Security News

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

Uncle Sam's Cybersecurity and Infrastructure Security Agency has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take "Immediate and emergency action" to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Microsoft's Netlogon cryptography.

E-commerce sites using the WordPress plugin Discount Rules for WooCommerce are being urged to patch two high-severity cross-site scripting flaws that could allow an attacker to hijack a targeted site. According to Flycart Technologies, Discount Rules for WooCommerce enables the 3.3 million active WooCommerce merchants to use the add-on to streamline customer discounts and manage dynamic pricing.

Apple has patched nearly a dozen vulnerabilities and it has introduced new privacy features with the release of iOS 14 and iPadOS 14 this week. The issues could result in applications causing a system crash or writing kernel memory, identifying other installed applications, leaking user information, or accessing restricted files; may allow attackers to download malicious content, execute arbitrary code, or view notification contents from the lockscreen; may lead to arbitrary code execution or a cross-site scripting attack; may allow a user to read kernel memory; or could result in the screen lock not engaging after the specified time period.

If you have CentOS servers in your data center, you'll want to make sure to patch them against BootHole. Jack Wallen shows you how.

Intel this week released security patches to address a critical vulnerability in Active Management Technology and Intel Standard Manageability. The bug, which Intel calls improper buffer restrictions in network subsystems, could be abused by unauthorized users to escalate privileges via network access in provisioned AMT and ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39.

This month's patch Tuesday includes patches for 15 Microsoft products, including 23 critical CVEs. Microsoft has addressed 129 security issues as part of its September 2020 Patch Tuesday update.

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. Todd Schell at Ivanti reminds us that Patch Tuesday isn't just about Windows updates: Google has shipped a critical update for its Chrome browser that resolves at least five security flaws that are rated high severity.

Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. Another critical RCE vulnerability that should be prioritized for patching is CVE-2020-1210, which exists in SharePoint due to a failure to check an application package's source markup.

Trend Micro Zero Day Initiative's Dustin Childs says that patching CVE-2020-16875, a memory corruption vulnerability in Microsoft Exchange, should be top priority for organizations using the popular mail server. CVE-2020-0922, a RCE in Microsoft COM, should also be patched quickly on all Windows and Windows Server systems.