User Linkedin
Contact Us

Author: ITC Secure

CRITICAL WINDOWS DNS VULNERABILITY CVE-2020-1350

[vc_row][vc_column][vc_column_text css=”.vc_custom_1594804007589{margin-bottom: 0px !important;}”]Priority: Critical Executive Summary: Microsoft’s Security Response Center (MSRC) announced on 14 July 2020, they have released an update to patch CVE-2020-1350, which is a critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that has a CVSS score of 10, the maximum severity.[1] [2][3] The vulnerability exists in the way […]

Critical F5 TMUI Vulnerability CVE-2020-5902

[vc_row][vc_column][vc_column_text css=”.vc_custom_1593787218989{margin-bottom: 0px !important;}”]Priority: Critical Executive Summary: Security vendor F5 have released details of a vulnerability in their Traffic Management User Interface (TMUI), also known as the Configuration Utility, that has a CVSS score of 10, the maximum severity possible.[1] [2] The vulnerability (CVE-2020-5902), brought to F5’s attention by Mikhail Klyuchnikov of Positive Technologies, affects […]

OUT-OF-BAND WINDOWS SECURITY PATCHES

Priority: High Executive Summary: Microsoft have issued urgent, out-of-band patches for two vulnerabilities found in the Windows Codecs Libraries.[1] The vulnerabilities, discovered by Abdul-Aziz Hariri of Trend Micro’s Zero Day Initiative, are CVE-2020-1425 and CVE-2020-1457. Both represent issues in the way in which the Windows Codecs Library handles certain objects in memory and exploiting these […]

PAN-OS CRITICAL VULNERABILITY

Priority: Critical Executive Summary: Palo Alto Networks have released details of a critical vulnerability affecting PAN-OS, the operating system which runs on all Palo Alto next-generation firewalls [1]. The vulnerability, CVE-2020-2021, can allow attackers to bypass authentication, meaning an attacker can log into a server as an administrator. This means that a threat actor who […]

June 2020

View our Cyber Bulletin for June here.

Who is Microsoft security for?

I’ve written before of the innovation, ingenuity, coverage and effectiveness of the Microsoft security stack and I’m in no doubt that they have one of the very best “end-to-end” security control and visibility solutions available. So much for that then, but who is the intended consumer? I come across some understandable confusion when talking to […]

106 MALICIOUS CHROME EXTENSIONS TAKEN OFFLINE

Priority: Medium Executive Summary: Google have removed 106 malicious browser extensions from the Chrome Web Store after being found malicious. The malicious extensions are said to have posed as a variety of tools, such as file conversion tools and even security scanners. However, analysis of the extensions’ behaviour and code indicates that they had ulterior […]