Please see Security Advisories for the week ending September 11, 2020
- Palo Alto Networks Security Advisories - September 2020
- Adobe Releases Security Updates for Several Products
- Google Releases Security Updates for Chrome version 85.0.4183.102
- Microsoft Releases September 2020 Security Updates
________________________________
Palo Alto Networks Security Advisories - September 2020
Situation
Palo Alto Networks has discovered and patched several vulnerabilities for its PAN-OS, from one Critical to several Highs.
Problem
A critical buffer overflow vulnerability and a cross-site scripting (XSS) vulnerability has been discovered and patched in the PAN-OS. Palo Alto Networks is not aware of any malicious attempts to exploit these vulnerabilities.
Implication
Failure to patch could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
A fix for these vulnerabilities has been released. Update the PAN-OS to the latest version as soon as possible.
For a more detailed overview:
https://security.paloaltonetworks.com/
________________________________
Adobe Releases Security Updates for Several Products
Situation
Adobe has released several updates in its environment to address vulnerabilities in its products.
Problem
The vulnerabilities in the software could allow remote attackers to inject their own code and commands leading to device takeover. Affected products are below:
Implication
Unpatched software will leave an attack surface of the vulnerabilities allowing remote attackers to exploit the vulnerabilities injecting malicious code and take over the machine remotely.
Need
Adobe recommends installing the latest updates in their products to patch vulnerabilities as they are found. Please keep all software up to date with the latest release or patch updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/09/08/adobe-releases-security-updates
For a more detailed overview:
https://helpx.adobe.com/security.html
________________________________
Google Releases Security Updates for Chrome version 85.0.4183.102
Situation
Chrome has released security updates for Chrome for Windows, Mac, and Linux.
Problem
This update addresses 5 high level vulnerabilities, CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, and CVE-2020-15959.
Implication
The vulnerabilities include use after free, insufficient policy enforcement, and race condition. Attackers can utilize these to take control of the affected system.
Need
Please update Chrome to the latest version.
For a more detailed overview:
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html
________________________________
Microsoft Releases September 2020 Security Updates
Situation
Microsoft has released September 2020 security updates for various Microsoft software which are:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- Microsoft ChakraCore
- Internet Explorer
- SQL Server
- Microsoft JET Database Engine
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Dynamics
- Visual Studio
- Microsoft Exchange Server
- SQL Server
- ASP.NET
- Microsoft OneDrive
- Azure DevOps
Problem
Microsoft has released patches for 129 vulnerabilities, of these 23 are classified as Critical, 105 as Important, and one as Moderate. With 32 of these vulnerabilities being classified as remote code execution which can permit attackers to exploit vulnerable applications remotely, 38 being an elevation of privilege vulnerability, and 6 being a memory corruption vulnerability.
Implication
If an attacker is able to successfully exploit these vulnerabilities, such as ones that allow for remote code execution, privilege escalation, and memory corruption, it could allow the attacker to take control of the affected system.
Need
Microsoft recommends updating all affected Microsoft products that are in use to protect against these vulnerabilities. Additional information regarding each vulnerability can be found in the link below.
For a more detailed overview:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
