Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE-2022-30190, also known as “Follina” — the RCE vulnerability in the Microsoft Windows Support Diagnostic Tool that was disclosed in late May and exploited in the wild — has now received patches for affected Windows systems. While Microsoft had...
Read More
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute maliciously PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. Workarounds: In Microsoft Defender’s Attack Surface Reduction (ASR) activating the rule “Block all Office applications from creating child processes” in Block mode will prevent this from being exploited.[https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes] Disable the MSDT URL Protocol....
Read More
CVE-2022-1388: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Impact: This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands,...
Read More
DESCRIPTION: Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution. SYSTEM AFFECTED: * Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite, version 3.6 * Application Performance Management, versions 13.4.1.0, 13.5.1.0 * Big Data Spatial and Graph, versions prior to 23.1 * Enterprise Manager Base Platform, versions 13.4.0.0, 13.5.0.0 * Enterprise Manager Ops Center, version 12.4.0.0 * Fujitsu...
Read More
DESCRIPTION: Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution. * Mozilla Firefox is a web browser used to access the Internet. * Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. * Mozilla Thunderbird is an email client. Successful...
Read More
