Security News

Zoom is working on resolving a remote code execution vulnerability affecting the Windows client, but a third-party fix has been made available for users who don't want to wait for the official patch. On Thursday, ACROS Security announced the availability of a micro-patch for a remote code execution vulnerability in Zoom Client for Windows.

Despite these record CVE numbers, the actual number of updates have been down; we haven't seen Exchange or SQL Server updates in a while. Keep your eyes open on Tuesday to see if these CVEs show up in the cumulative monthly update.

UPDATE. A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The company told Threatpost: "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.".

Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks' networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more. Last week, F5 Networks issued urgent patches for the critical remote code-execution flaw, which has a CVSS score of 10 out of 10.

Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs. The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface.

Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457, are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer.

Palo Alto Networks has patched a critical and easily exploitable vulnerability affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible. Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0.

In contrast, a high-end GPU might have 2000 to 5000 cores, but they aren't each able to run completely different instructions at the same time. Servers fitted with GPUs probably need two sets of patches, covering both the NVIDIA GPU drivers that control the actual hardware in the physical system, and the NVIDIA vGPU software, which shares out physical GPUs between guest operating systems running under virtualisation software from vendors including Citrix, Red Hat and VMWare.

Cisco has released security updates for Cisco Webex Meetings and Cisco Webex Meetings Server that fix several remotely exploitable vulnerabilities, as well as one less severe one that could allow hackers to gain access to a target's Webex account. CVE-2020-3361 affects Cisco Webex Meetings sites and Cisco Webex Meetings Server and could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.

Windows 10 users woke up to borked printers following the monthly Microsoft bugfix party, Patch Tuesday. The timing is unfortunate since many Windows 10 users are now working from home and relying on directly connected printers for remote working.