Resposta de Emergência

Microsoft’s June 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

junho 16, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released June 2021 Security Updates on June 9 to fix 50 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, Microsoft Edge, Visual Studio, and SharePoint Server. In the vulnerabilities fixed by this month’s security updates, there are five critical […]

Microsoft’s May 2021 Security Updates Fix Multiple Products’ High-Risk Vulnerabilities

junho 7, 2021 | Jie Ji

Overview On May 12, 2021, Microsoft released May 2021 Security Updates to fix 55 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Microsoft Windows, Office, Exchange Server, Visual Studio Code, and Internet Explorer. In the vulnerabilities fixed by this month’s security updates, there are four critical vulnerabilities and 50 […]

VMware VCenter Server Remote Code Execution Vulnerability (CVE-2021-21985) Threat Alert

junho 4, 2021 | Jie Ji

Vulnerability Description On May 26, NSFOCUS CERT discovered that VMware released a security advisory that announces mitigation of the VMware vCenter Server remote code execution vulnerability (CVE-2021-21985) and vCenter Server plug-in authentication bypass vulnerability (CVE-2021-21986). The Virtual SAN Check plug-in in vCenter Server lacks input validation, allowing attackers who have accessed vSphere Client (HTML5) through […]

Oracle April 2021 Critical Patch Update for All Product Families

maio 17, 2021 | Jie Ji

Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends users fix these […]

Microsoft April Security Updates for Multiple High-Risk Product Vulnerabilities

abril 25, 2021 | Jie Ji

Vulnerability Description On April 14, 2020, Microsoft released April 2020 Security Updates that fix 114 vulnerabilities, including high-risk remote code execution and privilege escalation, in various products like Microsoft Windows, Office, Edge (Chromium-based), Visual Studio Code, Microsoft Exchange Server, Visual Studio, and Azure. In these security updates, Microsoft fixes 19 critical vulnerabilities and 88 important […]

OpenSSL Denial-of-Service and Certificate Bypass Check Vulnerabilities (CVE-2021-3449/CVE-2021-3450) Threat Alert

abril 12, 2021 | Jie Ji

Vulnerability Description On March 26, 2021, NSFOCUS detected that OpenSSL issued a security advisory fixing a denial-of-service vulnerability and a certificate check bypass vulnerability (CVE-2021-3449/CVE-2021-3450) in OpenSSL products. Currently, the proof of concept (PoC) of this vulnerability has been made publicly available. Relevant users are advised to take protective measures as soon as possible. CVE-2021-3449: […]

Adobe ColdFusion Remote Code Execution Vulnerability (CVE-2021-21087) Threat Alert

abril 8, 2021 | Jie Ji

Vulnerability Description On March 23, 2021, NSFOCUS detected that Adobe released a security bulletin fixing a code execution vulnerability (CVE-2021-21087). Due to improper sanitization of user inputs, unauthenticated attackers could execute arbitrary code on the target server by sending a crafted, malicious request to the ColdFusion server. Adobe ColdFusion is a rapid application development platform. […]

Apache Solr Arbitrary File Read and SSRF Vulnerability Threat Alert

março 29, 2021 | Jie Ji

Vulnerability Description Recently, NSFOCUS detected that an Apache Solr arbitrary file read and server-side request forgery (SSRF) vulnerability was disclosed on the Internet. Since authentication was disabled by default when Apache Solr was installed, unauthenticated attackers could turn on requestDis patcher.requestParsers.enableRemoteStreaming via the Config API, thereby exploiting the vulnerability to read files. Currently, the proof […]

XStream Multiple High-Risk Vulnerabilities Threat Alert

março 25, 2021 | Jie Ji

Vulnerability Description Recently, NSFOCUS detected that XStream released security advisories disclosing 11 security vulnerabilities in its products. An attacker could exploit these vulnerabilities to conduct DoS and SSRF attacks, delete arbitrary files, and lead to arbitrary RCE. XStream is a tool for converting between Java objects and XML. When serializing JavaBeans or deserializing XML files, […]

F5 BIG-IP/BIG-IQ High-Risk Vulnerabilities Threat Alert

março 24, 2021 | Jie Ji

Vulnerability Description On March 11, NSFOCUS observed that F5 released a security bulletin to announce the fix of multiple high-risk vulnerabilities, CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, and CVE-2021-22992, which affect BIG-IP and BIG-IQ in F5. Users are advised to take preventive measures as soon as possible. BIG-IP is an F5 application delivery platform that […]