SecureTeam

Critical Microsoft DNS RCE Vulnerability

Microsoft has released a patch to resolve a critical remote code execution vulnerability that has lived in the DNS server code for 17 years. A blog post from the Microsoft Security Response Centre states: Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw […]

Critical Microsoft DNS RCE Vulnerability Read More »

Critical SAP Vulnerability Patched

News, Vulnerabilities / Ian Reynolds

The July patch bundle from SAP includes a critical patch to resolve a vulnerability in the NetWeaver application server which could allow an unauthenticated attacker to gain unrestricted access to the SAP environment and database. According to the description for the vulnerability recorded as CVE CVE-2020-6287 : SAP NetWeaver AS JAVA (LM Configuration Wizard), versions

Critical SAP Vulnerability Patched Read More »

F5 BIG-IP hit by Critical RCE Vulnerability

Vulnerabilities / Ian Reynolds

Enterprise security provider F5 has disclosed details of a critical vulnerability affecting their BIG-IP systems used by governments and global enterprises. The flaw in the Traffic Management User Interface of the BIG-IP Application Delivery Controller allows an unauthenticated attacker to perform remote code execution. The vulnerability ( CVE-2020-5902) is rated the top CVSS rating of 10/10

F5 BIG-IP hit by Critical RCE Vulnerability Read More »

Netgear SOHO Router Vulnerabilities

News, Vulnerabilities / Ian Reynolds

A Zero-Day Remote Code Execution vulnerability affects 79 different Netgear routers With the significant increase in home-working due to the COVID pandemic, the security of home workers’ connectivity is under scrutiny. Security researchers have detailed a serious vulnerability in the firmware of many Netgear routers popular in small and home office set-ups. The vulnerability exists

Netgear SOHO Router Vulnerabilities Read More »

VideoLAN patches RCE vulnerability in VLC

News, Vulnerabilities / Ian Reynolds

VideoLAN has released a patch for their popular VLC Media player software to resolve a remote code execution vulnerability The VLC open source media player is widely used in domestic and enterprise environments for playback of all kinds of video files and digital signage applications. In a security bulletin, the developer state that: If successful, a malicious

VideoLAN patches RCE vulnerability in VLC Read More »

Record breaking June Patch Tuesday

News, Vulnerabilities / Ian Reynolds

In June 2020 Microsoft’s Patch Tuesday fixes a record 129 defects and vulnerabilities in its software – with a further 19 patches in the June Microsoft Office patch bundle. This continues a recent trend of ever-increasing numbers of patches included in the monthly updates from Microsoft (the two previous highest number of patches were in

Record breaking June Patch Tuesday Read More »

Microsoft patches zero-day flaws

News, Uncategorized, Vulnerabilities / Ian Reynolds

April’s patch Tuesday release from Microsoft includes fixes for three zero-day vulnerabilities in Windows that are under active attack. CVE-2020-1020 is a flaw in the Windows Adobe Type Manager Library. According to Microsoft: For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10,

Microsoft patches zero-day flaws Read More »

Windows zero day RCE vulnerabilities under attack

News, Vulnerabilities / Ian Reynolds

Microsoft warns that attackers are targeting two zero-day remote code execution vulnerabilities that exist in all versions of Windows – and a fix is not expected until the April patch Tuesday. The vulnerabilities exist in the Adobe Type Manager library which is a standard Windows component used primarily by Windows Explorer to display previews of

Windows zero day RCE vulnerabilities under attack Read More »

Microsoft patches critical SMB flaw

News, Vulnerabilities / Ian Reynolds

Microsoft has released a patch to fix a remote code execution flaw in the SMB protocol affecting Windows 10 PC and their servers. SMB is used by Active Directory, for network file sharing and some printers. Microsoft have published a security advisory which details the scope of the flaw. The problem is the way the SMBv3

Microsoft patches critical SMB flaw Read More »

Linux PPP RCE vulnerability

News, Vulnerabilities / Ian Reynolds

A remote code execution vulnerability has been discovered in all version of the Point-to-Point Protocol included on Linux systems for the last 17 years. The vulnerability allows an unauthenticated attacker to send a specially crafted packet to the PPP daemon (pppd), force a buffer overflow and execute arbitrary code. The PPP protocol is used for

Linux PPP RCE vulnerability Read More »

Vulnerabilities

Critical Microsoft DNS RCE Vulnerability

Critical SAP Vulnerability Patched

F5 BIG-IP hit by Critical RCE Vulnerability

Netgear SOHO Router Vulnerabilities

VideoLAN patches RCE vulnerability in VLC

Record breaking June Patch Tuesday

Microsoft patches zero-day flaws

Windows zero day RCE vulnerabilities under attack

Microsoft patches critical SMB flaw

Linux PPP RCE vulnerability

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch