- There were a significant number of updates released this month from multiple vendors. Microsoft released updates for 123 vulnerabilities , Adobe released five and Oracle released 433. There were also honorable mentions from Google and Firefox.
- Microsoft patched a critical vulnerability in the DNS Server component that with a CVSS Score of 10 (the highest available) that could allow a remote attacker full system level privileges on a vulnerable system. The vulnerability has been given the codename SigRed.
- Microsoft has acknowledged a problem with a recent update to Outlook, causing Outlook to crash (repeatedly) after the update.
- Criminals continue taking advantage of the large number of workers currently working from home, away from the protection of corporate firewalls with relatively low skilled attacks.
- Wells Fargo has joined the growing number of organizations officially banning TikTok from company devices, citing security concerns.
Microsoft released updates to address 123 vulnerabilities this month including 17 that it deems critical. One of the critical updates (CVE-2020-1350) has a CVSS Score of 10.0 (the highest available), requires no user interaction to exploit and grants the attacker full system privileges. As of this article, Proof of Concept (PoC) code is not yet available but it’s reasonable to assume that it will be made available very soon. Additional critical updates addressed problems in the GDI (CVE-2020-1435, CVSS 8.8, which seems kindof low in light of CVE-2020-1350) and Hyper-V (CVE-2020-1036 , no CVSS assigned yet). Users are encouraged to update immediately or as soon as possible.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.
Adobe had a relatively lackluster update offering this month, releasing updates for just five products including Download Manager, Cold Fusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application. The vulnerabilities range from important to critical and users are encouraged to patch as soon as is feasible.
Additional details on this months Adobe updates are available from Adobe.
Oracle released it’s July 2020 Patch Update Advisory , patching a total of 433 vulnerabilities. Additional information is available from the Oracle website here.
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.