• Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
• VMware Releases Security Updates
• CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
_______________________________
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Situation:
Mozilla has released security updates.
Problem:
Addresses vulnerabilities in Firefox, Firefox ESR, and Thunderbird.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We strongly encourage organizations to review the Mozilla security advisories for Firefox 104, Firefox ESR 91.13, Firefox ESR 102.2 and Thunderbird 91.13, Thunderbird 102.2 and apply the necessary updates.
Additional Resources:
CISA Bulletin: Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/23/mozilla-releases-security-updates-firefox-firefox-esr-and
Firefox 104:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
Firefox ESR 91.13:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/
Firefox ESR 102.2:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/
Thunderbird 91.13:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/
Thunderbird 102.2:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/
________________________________
VMware Releases Security Updates
Situation:
VMware has released a security update.
Problem:
Addressing a vulnerability in VMware Tools impacted by a local privilege escalation vulnerability.
Implication:
A remote attacker could likely exploit the vulnerability to take control of an affected system.
Need:
We encourage organizations to review VMware Security Advisory VMSA-2022-0024 and apply the necessary update.
Additional Resources:
CISA Bulletin: VMware Releases Security Update
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/23/vmware-releases-security-update
VMSA-2022-0024:
https://www.vmware.com/security/advisories/VMSA-2022-0024.html
________________________________
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
Situation:
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite.
Problem:
Active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We strongly encourage organizations to review the latest update to AA22-228A and apply the recommended mitigations.
Additional Resources:
CISA Bulletin: CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-updates-advisory-threat-actors-exploiting-multiple-cves
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite:
https://www.cisa.gov/uscert/ncas/alerts/aa22-228a