Cyber Security Advisories – MS-ISAC The latest MS-ISAC cyber security advisories. Feed provided by Center for Internet Security.
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Executionon April 24, 2024 at 6:47 pm
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- Oracle Quarterly Critical Patches Issued April 16, 2024on April 17, 2024 at 7:51 pm
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
- Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Remote Code Executionon April 17, 2024 at 4:29 pm
Multiple vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for remote code execution. Ivanti Avalanche is a mobile device management system. Network security features allow one to manage wireless settings (including encryption and authentication), and apply those settings on a schedule throughout the network. Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
- Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Executionon April 17, 2024 at 11:47 am
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for remote code execution. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Executionon April 16, 2024 at 2:56 pm
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- A Vulnerability in PAN-OS Could Allow for Arbitrary Code Executionon April 12, 2024 at 3:55 pm
A vulnerability has been discovered in PAN-OS that could allow for arbitrary code execution. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the root user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Executionon April 10, 2024 at 10:49 pm
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Executionon April 9, 2024 at 6:26 pm
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe After Effects is a digital visual effects, motion graphics, and compositing application. Adobe Photoshop is a raster graphics editor. Adobe Commerce is a flexible and scalable commerce platform that lets you create personalized B2B and B2C experiences. Adobe InDesign is a desktop publishing and page layout designing software application. Adobe Experience Manager is an all-in-one software suite used for content and asset management. Adobe Media Encoder is an audio/video media processing program that allows users to convert files into other types of files. Adobe Bridge is used to preview, organize, edit, and publish assets. Adobe Illustrator is a vector graphics editor and design software. Adobe Animate is used to create vector graphics and interactive content. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
- Critical Patches Issued for Microsoft Products, April 09, 2024on April 9, 2024 at 6:19 pm
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- A Vulnerability in Broadcom Brocade Fabric OS Could Allow for Arbitrary Code Executionon April 5, 2024 at 9:08 am
A vulnerability has been discovered in Broadcom Brocade Fabric OS that could allow for arbitrary code execution. Broadcom Brocade Fabric OS is the storage area networking firmware for Brocade Communications Systems’ Fibre Channel switch and Fibre Channel directors. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user or obtain root level privileges. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.