A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Microsoft Security Update

Microsoft has released security update to address vulnerability to its multiple products. Exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review Microsoft Release page and apply necessary updates.

Apple Security Update

Apple has released security updates to address vulnerabilities in iOStvOSwatchOSiCloud for WindowsSafariiTunes for WindowsmacOS MojavemacOS Sierra and macOS High Sierra. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Apple Security Updates and apply necessary updates.

Adobe Security Update

Adobe has released security update to address vulnerabilities in Adobe Acrobat 2017Acrobat Reader 2017Acrobat DC and Acrobat Reader DC for Windows and MacOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system with privileges of current user.

Users and administrators are encouraged to review Adobe Security Advisory and apply necessary updates.

Mozilla Security Update

Mozilla has released security updates to address vulnerabilities in Firefox prior to ver.64 and Firefox ESR prior to ver.60.4. Exploitation of these vulnerabilities may allow an attacker to take control of affected product.

Users and administrators are encouraged to review Mozilla Security Advisories and apply necessary updates.

Microsoft Team Foundation Server Remote Code Execution Vulnerability

Advisory No: TZCERT/SA/2018/12/05

Date of First Release: 6 December 2018

Source: Microsoft

Software Affected:

  1. Team Foundation Server 2018 Update 1.1
  2. Team Foundation Server 2018 Update 3
  3. Team Foundation Server 2018 Update 3.1
  4. Team Foundation Server 2017 Update 3.1

Overview:

Multiple vulnerabilities have been identified in Microsoft Team Foundation Server that could allow a remote unauthorized execution of arbitrary code that may result into compromise of potentially sensitive information on the targeted system.

Description:

Microsoft Team Foundation Server (TFS) has been reported to vulnerable to a remote code execution and Cross-site Scripting (CSS) vulnerabilities.

The remote code execution vulnerability is a result of disabling basic authorization on the communication between the Team Foundation Server (TFS) and the search services. Whereas, the Cross-site scripting vulnerability is caused by improper handling of user input into the Team Foundation Server (TFS).

An authenticated remote access exploit can exploit these vulnerabilities by sending a specially crafted payload to the Team Foundation Server, which can be executed on user’s behalf upon visiting the compromised page.

Impacts:

Successful exploitation of the remote code execution vulnerability could allow remote unauthorized access to bypass authorization to run certain commands on the Search service to execute arbitrary code with the privileges of the user.

The cross-site scripting vulnerability could allow unauthorized access to perform cross-site scripting attacks on affected systems. Exploitation of these vulnerabilities could allow take off control of the affected system.

Solution:

Users and administrators are urged to review security updates guide available on Microsoft web portal to fix the vulnerabilities.

Reference:

  1. https://portal.msrc.microsoft.com/en-US/security-guidance
  2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018 – -8529
  3. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018 – -8602
  4. https://www.securityfocus.com/bid/105910/info