators have a direct and ongoing channel of communication with the security analysts and IT administrators to ensure they are in 'lock step' as they identify critical vulnerabilities, prioritize the patches, and execute the updates to protect their infrastructure.

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws - tracked from CVE-2021-1289 through CVE-2021-1295 - impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02.

Bug hunter Tavis Ormandy of Google's Project Zero just discovered a dangerous bug in the GNU Privacy Guard team's libgcrypt encryption software. The libgcrypt library is an open-source toolkit that anyone can use, but it's probably best known as the encryption library used by the GNU Privacy Guard team's own widely deployed GnuPG software.

The identified bug is a heap buffer overflow and it's considered rather serious because it's easily exploitable. "Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs," explains Werner Koch, principal developer of GnuPGP in the security advisory.

Cisco SD-WAN Buffer Overflow Vulnerabilities: Systems running the Cisco SD-WAN software - such as SD-WAN vEdge Routers - can be exploited "By sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed." A successful attack can result in the execution of arbitrary code on the underlying operating system with root privileges, which means you basically hand over the gear to a stranger. Cisco SD-WAN Command Injection Vulnerabilities: These can be exploited by authenticated users to gain root-level privileges on a system running the vulnerable software.