Recent Comments

    Blogroll

    Search

    Archive for Newsletters

    Security Mailer Volume 22 Number 32

    August 15th, 2022 by

    Security Mailer Volume 22 Number

    • Adobe updates
      • Acrobat
      • Reader
    • Cisco security advisories
    • Open source
      • Chromium
      • Java
      • Linux Kernel
    • Linux updates and patches
    • Microsoft Tuesday
      • Over 140 updates
      • One zero-day that is already being exploited
    • General Security reviews last week
    • Known Exploited Vulnerability Catalog
      • EXCEL Spreadsheet format

        CSV, XLS, and XLSX versions provided

    • Misc news

    Posted in Newsletters, Patches, Updates | No Comments »

    Microsoft August Patch Tuesday fixes critical Secure Boot GRUB vulnerability

    August 13th, 2022 by

    KB5012170: Microsoft August Patch Tuesday fixes critical Secure Boot GRUB vulnerability

    “In this month’s Patch, the Redmond company also issued an important fix related to the Secure Boot DBX with its KB5012170 update.

    For those unaware, the Secure Boot Forbidden Signature Database or DBX is basically a block-list for blacklisted UEFI executables that were found to be bad. The latest KB5012170 update adds signatures of the known vulnerable UEFI modules to the DBX, meaning they will no longer be able to run after this update. The signatures this time are related to the GRand Unified Boot Loader (GRUB) vulnerability also called BootHole.

    The official Microsoft bulletin explains how the attack works:

    Microsoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass.

    To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.”

    Posted in Newsletters, Patches, Updates | No Comments »

    Microsoft Patch Tuesday, August 2022 Edition

    August 10th, 2022 by

    Microsoft Patch Tuesday, August 2022 Edition

    “Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections”

    Posted in Newsletters, Patches, Updates | No Comments »

    Security Mailer Volume 22 Number 31

    August 10th, 2022 by

    Security Mailer Volume 22 Number 31

    • Cisco security advisories
    • Open Source updates
    • Linux updates and patches
    • General Security reviews last week, CISA Exploited Vulnerabilities Catalog
    • Misc news entries
    •  

      CISA Exploited Vulnerabilities Catalog

      • EXCEL spreadsheet format
      • CSV, XLS and XLSX version s provided

    Posted in Newsletters, Patches, Updates | No Comments »

    Security Mailer Volume 22 Number 30

    August 2nd, 2022 by

    Security Mailer Volume 22 Number 30

    • Mozilla updates
      • Firefox
      • Firefox ESR
      • Thunderbird
    • Open Source updates
    • Linux updates and patches
    • General Security reviews last week
    • Known Exploited Vulnerabilities Catalog
    • Wireshark updates
    • Misc news entries
    • Known Exploited Vulnerabilities Catalog
      • EXCEL Spreadsheet format
      • CSV, XLS, and XLSX versions provided

    Posted in Newsletters, Patches, Updates, Upgrades | No Comments »

    Security Mailer Volume 22 Number 29

    July 25th, 2022 by

    Security Mailer Volume 22 Number 29

    • Apple Security Updates
    • Cisco Security Advisorie
    • Open Source updates
    • Linux updates and patches
    • Microsoft Tuesday releases;
    • General Security reviews last week
    • Misc news entries
    • CISA Known Exploited Vulnerabilities Catalog in EXCEL Spreadsheet format CSV, XLS, and XLSX versions are provided

    Posted in Newsletters, Patches, Updates, Upgrades | No Comments »

    Microsoft Patch Tuesday, July 2022 Edition

    July 13th, 2022 by

    Microsoft Patch Tuesday, July 2022 Edition

    Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.”

    Posted in Newsletters, Patches, Updates | No Comments »

    Security Mailer Volume 22 Number 27

    July 10th, 2022 by

    Security Mailer Volume 22 Number 27

    • Cisco security advisories
    • Open source
      • Apache Log4Shell
      • Intel Microcode
      • QEMU machine emulator
      • Apache HTTP Server
    • Linux updates and patches
    • Microsoft postpones change in Office documents
      • Blocking VBA macros in files from the internet
    • General Security reviews last week
    • CISA Know Exploited Vulnerabilities Catalog
    • Misc news from SANS and Sophos
    • PDF from CISA – MedusaLocker advisory bulletin
    • CISA Known Exploited Vulnerabilities Catalo
      • EXCEL spreadsheet format CSV, XLS, and XLSX versions provided

    Posted in Newsletters, Patches, Updates | No Comments »

    Security Mailer Volume 22 Number 26

    July 3rd, 2022 by

    Security Mailer Volume 22 Number 26

    • Mozilla updates
      • Firefox
      • Firefox ESR
      • Thunderbird
    • Cisco security advisories
    • Open Source
      • Chromium
      • Linux Kernel
      • LibreCAD
    • Linux updates and patches;
    • General Security reviews last week
    • CISA Known Exploited Vulnerabilities Catalog
    • News from SANS
    • CISA Known Exploited Vulnerabilities Catalog EXCEL spreadsheet format CSV, XLS, and XLSX versions provided

    Posted in Newsletters, Patches, Updates, Upgrades | No Comments »

    Security Mailer Volume 22 Number 25

    June 26th, 2022 by

    Security Mailer Volume 22 Number 25

    • Cisco security advisories
    • Open Source OpenSSL updated again
      • VLC
      • Mailman
      • Chromium
    • Linux updates and patches
    • Microsoft updates
      • EDGE
      • Windows 8.1 end of life coming
    • General Security reviews last week
      • Known Exploited Vulnerabilities Catalog
      • Misc News entries from SANS
    •  

      CISA Known Exploited Vulnerabilities Catalog EXCEL spreadsheet format CSV, XLS, and XLSX versions provided

    Posted in Newsletters, Patches, Updates, Upgrades | No Comments »

    « Previous Entries