Monthly Archives: April 2020

Adobe Fixes ‘Important’ Flaws in ColdFusion, After Effects and Digital Editions – Threatpost

While Adobe’s regularly scheduled security updates were light this month, they fixed “important” severity vulnerabilities. Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. If exploited, the flaws could enable attackers to view sensitive data, gain escalated privileges, and launch denial-of-service attacks. Each of the bugs were rated important-severity, based on CVSS rankings, marking an extremely low-volume month for Adobe bug fixes. Overall Adobe patched flaws tied to five CVEs as part of its regularly scheduled security updates, Tuesday. That number pales in comparison to March, where Adobe patched flaws… Source link

Read More »

April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion

This month’s Microsoft Patch Tuesday addresses 113 vulnerabilities with 19 of them labeled as Critical. The 19 Critical vulnerabilities cover Adobe Font Manager Library (0-day), SharePoint, Hyper-V, Scripting Engines, Media Foundation, Microsoft Graphics, Windows Codecs, and Dynamics Business Central. Adobe released patches today for ColdFusion, After Effects, and Digital Editions. Workstation Patches The Scripting Engine, Adobe Font Manager Library, Media Foundation, Microsoft Graphics, and Windows Codecs patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users. Windows Kernel Privilege Escalation While listed as Important,… Source link

Read More »

April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit – Threatpost

Microsoft issued 113 patches in a big update, unfortunately for IT staff already straining under WFH security concerns. Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. It’s a doozie, with the tech giant disclosing 113 vulnerabilities. Out of these, 19 are rated as critical, and 94 are rated as important. Crucially, four of the vulnerabilities are being exploited in the wild; and two of them were previously publicly disclosed. In all, the update includes patches for Microsoft Windows, Microsoft Edge (EdgeHTML-based and the Chromium-based versions), ChakraCore, Internet Explorer, Microsoft Office and Microsoft Office Services… Source link

Read More »