Microsoft Addresses 53 Vulnerabilities Across 15 Products in July
For its July patch release, Microsoft has addressed 53 vulnerabilities across 15 different products. The release includes 17 critical severity vulnerabilities, with ten found in Internet Explorer alone. Microsoft addressed four Chakra scripting engine memory corruption vulnerabilities (CVE-2018-8280, CVE-2018-8286, CVE-2018-8290, CVE-2018-8294), which could allow remote code execution. Also patched is a spoofing vulnerability in Microsoft Edge (CVE-2018-8278). Users should apply these patches as soon as possible.
For more information on the vulnerabilities addressed this month, please visit:
Cisco ASA Vulnerability Actively Exploited in Denial-of-Service Attacks
In early June, Cisco released patches to address a high-severity vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA), which could allow an unauthenticated, remote attacker to reload an affected system. The vulnerability, CVE-2018-0296, is due to a lack of input validation of the URL, which allows an attacker to send specially-crafted HTTP requests to a vulnerable device. This month, Cisco released an advisory warning its users that the vulnerability has been actively exploited to cause a denial-of-service (DoS) condition. The company is urging its customers to upgrade to the latest Cisco ASA software release.
For more information on this please visit:
Adobe Patches 112 Vulnerabilities in Flash Player, Acrobat, and Reader
This month, Adobe released more than 100 patches to address 112 vulnerabilities in multiple products, including Flash Player, Acrobat and Reader, Experience Manager, and Adobe Connect. Users should upgrade to Flash Player version 126.96.36.199 to ensure that they receive all the latest patches, including fixes for CVE-2018-5007, a code execution flaw, as well as CVE-2018-5008, an information disclosure flaw. Additionally, Adobe is urging users to update to the latest version of Adobe Acrobat and Reader after releasing fixes to address 53 critical flaws.
For more information on the vulnerabilities and security updates, please visit: