August 15th, 2022 by hankshelp
- Adobe updates
- Cisco security advisories
- Open source
- Chromium
- Java
- Linux Kernel
- Linux updates and patches
- Microsoft Tuesday
- Over 140 updates
- One zero-day that is already being exploited
- General Security reviews last week
- Known Exploited Vulnerability Catalog
- Misc news
Posted in Newsletters, Patches, Updates | No Comments »
August 13th, 2022 by hankshelp
“In this month’s Patch, the Redmond company also issued an important fix related to the Secure Boot DBX with its KB5012170 update.
For those unaware, the Secure Boot Forbidden Signature Database or DBX is basically a block-list for blacklisted UEFI executables that were found to be bad. The latest KB5012170 update adds signatures of the known vulnerable UEFI modules to the DBX, meaning they will no longer be able to run after this update. The signatures this time are related to the GRand Unified Boot Loader
(GRUB) vulnerability also called BootHole.
The official Microsoft bulletin explains how the attack works:
Microsoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass.
To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.”
Posted in Newsletters, Patches, Updates | No Comments »
August 10th, 2022 by hankshelp
“Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections”
Posted in Newsletters, Patches, Updates | No Comments »
August 2nd, 2022 by hankshelp
- Mozilla updates
- Firefox
- Firefox ESR
- Thunderbird
- Open Source updates
- Linux updates and patches
- General Security reviews last week
- Known Exploited Vulnerabilities Catalog
- Wireshark updates
- Misc news entries
- Known Exploited Vulnerabilities Catalog
- EXCEL Spreadsheet format
- CSV, XLS, and XLSX versions provided
Posted in Newsletters, Patches, Updates, Upgrades | No Comments »
July 25th, 2022 by hankshelp
- Apple Security Updates
- Cisco Security Advisorie
- Open Source updates
- Linux updates and patches
- Microsoft Tuesday releases;
- General Security reviews last week
- Misc news entries
- CISA Known Exploited Vulnerabilities Catalog in EXCEL Spreadsheet format CSV, XLS, and XLSX versions are provided
Posted in Newsletters, Patches, Updates, Upgrades | No Comments »
July 13th, 2022 by hankshelp
“Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.”
Posted in Newsletters, Patches, Updates | No Comments »
July 10th, 2022 by hankshelp
- Cisco security advisories
- Open source
- Apache Log4Shell
- Intel Microcode
- QEMU machine emulator
- Apache HTTP Server
- Linux updates and patches
- Microsoft postpones change in Office documents
- Blocking VBA macros in files from the internet
- General Security reviews last week
- CISA Know Exploited Vulnerabilities Catalog
- Misc news from SANS and Sophos
- PDF from CISA – MedusaLocker advisory bulletin
- CISA Known Exploited Vulnerabilities Catalo
- EXCEL spreadsheet format CSV, XLS, and XLSX versions provided
Posted in Newsletters, Patches, Updates | No Comments »
July 3rd, 2022 by hankshelp
- Mozilla updates
- Firefox
- Firefox ESR
- Thunderbird
- Cisco security advisories
- Open Source
- Chromium
- Linux Kernel
- LibreCAD
- Linux updates and patches;
- General Security reviews last week
- CISA Known Exploited Vulnerabilities Catalog
- News from SANS
- CISA Known Exploited Vulnerabilities Catalog EXCEL spreadsheet format CSV, XLS, and XLSX versions provided
Posted in Newsletters, Patches, Updates, Upgrades | No Comments »