Please see Security Advisories for the week ending February 26, 2021
- Critical: SolarWinds New Digital Code-Signing Certificate
- Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox
- SonicWall Releases Additional Patches for SMA 100 Series
________________________________
Critical: SolarWinds New Digital Code-Signing Certificate
Situation
SolarWinds is re-signing digital code-signing certificate for multiple products. SolarWinds uses a digital code-signing certificate to digitally sign each software build, to help end users authenticate the code. As part of SolarWinds response to the SUNBURST vulnerability, the code-signing certificate used sign the affected software versions will be revoked on March 8, 2021.
Problem
The same digital code-signing certificate used to sign SolarWinds' Orion Platform software affected by the SUNBURST vulnerability was also used to sign multiple SolarWinds products. While this does not mean these products are compromised, it does mean the day-to-day operation may be impacted after the certificate is revoked on March 8, 2021.
Implication
Failure to upgrade the software to containing the updated digital certificate after March 8, 2021 may cause issues day-to-day operation of that software.
Need
SolarWinds recommends upgrading all products to a version containing the updated certificate. Additional information as well as a full list of products with re-signed digital certificate can be found in the links below.
For a more detailed description:
https://www.solarwinds.com/sa-overview/new-digital-certificate
Full list of products affected:
https://www.solarwinds.com/sa-overview/new-digital-certificate#wu-table
________________________________
Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox
Situation
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird.
Problem
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Implication
Failure to patch systems could result in loss of control of affected systems.
Need
Mozilla advises patching to the most up to date versions of: Firefox86, Firefox ESR 78.8, and Thunderbird version 78.8.
For a brief overview:
For a more technical overview:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/
________________________________
SonicWall Releases Additional Patches for SMA 100 Series
Situation
SonicWall has recently released a new firmware update for versions 10.x and 9.x on the SMA 100 series products, comprised of SMA 200, 210, 400, 410 physical appliances and the SMA 500v virtual appliance. The SMA 100 series products were affected by a zero-day vulnerability known to be used in attacks.
Problem
SonicWall announced new firmware updates for SMA 100 series products that provide additional safeguards discovered since their last update. The new firmware updates provide code-hardening fixes identified during an internal code audit.
Implication
If left unpatched a remote attacker could exploit the zero-day vulnerability (SNWLID-2021-0001) and take control of an affected system.
Need
SonicWall recommends that all organizations using SMA 10.x or SMA 9.x firmware should immediately upgrade their devices.
SMA 100 series 10.x users and administrators should upgrade to 10.2.0.6-32sv firmware
SMA 100 series 9.x users and administrators should upgrade to 9.0.0.10-28sv firmware
For a more technical overview:
____________
