A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Accusoft Security Update

Cisco Talos has released security update to address a vulnerability in Accusoft ImageGear. Exploitation of this vulnerability may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review Talos Security Advisory and apply necessary updates.

Juniper Security Update

Juniper has released security updates to address a vulnerability to its multiple products. Exploitation of this vulnerability may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review Juniper Security Advisory and apply necessary updates.

Trend Micro Security Update

Trend Micro has released security updates to address a vulnerability to its multiple products. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review Trend Micro Security Bulletin and apply necessary updates.

Microsoft Exchange Server Zero-Day remote code execution vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

Advisory No: TZCERT/SA/2021/03/04

Date of First Release: 04th March 2021

Source: Microsoft

Software Affected: 

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Overview:

The four Microsoft Exchange vulnerabilities are part of an attack chain that may cause an unauthenticated attacker to execute arbitrary code remotely. These vulnerabilities are Server-Side Request Forgery (SSRF) (CVE-2021-26855), insecure deserialization (CVE-2021-26857), and arbitrary file write (CVE-2021-26858 and CVE-2021-27065).

Description:

SSRF vulnerability could be exploited by sending a specially crafted HTTP request to a vulnerable Exchange Server that may result to a remote code execution by an unauthenticated remote attacker.

Insecure deserialization vulnerability exists in the Exchange Unified Messaging Service which handles voice mail functionality. To exploit this vulnerability an attacker would need to be authenticated to the vulnerable Exchange Server with administrator privileges or could use another vulnerability first to gain access.

Arbitrary file write vulnerability is also a post-authentication, meaning an attacker will need administrative privileges before exploiting the system. An attacker could use SSRF vulnerability to gain administrative privileges to the system. Once access gained, an attacker could arbitrarily write to any paths on the vulnerable server.

Impact:

Successful exploitation of these vulnerabilities could allow an attacker to gain access to the Exchange server system.

Solution:

Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates on Exchange Servers.

References:

  1. https://msrc.microsoft.com/update-guide/vulnerability
  2. https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-cve-2021-26858-cve-2021-27065-four-microsoft-exchange-server-zero-day-vulnerabilities

Chrome Security Update

Google has released security updates to address vulnerabilities in chrome prior to 89.0.4389.72. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and administrators are encouraged to review Chrome releases page and apply necessary updates.