It was starting to feel like Intel was overdue for serious Management Engine ( ME ) vulnerabilities . But this week , researchers at Positive Technologies revealed Vulnerability-related.DiscoverVulnerability a new security flaw in the subsystem that could let attackers compromise its MFS file system . Intel has released Vulnerability-related.PatchVulnerability updates to address Vulnerability-related.PatchVulnerability the problem , though , so Intel CPU owners should make sure their firmware is up-to-date . ME has become a repeated source of problems for Intel and its customers . The utility is a chip-on-a-chip that allows IT managers to remotely access company PCs with tools like Intel 's Active Management Technology ( AMT ) . ME has its own network interface , memory , operating system and file system ( MFS ) that are kept separate from the main system in a bid to prevent it from allowing hackers to access ostensibly secure information . The problem is that researchers have discovered Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in ME over the last few years ; Positive Technologies revealed Vulnerability-related.DiscoverVulnerability one in 2017 that allowed full takeover of ME via USB ( it 's since been fixed Vulnerability-related.PatchVulnerability ) . Now , it 's revealed Vulnerability-related.DiscoverVulnerability another one that allows someone with physical access to a system to compromise ME and `` manipulate the state of MFS and extract important secrets '' with the ability to `` add files , delete files and change their protection attributes . '' Positive Technologies said the attack can be used to learn four keys MFS uses to secure data -- the Intel Integrity Key , Non-Intel Integrity Key , Intel Confidentiality Key and Non-Intel Confidentiality Key -- that were supposed to be protected via a firmware update Intel released Vulnerability-related.PatchVulnerability in 2017 . Positive Technologies explained how someone with physical access to the system could bypass that patch to compromise those keys in its blog post : `` Positive Technologies expert Dmitry Sklyarov discovered Vulnerability-related.DiscoverVulnerability vulnerability CVE-2018-3655 , described in advisory Intel-SA-00125 . He found that Non-Intel Keys are derived from two values : the SVN and the immutable non-Intel root secret , which is unique to each platform . By using an earlier vulnerability to enable the JTAG debugger , it was possible to obtain the latter value . Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version . ... Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value and therefore compromise the MFS security mechanisms that rely on these keys . '' Intel released Vulnerability-related.PatchVulnerability the Intel-SA-00125 firmware update to defend against this vulnerability on September 11 . But this is another point in favor of companies questioning -- or outright banning -- the use of ME in their systems . Purism avoids ME and the services it enables in its privacy-focused Librem notebooks , Google is working to remove ME from the Intel processors it uses and previous security flaws have raised concerns among consumers .

Adobe on Wednesday released Vulnerability-related.PatchVulnerability several unscheduled fixes for Flash Player , including a critical vulnerability that it said is being exploited Vulnerability-related.DiscoverVulnerability in the wild . The critical vulnerability , CVE-2018-15982 , is a use-after-free flaw enabling arbitrary code-execution in Flash . “ Adobe has released Vulnerability-related.PatchVulnerability security updates for Adobe Flash Player for Windows , macOS , Linux and Chrome OS , ” Adobe said in its release Vulnerability-related.PatchVulnerability . “ These updates address Vulnerability-related.PatchVulnerability one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer . Successful exploitation could lead to arbitrary code-execution and privilege-escalation in the context of the current user respectively. ” The flaw was discovered Vulnerability-related.DiscoverVulnerability by Chenming Xu and Ed Miles of Gigamon ATR . Researchers also outlined Vulnerability-related.DiscoverVulnerability the further technical details about the exploit of the vulnerability . Impacted Vulnerability-related.DiscoverVulnerability is Adobe Flash Player Desktop Runtime , Adobe Flash Player for Google Chrome ; Adobe Flash Player for Microsoft Edge and Internet Explorer 11 ; all for versions 31.0.0.153 and earlier . Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected Vulnerability-related.DiscoverVulnerability . Users of these impacted products can update Vulnerability-related.PatchVulnerability to version 32.0.0.101 , according to Adobe . Users of Adobe Flash Player Installer can update Vulnerability-related.PatchVulnerability to version 31.0.0.122 . Adobe also patched Vulnerability-related.PatchVulnerability an important-rated insecure library loading ( via DLL hijacking ) vulnerability , CVE-2018-15983 , that could lead to privilege escalation via Adobe Flash . This is only the latest exploit to hit Adobe Flash – earlier in June , a zero-day Flash vulnerability was is being exploited Vulnerability-related.DiscoverVulnerability in the wild in targeted attacks against Windows users in the Middle East , according to researchers . Adobe dealt with another zero-day Flash vulnerability back in February , which was exploited Vulnerability-related.DiscoverVulnerability by North Korean hackers .

Samba has released Vulnerability-related.PatchVulnerability security updates addressing Vulnerability-related.PatchVulnerability a possible avenue for DoS attacks and attackers changing administrator passwords . Samba 4 users should update now . Open source server platform Samba has issued Vulnerability-related.PatchVulnerability patches for two critical vulnerabilities that could be used to launch denial-of-service attacks or allow anyone to change user and administrator passwords . Samba is a free , open source interoperability suite that extends Windows file and print services to Unix and Linux machines . Businesses that run Unix/Linux and Windows side by side frequently use Samba to link the two operating systems together , making any risk to the security and stability of Samba a serious risk . The vulnerabilities in question Vulnerability-related.DiscoverVulnerability , CVE-2018-1050 and CVE-2018-1057 , are both serious risks for anyone using Samba . If your business has a Samba implementation it 's highly recommended that you install the applicable security updates . What the Samba vulnerabilities can do The first vulnerability , 1050 , affects Vulnerability-related.DiscoverVulnerability all Samba instances version 4.0.0 and up . More specifically , it only affects Vulnerability-related.DiscoverVulnerability version 4.0.0 and up Samba installations that are also running their Remote Procedure Call ( RPC ) Spool Subsystem Service ( spoolss ) as an external daemon ( RPC spoolss is configured to internal by default ) . If the RPC spoolss misses an input sanitization check it can cause the print spooler to crash , effectively killing the ability for anyone using Samba to send files to a printer . The second vulnerability , 1057 , is a far greater risk to Samba security . Like 1050 , it affects Vulnerability-related.DiscoverVulnerability all Samba installations version 4.0.0 and up and allows users to change the passwords of other users , including those with admin rights . 1057 's problem stems from a problem with how Samba Active Directory domain controllers handle permission validations using the lightweight directory access protocol ( LDAP ) . `` The LDAP server incorrectly validates certain LDAP password modifications against the 'Change Password ' privilege , but then performs a password reset operation , '' Samba said . This vulnerability only affects Vulnerability-related.DiscoverVulnerability Samba installations being used as Active Directory domain controllers , so those using Samba in non-domain control roles do n't need to be concerned . If you are using Samba as an AD DC and ca n't install the security patch yet , there is a workaround Samba says you can put in place as a temporary protection measure : revoking password change permissions for `` the world '' group .

Microsoft has rolled-out Vulnerability-related.PatchVulnerability security updates to fix Vulnerability-related.PatchVulnerability a critical remote code execution flaw affecting Vulnerability-related.DiscoverVulnerability Windows Defender and other anti-malware products . Ahead of April 's Patch Tuesday , Microsoft has released Vulnerability-related.PatchVulnerability patches for the critical flaw , which affects Vulnerability-related.DiscoverVulnerability Microsoft Malware Protection Engine , or mpengine.dll , the core of Windows Defender in Windows 10 . `` An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability this vulnerability could execute arbitrary code in the security context of the LocalSystem Account and take control of the system , '' warns Microsoft . `` An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . '' Google Project Zero researcher Thomas Dullien , aka Halvar Flake , discovered Vulnerability-related.DiscoverVulnerability that attackers can trigger a memory-corruption issue in the engine if they can get Windows Defender and other affected Vulnerability-related.DiscoverVulnerability security products to scan a specially-crafted file . Microsoft warns there are many ways an attacker could achieve this , including placing the file on a website , in an email or instant message , on any site that hosts files , or in a shared directory . As with similar vulnerabilities reported Vulnerability-related.DiscoverVulnerability last year by the UK 's National Cyber Security Centre ( NCSC ) and Project Zero , an attack would be instant if the affected antivirus has real-time protection enabled . Although the patch is being released Vulnerability-related.PatchVulnerability before Microsoft 's monthly security update , the bug , CVE2018-0986 , is not an out-of-band patch as Microsoft updates Vulnerability-related.PatchVulnerability the engine as needed . Microsoft also notes that the default configuration for Microsoft 's anti-malware products in the enterprise is to automatically receive Vulnerability-related.PatchVulnerability updates .

The two vulnerabilities are critical remote code execution flaws that exist in Vulnerability-related.DiscoverVulnerability Adobe Photoshop CC . Adobe hurried out Vulnerability-related.PatchVulnerability unscheduled patches today for two critical flaws that could enable remote code-execution in Photoshop CC . The patches impact Vulnerability-related.PatchVulnerability two memory corruption vulnerabilities in Adobe Photoshop products , including Photoshop CC 2018 ( v 19.1.6 ) and Photoshop CC 2017 ( v 18.1.6 ) , both for Windows and macOS . The release comes Vulnerability-related.PatchVulnerability only a week after the company fixed Vulnerability-related.PatchVulnerability a slew of glitches last Patch Tuesday . “ Adobe has released Vulnerability-related.PatchVulnerability updates for Photoshop CC for Windows and macOS , ” the company said in a Wednesday security bulletin . “ These updates resolve Vulnerability-related.PatchVulnerability critical vulnerabilities in Photoshop CC 19.1.5 and earlier 19.x versions , as well as 18.1.5 and earlier 18.x versions . Successful exploitation could lead to arbitrary code-execution in the context of the current user. ” Both vulnerabilities ( CVE-2018-12810 ) and ( CVE-2018-12811 ) are critical remote code-execution flaws , according to the advisory , but further details around both flaws are not available . Kushal Arvind Shah of Fortinet ’ s FortiGuard Labs was credited with reporting Vulnerability-related.DiscoverVulnerability the two flaws . Adobe said impacted users need to apply Vulnerability-related.PatchVulnerability the fixes to the affected versions of Photoshop by updating to version 19.1.6 ( via the applications ’ update mechanism ) . Last week , Adobe released Vulnerability-related.PatchVulnerability 11 total fixes for an array of products , including two critical patches for Acrobat and Reader for Windows and macOS . Exploitation of those two vulnerabilities could lead to arbitrary code execution in the context of the current user . Adobe said in an email that it is not aware of any exploits in the wild for the flaws . The update is a priority 3 in severity , meaning that it resolves vulnerabilities in a product that has historically not been a target for attackers , according to the company ’ s ranking system . In this case I would expect there may have been a disclosure deadline and the release did not make this month ’ s typical release cycle but needed to release before September ’ s release cycle . ”

Adobe has released Vulnerability-related.PatchVulnerability a priority update to plug Vulnerability-related.PatchVulnerability a critical security flaw in its popular Flash Player on Windows . As per an official announcement by the company , the latest patch will address Vulnerability-related.PatchVulnerability issues in Adobe Flash Player 29.0.0.171 and other earlier versions . The vulnerabilities , according to Adobe , are being used by hackers to embed malicious content distributed via email . Security firm Icebrg on Thursday announced Vulnerability-related.DiscoverVulnerability that a zero-day vulnerability has led to exploitation in Adobe Flash specifically targeted towards users in the Middle East . The vulnerability ( CVE-2018-5002 ) enables attackers to execute certain actions by executing code on the victims ' computers . As per the blog post , the exploit uses a Microsoft Office document for the attack . To circumvent the fact that Adobe Flash is blocked on most browsers , the exploit involves loading Flash Player from within Microsoft Office . The flaw was reported Vulnerability-related.DiscoverVulnerability by Icebrg in collaboration with Qihoo 360 Core Security . `` While this attack leveraged a zero-day exploit , individual attacker actions do not happen in isolation . There are several other behavioural aspects that can be used for detection . Any single observable might be low confidence but multiple observables clustered might be indicative of suspicious or malicious activity , '' said Icebrg staff in its blog post . Of course , this is not the first instance wherein Flash Player 's vulnerabilities have been exploited Vulnerability-related.DiscoverVulnerability . Back in October last year , the company had issued Vulnerability-related.PatchVulnerability a security patch to fix Vulnerability-related.PatchVulnerability a critical leak . Users have been strongly recommended to update Adobe Flash in order to avoid any such vulnerabilities seeping into your machines . The update , however , is not a guarantee towards protection against future discrepancies . It is thus advised to enable flash on only a secondary browser that is not used majorly on the computer .

Oracle has released Vulnerability-related.PatchVulnerability a critical patch update addressing Vulnerability-related.PatchVulnerability more than 300 vulnerabilities across several of its products – including one flaw with a CVSS 3.0 score of 10 that could allow the takeover of the company ’ s software package , Oracle GoldenGate . Of the 301 security flaws that were fixed Vulnerability-related.PatchVulnerability in this month ’ s Oracle patch , 45 had a severity rating of 9.8 on the CVSS scale . “ Due to the threat posed by a successful attack , Oracle strongly recommends that customers apply Vulnerability-related.PatchVulnerability Critical Patch Update fixes as soon as possible , ” the company said in its Tuesday advisory . The highest-severity flaw ( CVE-2018-2913 ) lies in Vulnerability-related.DiscoverVulnerability the Monitoring Manager component of Oracle GoldenGate , which is the company ’ s comprehensive software package that allows data to be replicated in heterogeneous data environments . According to the National Vulnerability Database , the glitch is an easily exploitable vulnerability that allows unauthenticated attacker with network access via the TCP protocol to compromise Oracle GoldenGate . The flaw was discovered Vulnerability-related.DiscoverVulnerability by Jacob Baines , a researcher with Tenable . “ CVE-2018-2913 is a stack buffer overflow in GoldenGate Manager , ” Baines told Vulnerability-related.DiscoverVulnerability Threatpost . “ The Manager listens on port 7809 where it accepts GoldenGate Software Command Interface ( GGSCI ) commands . Tenable found that a remote unauthenticated attacker can trigger a stack buffer overflow by sending a GGSCI command that is longer than expected. ” The attack is not complex and a bad actor could be remote and unauthenticated . Making matters worse , an attacker could compromise other products after initially attacking GoldenGate , the advisory warned . “ While the vulnerability is in Oracle GoldenGate , attacks may significantly impact additional products , ” the note said Vulnerability-related.DiscoverVulnerability . “ Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. ” The flaw impacts Vulnerability-related.DiscoverVulnerability versions 12.1.2.1.0 , 12.2.0.2.0 , and 12.3.0.1.0 in Oracle GoldenGate . Currently no working exploits for the flaw have been discovered Vulnerability-related.DiscoverVulnerability in the wild , according to the release . It should be noted that For Linux and Windows platforms , the flaw ’ s CVSS score is 9.0 because the access complexity is lower ( only rated high , not critical ) ; while for all other platforms , the CVSS score is a critical 10 . Two other flaws were also discovered Vulnerability-related.DiscoverVulnerability in Oracle GoldenGate ( CVE-2018-2912 and CVE-2018-2914 ) , with ratings of 7.5 on the CVSS scale ; those vulnerabilities weren ’ t nearly as severe . “ All of these vulnerabilities may be remotely exploitable without authentication , i.e. , may be exploited Vulnerability-related.DiscoverVulnerability over a network without requiring user credentials . ”

Adobe has released Vulnerability-related.PatchVulnerability updates fixing Vulnerability-related.PatchVulnerability a long list of security vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in the Mac and Windows versions of Acrobat and Reader . In total , the first October update brings 85 CVEs , including 47 rated as ‘ critical ’ with the remaining 39 classified as ‘ important ’ . It ’ s too early to get much detail on the flaws but those rated critical break down as 46 allowing code execution and one allowing privilege escalation . The majority of the flaws rated important involve out-of-bounds read issues leading to information disclosure . As far as Adobe is aware , none are being actively exploited . The update you should download depends on which version you have installed : For most Windows or Mac users it ’ ll be either Acrobat DC ( the paid version ) or Acrobat Reader DC ( free ) so look for update version 2019.008.20071 . For anyone on the classic Acrobat 2017 or Acrobat Reader DC 2017 , it ’ s version 2017.011.30105 . Those on the even more classic Acrobat DC ( 2015 ) or Acrobat Reader DC ( 2015 ) it ’ s version 2015.006.30456 . Anyone who still has the old Acrobat XI or Reader XI on their computer , the last version was 11.0.23 when support for this ended a year ago . A sign of success ? There was a time when having to patch Vulnerability-related.PatchVulnerability so many flaws in a small suite of products from one company would have been seen as a failure . Arguably , these days , it ’ s a sign of success – researchers are devoting the time to finding Vulnerability-related.DiscoverVulnerability vulnerabilities before the bad guys do and Adobe is turning around fixes . What ’ s surprising is that despite crediting every one of them ( and it ’ s quite a list ) , the company doesn ’ t seem to have a formal bug bounty reward program other than the separate web applications program run via third party company , HackerOne . If Adobe ’ s 85 vulnerabilities sounds excessive , have some sympathy for users of the rival Foxit PDF Reader and Foxit PhantomPDF programs . Foxit last week released what appears to be Vulnerability-related.DiscoverVulnerability 116 vulnerabilities of their own ( confusingly , many of which are not yet labelled with CVEs Vulnerability-related.DiscoverVulnerability ) . For some reason , the number of flaws being found Vulnerability-related.DiscoverVulnerability in Foxit ’ s programs has surged this year , reaching 183 before this September ’ s count , compared to 76 for the whole of 2017 . As for Adobe , these updates are unlikely to be the last we hear of the company this month – expect the usual flaws to be patched Vulnerability-related.PatchVulnerability in Adobe ’ s legacy Flash plug-in when Microsoft releases Vulnerability-related.PatchVulnerability its Windows Patch Tuesday on 9 October .

Oracle has released Vulnerability-related.PatchVulnerability a wide-ranging security update to address Vulnerability-related.PatchVulnerability more than 300 CVE-listed vulnerabilities in its various enterprise products . The October release covers the gamut of Oracle 's offerings , including its flagship Database , E-Business Suite , and Fusion Middleware packages . For Database , the update addresses Vulnerability-related.PatchVulnerability a total of three flaws . Two of the vulnerabilities ( CVE-2018-3259 and CVE-2018-3299 ) can be remotely exploited Vulnerability-related.DiscoverVulnerability without authentication , while the third , CVE-2018-7489 , would require the user to have a Rapid Home Provisioning account to execute and is considered by far the least severe of the three . Oracle noted Vulnerability-related.DiscoverVulnerability that all three bugs only impact Vulnerability-related.DiscoverVulnerability the server versions of Database , user clients are not considered to be vulnerable Vulnerability-related.DiscoverVulnerability . For Fusion Middleware , the update will include a total of 56 CVE-listed flaws , including 12 that are remotely exploitable with CVSS base scores of 9.8 , meaning an exploit would be fairly easy to pull off and offer near total control of the target machine . Of those 12 , five were for critical flaws in WebLogic Server . Java SE will get Vulnerability-related.PatchVulnerability 12 security fixes , with all but one being for remotely exploitable vulnerabilities in that platform . Oracle notes Vulnerability-related.DiscoverVulnerability that though the CVSS scores for the flaws are fairly high , Solaris and Linux machines running software with lower user privileges will be considered to be at a lower risk than Windows environments that typically operate with admin privileges . MySQL was the target of 38 CVE-listed bug fixes this month , through just three of those are remotely exploitable . The two most serious , CVE-2018-11776 and CVE-2018-8014 , concern remote code flaws in MySQL Enterprise Monitor . PeopleSoft will see 24 bug fixes , 21 of which can be remotely targeted and seven that would not require any user interaction . Just one of the 24 flaws was given a CVSS base score higher than 7.2. in the Oracle listing . Sun products were the subject of 19 security fixes , including two remote code execution flaws in XCP Firmware . libssh bug more like `` oh SSH… '' Once admins get Vulnerability-related.PatchVulnerability the Oracle patches in place , they will want to take a close look at the write-up for CVE-2018-10933 , an authentication bypass for libssh that would allow an attacker to get into a target machine by sending a `` SSH2_MSG_USERAUTH_SUCCESS '' message when it expects a `` SSH2_MSG_USERAUTH_REQUEST '' message . That means any miscreant can log in without a password or other credential . As you can imagine , this is a very bad thing . Fortunately , the bug does not affect OpenSSH – and thus does not affect the hugely widespread sshd and ssh tools – but rather applications , such as KDE and XMBC , that use libssh as a dependency .

Cisco patches Vulnerability-related.PatchVulnerability a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has released Vulnerability-related.PatchVulnerability patches for 34 vulnerabilities mostly affecting Vulnerability-related.DiscoverVulnerability its IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has released Vulnerability-related.PatchVulnerability a patch for is critical bug CVE-2018-0171 affecting Vulnerability-related.DiscoverVulnerability Smart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that found Vulnerability-related.DiscoverVulnerability the flaw , initially believed it could only be exploited Vulnerability-related.DiscoverVulnerability within an enterprise 's network . However , it found Vulnerability-related.DiscoverVulnerability millions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also published Vulnerability-related.DiscoverVulnerability proof-of-concept exploit code , so it probably will be urgent for admins to patch Vulnerability-related.PatchVulnerability . An attacker can exploit the bug by sending Attack.Phishing a crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discovered Vulnerability-related.DiscoverVulnerability the flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reported Vulnerability-related.DiscoverVulnerability it to Cisco in September . Cisco 's internal testing also turned up Vulnerability-related.DiscoverVulnerability a critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warns Vulnerability-related.DiscoverVulnerability that an attacker could use this account to remotely connect to a device running the software . Cisco engineers also found Vulnerability-related.DiscoverVulnerability CVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .

Cisco patches Vulnerability-related.PatchVulnerability a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has released Vulnerability-related.PatchVulnerability patches for 34 vulnerabilities mostly affecting Vulnerability-related.DiscoverVulnerability its IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has released Vulnerability-related.PatchVulnerability a patch for is critical bug CVE-2018-0171 affecting Vulnerability-related.DiscoverVulnerability Smart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that found Vulnerability-related.DiscoverVulnerability the flaw , initially believed it could only be exploited Vulnerability-related.DiscoverVulnerability within an enterprise 's network . However , it found Vulnerability-related.DiscoverVulnerability millions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also published Vulnerability-related.DiscoverVulnerability proof-of-concept exploit code , so it probably will be urgent for admins to patch Vulnerability-related.PatchVulnerability . An attacker can exploit the bug by sending Attack.Phishing a crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discovered Vulnerability-related.DiscoverVulnerability the flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reported Vulnerability-related.DiscoverVulnerability it to Cisco in September . Cisco 's internal testing also turned up Vulnerability-related.DiscoverVulnerability a critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warns Vulnerability-related.DiscoverVulnerability that an attacker could use this account to remotely connect to a device running the software . Cisco engineers also found Vulnerability-related.DiscoverVulnerability CVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .

Microsoft releases Vulnerability-related.PatchVulnerability Intel 's microcode updates , including one to address Vulnerability-related.PatchVulnerability the recently revealed Foreshadow flaw . Microsoft has released Vulnerability-related.PatchVulnerability a set of new microcode patches from Intel that address Vulnerability-related.PatchVulnerability Spectre vulnerabilities , as well as the recently disclosed Foreshadow attacks . The updates are available Vulnerability-related.PatchVulnerability for all supported versions of Windows 10 and Windows Server . As noted on the support page for Windows 10 version 1803 , the microcode updates include mitigations for Spectre Variant 3a , CVE-2018-3640 , Spectre Variant 4 , CVE-2018-3639 , as well as two of the Foreshadow bugs , CVE-2018-3615 and CVE-2018-3646 , which are also known as Vulnerability-related.DiscoverVulnerability L1TF or 'L1 Terminal Fault ' . As Microsoft recently highlighted Vulnerability-related.DiscoverVulnerability , Windows machines with affected Intel CPUs will need microcode as well as software patches to mitigate Vulnerability-related.PatchVulnerability the Foreshadow attacks . Microsoft began helping Intel deliver Vulnerability-related.PatchVulnerability its microcode updates after Intel first started addressing Vulnerability-related.PatchVulnerability the Meltdown and Spectre CPU flaws in January . The microcode updates help mitigate Vulnerability-related.PatchVulnerability Spectre Variant 2 , CVE-2017-5715 . Foreshadow includes CVE-2018-3615 , which affects Vulnerability-related.DiscoverVulnerability Intel 's Software Guard Extensions ( SGX ) enclaves , while CVE-2018-3620 affects Vulnerability-related.DiscoverVulnerability operating systems and System Management Mode ( SMM ) memory . CVE-2018-3646 impacts Vulnerability-related.DiscoverVulnerability virtualization . Microsoft made Vulnerability-related.PatchVulnerability the updates , all dated 8/20/2018 , available Vulnerability-related.PatchVulnerability on the Microsoft Update Catalog this week .

Google has released Vulnerability-related.PatchVulnerability the September 2018 Android security update for the supported Nexus and Pixel devices . The September Android security update fixes Vulnerability-related.PatchVulnerability as many as 59 issues through two different patch levels and comes as the first update for the devices running Android 9.0 Pie that the search giant released Vulnerability-related.PatchVulnerability as its latest Android version last month . It addresses Vulnerability-related.PatchVulnerability vulnerabilities ranging from high to critical . However , Google , as usual , assures that there are no reports of users being affected Vulnerability-related.DiscoverVulnerability by the security issues that have been fixed Vulnerability-related.PatchVulnerability through the new update . The list of compatible devices for the September Android security update includes Pixel 2 ₹ 38,499 , Pixel 2 XL ₹ 36,950 , Pixel , Pixel XL ₹ 66,991 , Pixel C , Nexus 5X , and Nexus 6P . Essential Products has also separately released Vulnerability-related.PatchVulnerability the newest Android security update for the Essential Phone . Detailing the fixes , Google in the latest security bulletin notes that the September Android security patch level dated 2018-09-01 addresses Vulnerability-related.PatchVulnerability 24 issues , while the security patch level dated 2018-09-05 fixes Vulnerability-related.PatchVulnerability 35 issues . The update fixes Vulnerability-related.PatchVulnerability vulnerabilities range from high to critical , and the most severe in the list is a security issue related to the media framework that could let a remote attacker execute arbitrary code using a specially crafted file . Also , it fixes Vulnerability-related.PatchVulnerability issues within the Android runtime , framework , and library . Google has assured that there are no reports of any active customer exploitation or abuse through the reported issues . As per the dedicated bulletin for Google devices , the September Android security update includes 15 security fixes and three functional updates . The update improves Vulnerability-related.PatchVulnerability software version reporting and audio quality over car speakers on all Pixel devices .

Cisco has released Vulnerability-related.PatchVulnerability fixes for 34 flaws in its software , including 24 that affect Vulnerability-related.DiscoverVulnerability its FXOS software for Firepower firewalls and NX-OS software for Nexus switches . Cisco 's June updates include fixes for five critical arbitrary code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability FXOS and NX-OS and 19 high-rated flaws affecting Vulnerability-related.DiscoverVulnerability the software . Four of the critical flaws affect Vulnerability-related.DiscoverVulnerability FXOS and NX-OS Cisco Fabric Services , while the fifth one affects Vulnerability-related.DiscoverVulnerability the NX-API feature of NX-OS . All have a CVSS v3 score of 9.8 out of a maximum of 10 . Cisco Fabric Services facilitate distribution and synchronization of configuration data between Cisco devices on the same network . Some of the flaws allow an unauthenticated , remote attack to execute arbitrary code and one allows an attacker to do so as root . Multiple switches are vulnerable Vulnerability-related.DiscoverVulnerability if they 've been configured to use Cisco Fabric Services , including its Nexus 2000 series through to Nexus 9000 series switches , as well as Cisco 's Firepower 4100 Series Next-Gen Firewalls and other hardware . The insufficient input validation may occur when FXOS and NX-OS process Cisco Fabric Services packets received during distribution and synchronization . There are various ways to exploit each of the flaws , depending on what Cisco Fabric Services distribution types have been configured . For example , if Fibre Channel ports are configured as a distribution type for a device , the attack could occur via Fibre Channel over Ethernet ( FCoE ) or Fibre Channel over IP ( FCIP ) . Cisco has already rolled out Vulnerability-related.PatchVulnerability fixes in some releases of FXOS and NX-OS . Cisco posted a blog this week explaining why it often fixes Vulnerability-related.PatchVulnerability bugs in IOS and NX-OS releases before disclosing Vulnerability-related.DiscoverVulnerability them in an advisory . It 's a practice that appears to cause confusion for customers wondering why it has n't told them fixed code has been available Vulnerability-related.PatchVulnerability for several months before it discloses Vulnerability-related.DiscoverVulnerability them . Cisco 's answer is that some flaws affect Vulnerability-related.DiscoverVulnerability more than 50 versions of its software . `` There have been some questions as to why creating Vulnerability-related.PatchVulnerability fixes and releasing Vulnerability-related.PatchVulnerability updates can take several weeks , or sometimes even months , before an advisory is published , '' Cisco 's Customer Assurance Security Programs team wrote . `` In some cases , there is a large number of supported software versions to be updated . The number of affected versions that will be updated Vulnerability-related.PatchVulnerability can range from single digits to nearly 50 or more . We are committed to issuing Vulnerability-related.PatchVulnerability fixes for every one of those supported versions . '' `` If we disclosed Vulnerability-related.DiscoverVulnerability the vulnerability after only fixing Vulnerability-related.PatchVulnerability one release , we would unnecessarily expose all customers running Vulnerability-related.PatchVulnerability other releases to potential exploitation once details about the attack itself became public . '' There are also 10 medium-severity flaws , including one that affects Vulnerability-related.DiscoverVulnerability some WebEx endpoints due to an already disclosed flaw in Nvidia 's Tegra TX1 chips .

Cisco has released Vulnerability-related.PatchVulnerability a new patch designed to fix Vulnerability-related.PatchVulnerability a failed update which has not prevented the exploit of a severe Webex vulnerability . The original security flaw , CVE-2018-15442 , is present in Vulnerability-related.DiscoverVulnerability the Cisco Webex Meetings Desktop App for Windows and is described Vulnerability-related.DiscoverVulnerability as a bug which `` could allow an authenticated , local attacker to execute arbitrary commands as a privileged user . '' Cisco 's original security update was published Vulnerability-related.PatchVulnerability in October in order to remedy Vulnerability-related.PatchVulnerability the flaw , in which a lack of validation for user-supplied parameters in the app could be harnessed to exploit the bug . If an attacker is successful in utilizing the vulnerability , they can force the app to run arbitrary commands with user privileges . `` While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access , administrators should be aware that in Active Directory deployments , the vulnerability could be exploited Vulnerability-related.DiscoverVulnerability remotely by leveraging the operating system remote management tools , '' the company added . Software releases prior to 33.6.4 -- alongside Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.6 -- are impacted on Windows systems . It was not long after the release Vulnerability-related.PatchVulnerability of the first patch that researchers from SecureAuth deemed the original fix incomplete . The original patch only forced the service to run files signed by Webex , but failed to account for DLL-based attacks , according to the team . `` The vulnerability can be exploited Vulnerability-related.DiscoverVulnerability by copying to a local attacker controller folder , the ptUpdate.exe binary , '' the researchers said Vulnerability-related.DiscoverVulnerability in an advisory . `` Also , a malicious dll must be placed in the same folder , named wbxtrace.dll . To gain privileges , the attacker must start the service with the command line : sc start webexservice install software-update 1 `` attacker-controlled-path '' ( if the parameter 1 does n't work , then 2 should be used ) . '' These findings were sent to Cisco , which acknowledged the DLL attack method . A new patch was then issued Vulnerability-related.PatchVulnerability roughly a week after being informed Vulnerability-related.DiscoverVulnerability of the issue . `` After an additional attack method was reported to Cisco , the previous fix for this vulnerability was determined to be insufficient , '' Cisco says . `` A new fix was developed Vulnerability-related.PatchVulnerability , and the advisory was updated Vulnerability-related.PatchVulnerability on November 27 , 2018 , to reflect which software releases Vulnerability-related.PatchVulnerability include the complete fix . ''

Security biz Qualys has revealed Vulnerability-related.DiscoverVulnerability three vulnerabilities in a component of systemd , a system and service manager used in most major Linux distributions . Patches for the three flaws – CVE-2018-16864 , CVE-2018-16865 , and CVE-2018-16866 – should appear in Vulnerability-related.PatchVulnerability distro repos soon as a result of coordinated disclosure . However , Linux distributions such as Debian remain vulnerable Vulnerability-related.DiscoverVulnerability at the moment , depending on the version you have installed . `` They 're aware Vulnerability-related.DiscoverVulnerability of the issues and they 're releasing Vulnerability-related.PatchVulnerability patches , '' said Jimmy Graham , director of product management at Qualys , in a phone interview with The Register . `` I do n't believe Red Hat has released Vulnerability-related.PatchVulnerability one but it should be coming shortly . '' The bugs were found Vulnerability-related.DiscoverVulnerability in systemd-journald , a part of systemd that handles the collection and storage of log data . The first two CVEs refer to memory corruption flaws while the third involves an out of bounds error that can leak data . CVE-2018-16864 can be exploited Vulnerability-related.DiscoverVulnerability by malware running on a Linux box , or a malicious logged-in user , to crash and potentially hijack the systemd-journald system service , elevating access from user to root . CVE-2018-16865 and CVE-2018-16866 can be exploited Vulnerability-related.DiscoverVulnerability together by a local attacker to crash or hijack the root-privileged journal service . While systemd is n't universally beloved in the Linux community , Graham sees nothing unusual about the presence of the three flaws in the software . `` The noteworthiness to me is that it is very commonly found in most major distributions , '' he said . Qualys contends all systemd-based Linux distros are vulnerable Vulnerability-related.DiscoverVulnerability , though the vulnerabilities can not be exploited Vulnerability-related.DiscoverVulnerability in SUSE Linux Enterprise 15 , openSUSE Leap 15.0 , and Fedora 28 and 29 because their user-land code is compiled with GCC 's -fstack-clash-protection option . The security biz calls it a simplified stack clash – where the size of the stack gets changed to overlap with other memory areas – because it only requires the last two steps in a four step process : Clashing the stack with another memory region , moving the stack-pointer to the stack start , jumping over the stack guard-page into another memory region , and smashing the stack or memory space . The third bug , CVE-2018-16866 , appeared in Vulnerability-related.DiscoverVulnerability June 2015 ( systemd v221 ) and , Qualys says , was fixed Vulnerability-related.PatchVulnerability inadvertently in August 2018 . In code where the flaw still exists Vulnerability-related.DiscoverVulnerability , it could allow an attacker to read out of bounds information , resulting in information leakage . `` The risk [ of these issues ] is a local privilege escalation to root , '' said Graham . `` It 's something that should still be a concern because usually attackers do n't just use one vulnerability to comprise a system . They often chain vulnerabilities together . ''

Microsoft 's new Outlook 2010 update ought to provide Vulnerability-related.PatchVulnerability the critical security fixes without the crashes . Microsoft has released Vulnerability-related.PatchVulnerability a new update for Outlook 2010 that should plug Vulnerability-related.PatchVulnerability its critical security flaws without causing crashes . Microsoft earlier this week warned that the 64-bit version of the security update KB 4461529 from its November Patch Tuesday was causing Outlook 2010 crashes . Despite the crashes , Microsoft warned users not to remove the update , which plugged Vulnerability-related.PatchVulnerability four remote code execution flaws that it said were more likely be exploited Vulnerability-related.DiscoverVulnerability . Until a new update was released Vulnerability-related.PatchVulnerability Microsoft recommended users try Outlook Web Access instead . As spotted by Woody Leonhard , Microsoft this week released Vulnerability-related.PatchVulnerability KB 4461585 for Outlook 2010 , which includes patches for the four flaws and should n't trigger crashes . Microsoft confirmed it does fix Vulnerability-related.PatchVulnerability the crash issues caused by KB 4461529 . The fixed update can be downloaded Vulnerability-related.PatchVulnerability from Microsoft 's download center and not the Microsoft Update Catalog . Microsoft cautions the update is only for the .msi edition of Office 2010 and not for Office 365 Home . `` Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer ( .msi ) -based edition of Office 2010 . It does n't apply to the Office 2010 Click-to-Run editions , such as Microsoft Office 365 Home , '' Microsoft notes . Microsoft has set out instructions for checking which edition you have in a blogpost . There are no further updates available Vulnerability-related.PatchVulnerability for the Outlook 2010 non-security updates KB4461522 and KB2863821 , which Microsoft pulled on Vulnerability-related.PatchVulnerability November 15 because they were causing crashes in Access and other apps . Microsoft recommended users uninstall both the updates .

If you own a Google Pixel or Google Pixel XL , you ’ re probably wondering where your November security patch update is . Although most Google devices — including older Nexus devices — received Vulnerability-related.PatchVulnerability the patch at the beginning of the month as detailed below , the original Pixel lineup was left high and dry . Today , finally , the patch is here . You can wait for the OTA to hit your device , or you can use the links below to manually install . We ’ re not quite sure why this took so long , but hopefully , the December patch will be a bit more uniform . Right on schedule , Google has released Vulnerability-related.PatchVulnerability Android ’ s October security patch . As it ’ s the first update to make its way to the Pixel 3 and Pixel 3 XL , it should include some bug fixes . Unfortunately , it won ’ t resolve Vulnerability-related.PatchVulnerability the memory issues just yet . The November patch itself includes fixes for 17 security vulnerabilities . The most severe bugs included an issue in the media framework and the ability for a remote attacker to execute arbitrary code through a crafted file . Fortunately , Google doesn ’ t believe that either of these were used to harm users . The November security patch includes several bug fixes and improvements specifically for Pixel devices . As Google notes , this update should help with notification stability on Pixel 2 and Pixel 3 handsets as well as improve picture-in-picture performance on the four handsets . Sadly , the November security patch will likely be the last update pushed Vulnerability-related.PatchVulnerability to the Pixel C , Nexus 6P , and Nexus 5X . As Google only guarantees firmware upgrades for two years after a device is released and security patches for three , the search giant is no longer obligated to support the two phone or tablet . Of course , this doesn ’ t mean that your devices are no longer usable . Even if you no longer get official support from Google , there are large developer communities that build ROMs that brings Vulnerability-related.PatchVulnerability the latest security patches and Android features to all of Google ’ s abandoned devices . If you don ’ t want to wait for the November security patch to make its way to your phone , you can download the latest factory image or OTA file from the links below . From there , you can either flash a fresh build to your phone or sideload the OTA update . The November security patch is also making its way to the Essential Phone . In addition to the resolved issues addressed Vulnerability-related.PatchVulnerability above , this update brings support for the company ’ s Audio Adapter HD module .