Daily Bulletin

Technology


Microsoft released updates for Windows, Office, Azure and Visual Studio this month resolving a total of 64 vulnerabilities. The Zero Day vulnerability in MSHTML (CVE-2021-40444) has been resolved this month. Microsoft’s original mitigation guidance released on September 7      can be disabled once you have updated all Windows OSs this month. Besides the MSHTML RCE vulnerability there are also two publicly disclosed CVEs that warrant some attention this month.

 

While not the specific PrintNightmare CVE (CVE-2021-34527), one of the additional Print Spooler CVEs that was initially addressed in the August Patch Tuesday release (CVE-2021-36958) has been updated this month. The update has removed the previously defined mitigation as it no longer applies and addresses the additional concerns that were identified by researchers beyond the original fix. The vulnerability has been publicly disclosed and functional exploit code is available, so this puts further urgency on this month’s Windows OS updates.

 

The third public disclosure (CVE-2021-36968) resolves an Elevation of Privilege vulnerability in Windows DNS. This CVE applies to the legacy Windows OSs. Public disclosure gives threat actors a bit of a jump start on developing a working exploit. In this case, they could find the fact that this only affects legacy OSs as attractive, banking on the fact that companies are still running on the legacy Oss but not continuing with ESU support from Microsoft. If you fall into this group, there is yet more reason to either subscribe to Microsoft’s ESU for Windows 7 and Server 2008\2008 R2 or migrate off of these platforms as the risk of running these EoL systems continues to grow.

 

Google Chrome released a critical update today resolving 11 CVEs including two Zero Day vulnerabilities (CVE-2021-30632 and CVE-2021-30633). Adobe Acrobat and Reader updates resolve X CVEs.

Apple has also released security updates for Mac OS 11.6 and iOS 14.8 which resolve two Zero Day vulnerabilities (CVE-2021-30860 and CVE-2021-30858). CVE-2021-30860 is the vulnerability that was utilized to deploy Pegasus Spyware to a variety of Apple Devices giving near complete access to personal data on targeted devices. For iOS users you may see this available immediately, but Apple does a rolling update across iOS devices so not everyone would see an update available immediately.  Best to check back daily to see when it is available for update.

 

Adobe Acrobat and Reader (APSB21-55), Adobe Experience Manager (APSB21-82) and Adobe ColdFusion (APSB21-75) are the top three updates from Adobe this month. Acrobat and Reader resolved 26 total CVEs (13 critical), Experience Manager resolved one critical and three important CVEs, and Fusion resolved two critical CVEs.

 

Priorities this month:

  • Windows OS update to resolve the MSHTML Zero Day and the Print Spooler vulnerability
  • Google Chrome to plug two Zero Day vulnerabilities
  • Adobe Acrobat and Reader APSB21-55 to resolve the 13 critical CVEs
  • Apple MacOS and iOS updates to plug two Zero Day vulnerabilities

His spirit will return to Country. Vale David Dalaithngu, the actor who shaped Australian cinema

arrow_forward

Wealthy nations starved the developing world of vaccines. Omicron shows the cost of this greed

arrow_forward

GDP is like a heart rate monitor: it tells us about life, but not our lives

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Business News

Marketing tips to help brands to be more present

Are you looking for marketing tips? Well, in this post we will share important marketing tips that can help the brand to be more present. A / B Test your shopping journey AB testing is  a scient...

Daily Bulletin - avatar Daily Bulletin

4 Things To Look For In A Customs Broker

Running a business entails the teamwork of many professionals. Some work within the four walls of the main business premises while others work outside. One of those who work in the field is a cust...

NewsServices.com - avatar NewsServices.com

Why Do People Need a Salesforce Consultant

If you’re an experienced user of Salesorce, you might take advantage of the many Salesforce Certification Resources available to you and become a salesforce consultant. It could mean a whole new car...

Daily Bulletin - avatar Daily Bulletin