Emergency Response

Oracle July 2021 Critical Patch Update for All Product Families

August 2, 2021 | Jie Ji

Overview On July 21, 2021, NSFOCUS detected that Oracle released the July 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends that users fix these […]

Microsoft’s July 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

July 28, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released July 2021 Security Updates on July 14 to fix 117 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month’s security updates, there are 13 critical […]

SolarWinds Serv-U Remote Code Execution Vulnerability (CVE-2021-35211) Threat Alert

July 23, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that SolarWinds released a security advisory fixing a remote code execution vulnerability (CVE-2021-35211). Microsoft reported to SolarWinds that they had discovered that the vulnerability was exploited in the wild and provided a proof of concept of the exploit. Unauthenticated, remote attackers could exploit this vulnerability to execute […]

Windows Print Spooler RCE Vulnerabilities (CVE-2021-1675/CVE-2021-34527) Mitigation Guide

July 13, 2021 | Jie Ji

Overview On July 7, 2021, Beijing time, Microsoft released a security patch on the PrintNightmare vulnerability (CVE-2021-34527). NSFOCUS CERT recommends that users install this patch as soon as possible. On June 29, NSFOCUS CERT found that a security researcher published an exploit of the Windows Print Spooler remote code execution (RCE) vulnerability (PrintNightmare) on GitHub. […]

“Netfilter” malicious driver bypasses Microsoft’s signature system

June 30, 2021 | Jie Ji

In June 2021, German computer security solutions software company G Data Software detected a malicious driver named “Netfilter”. Unexpectedly, the malicious driver bypassed and obtained Microsoft’s file signature. When Microsoft learned about it, it immediately added the signature of the malware to the security center of the Windows system for protection, and conducted an internal […]

Microsoft’s June 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

June 16, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released June 2021 Security Updates on June 9 to fix 50 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month’s security updates, there are five critical […]

Microsoft’s May 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

June 7, 2021 | Jie Ji

Overview On May 12, 2021, Microsoft released May 2021 Security Updates to fix 55 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Microsoft Windows, Office, Exchange Server, Visual Studio Code, and Internet Explorer. In the vulnerabilities fixed by this month’s security updates, there are four critical vulnerabilities and 50 […]

VMware VCenter Server Remote Code Execution Vulnerability (CVE-2021-21985) Threat Alert

June 4, 2021 | Jie Ji

Vulnerability Description On May 26, NSFOCUS CERT discovered that VMware released a security advisory that announces mitigation of the VMware vCenter Server remote code execution vulnerability (CVE-2021-21985) and vCenter Server plug-in authentication bypass vulnerability (CVE-2021-21986). The Virtual SAN Check plug-in in vCenter Server lacks input validation, allowing attackers who have accessed vSphere Client (HTML5) through […]

Oracle April 2021 Critical Patch Update for All Product Families

May 17, 2021 | Jie Ji

Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends users fix these […]

Microsoft April Security Updates for Multiple High-Risk Product Vulnerabilities

April 25, 2021 | Jie Ji

Vulnerability Description On April 14, 2020, Microsoft released April 2020 Security Updates that fix 114 vulnerabilities, including high-risk remote code execution and privilege escalation, in various products like Microsoft Windows, Office, Edge (Chromium-based), Visual Studio Code, Microsoft Exchange Server, Visual Studio, and Azure. In these security updates, Microsoft fixes 19 critical vulnerabilities and 88 important […]