Overview On November 10, 2020 local time, Microsoft fixed two vulnerabilities in the Windows Network File System (NFS) in its monthly security updates, which are CVE-2020-17051 and CVE-2020-17056. CVE-2020-17051 is a remote code execution vulnerability on the nfssvr.sys driver. It is said that the vulnerability can be reproduced to cause...
Category: Emergency Response
Microsoft’s November 2020 Patches Fix 112 Security Vulnerabilities Threat Alert
Overview Microsoft released November 2020 security updates on Tuesday which fix 112 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 17 critical vulnerabilities, 93 important vulnerabilities, and two low vulnerabilities. All users are advised to install updates without delay. These vulnerabilities affect Azure DevOps, Azure Sphere, Common...
Adobe Releases November’s Security Updates Threat Alert
Overview On November 11, 2020 (local time), Adobe released security updates which address multiple vulnerabilities in Adobe Connect and Adobe Reader Mobile. (more…)
SaltStack Multiple Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592) Threat Alert
Overview Recently, SaltStack released a security update to address multiple vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592). These vulnerabilities can cause authentication bypass and command execution. SaltStack recommends users upgrade as soon as possible. Salt is an open-source IP architecture management solution written in Python. It has been widely used in data centers...
Windows Kernel cng.sys Privilege Escalation 0-day Vulnerability CVE-2020-17087 Threat Alert
Overview Recently, Google Project Zero published an article about the Windows cng.sys privilege escalation vulnerability (CVE-2020-17087). The vulnerability allows attackers without authentication to trick users into running crafted malicious programs to escalate privileges. At present, this vulnerability has been exploited in the wild, and Microsoft has not released patches to...
WebLogic Console HTTP Remote Code Execution Vulnerability (CVE-2020-14882) Protection Solution
Overview The Critical Patch Update (CPU) for October 2020 released by Oracle contains a high-risk WebLogic Consoleremote code execution vulnerability (CVE-2020-14882). The vulnerability can be triggered without authentication and has an extensive impact. Unauthenticated attackers might construct special HTTP GET requests to exploit this vulnerability to execute arbitrary code on...
