A zero-day vulnerability present in Vulnerability-related.DiscoverVulnerability security cameras and surveillance equipment using Nuuo software is thought to impact Vulnerability-related.DiscoverVulnerability hundreds of thousands of devices worldwide . Researchers from cybersecurity firm Tenable disclosed Vulnerability-related.DiscoverVulnerability the bug , which has been assigned as CVE-2018-1149 . The vulnerability can not get much more serious , as it allows attackers to remotely execute code in the software , the researchers said in a security advisory on Monday . Nuuo , describing itself as a provider of `` trusted video management '' software , offers a range of video solutions for surveillance systems in industries including transport , banking , government , and residential areas . Dubbed `` Peekaboo , '' the zero-day stack buffer overflow vulnerability , when exploited Vulnerability-related.DiscoverVulnerability , allows threat actors to view and tamper with video surveillance recordings and feeds . It is also possible to use the bug to steal Attack.Databreach data including credentials , IP addresses , port usage , and the make & models of connected surveillance devices . Such a security vulnerability has wide-reaching , real-world consequences -- as criminals could compromise a surveillance camera feed , replace the footage with a static image , and raid a premises , for example . In addition , the bug could be used to fully disable cameras and surveillance products . Peekaboo specifically impacts Vulnerability-related.DiscoverVulnerability the NVRMini 2 NAS and network video recorder , which acts as a hub for connected surveillance products . When exploited , the product permitted access to the control management system ( CMS ) interface , which further exposes credentials of all connected video surveillance cameras connected to the storage system . Speaking to ZDNet , Gavin Millard , VP of threat intelligence at Tenable , said that organizations all over the world use Nuuo software , including in shopping centers , hospitals , banks , and public areas . However , therein lies the problem -- as the software is also white labeled to over 100 brands and 2,500 camera product lines . Tenable disclosed Vulnerability-related.DiscoverVulnerability the zero-day vulnerability to Nuuo . A patch has not been released Vulnerability-related.PatchVulnerability , but Nuuo is currently developing Vulnerability-related.PatchVulnerability a fix for deployment . A plugin has also been released Vulnerability-related.PatchVulnerability by Tenable for organizations to assess whether or not they are vulnerable Vulnerability-related.DiscoverVulnerability to Peekaboo . ZDNet has reached out to Nuuo and will update if we hear back .

Oracle has released Vulnerability-related.PatchVulnerability a critical patch update addressing Vulnerability-related.PatchVulnerability more than 300 vulnerabilities across several of its products – including one flaw with a CVSS 3.0 score of 10 that could allow the takeover of the company ’ s software package , Oracle GoldenGate . Of the 301 security flaws that were fixed Vulnerability-related.PatchVulnerability in this month ’ s Oracle patch , 45 had a severity rating of 9.8 on the CVSS scale . “ Due to the threat posed by a successful attack , Oracle strongly recommends that customers apply Vulnerability-related.PatchVulnerability Critical Patch Update fixes as soon as possible , ” the company said in its Tuesday advisory . The highest-severity flaw ( CVE-2018-2913 ) lies in Vulnerability-related.DiscoverVulnerability the Monitoring Manager component of Oracle GoldenGate , which is the company ’ s comprehensive software package that allows data to be replicated in heterogeneous data environments . According to the National Vulnerability Database , the glitch is an easily exploitable vulnerability that allows unauthenticated attacker with network access via the TCP protocol to compromise Oracle GoldenGate . The flaw was discovered Vulnerability-related.DiscoverVulnerability by Jacob Baines , a researcher with Tenable . “ CVE-2018-2913 is a stack buffer overflow in GoldenGate Manager , ” Baines told Vulnerability-related.DiscoverVulnerability Threatpost . “ The Manager listens on port 7809 where it accepts GoldenGate Software Command Interface ( GGSCI ) commands . Tenable found that a remote unauthenticated attacker can trigger a stack buffer overflow by sending a GGSCI command that is longer than expected. ” The attack is not complex and a bad actor could be remote and unauthenticated . Making matters worse , an attacker could compromise other products after initially attacking GoldenGate , the advisory warned . “ While the vulnerability is in Oracle GoldenGate , attacks may significantly impact additional products , ” the note said Vulnerability-related.DiscoverVulnerability . “ Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. ” The flaw impacts Vulnerability-related.DiscoverVulnerability versions 12.1.2.1.0 , 12.2.0.2.0 , and 12.3.0.1.0 in Oracle GoldenGate . Currently no working exploits for the flaw have been discovered Vulnerability-related.DiscoverVulnerability in the wild , according to the release . It should be noted that For Linux and Windows platforms , the flaw ’ s CVSS score is 9.0 because the access complexity is lower ( only rated high , not critical ) ; while for all other platforms , the CVSS score is a critical 10 . Two other flaws were also discovered Vulnerability-related.DiscoverVulnerability in Oracle GoldenGate ( CVE-2018-2912 and CVE-2018-2914 ) , with ratings of 7.5 on the CVSS scale ; those vulnerabilities weren ’ t nearly as severe . “ All of these vulnerabilities may be remotely exploitable without authentication , i.e. , may be exploited Vulnerability-related.DiscoverVulnerability over a network without requiring user credentials . ”

Valve has patched Vulnerability-related.PatchVulnerability a critical vulnerability in the Steam client which has lurked undetected for at least 10 years . The vulnerability impacts Vulnerability-related.DiscoverVulnerability all versions of the gaming platform . Tom Court , a security researcher hailing from Context Information Security , discovered Vulnerability-related.DiscoverVulnerability the bug and disclosed Vulnerability-related.DiscoverVulnerability his findings on Thursday . In a blog post , the researcher said Vulnerability-related.DiscoverVulnerability that left unpatched Vulnerability-related.PatchVulnerability , the bug permits threat actors to perform remote code execution ( RCE ) attacks . It was not until July last year that Valve added modern ASLR exploit protections to its Steam source code . However , this addition made sure that the vulnerability would only cause a client crash if exploited Vulnerability-related.DiscoverVulnerability -- unless a separate information leak vulnerability was also active in the exploit chain . Valve 's Steam software uses a custom protocol , known as the `` Steam Protocol , '' which is delivered on the top of UDP . The protocol registers packet length and the total reassembled datagram length ; however , the vulnerability was caused by a simple lack of checks to ensure that for the first packet of a fragmented datagram , the specified length was less than or equal to the total datagram length . All an attacker needed to do was to send a malformed UDP packet to trigger the exploit . `` This means that it is possible to supply a data_len smaller than packet_len and have up to 64kb of data ( due to the 2-byte width of the packet_len field ) copied to a very small buffer , resulting in an exploitable heap corruption , '' Court says . `` This seems like a simple oversight , given that the check was present for all subsequent packets carrying fragments of the datagram . '' The vulnerability was reported Vulnerability-related.DiscoverVulnerability to Valve on 20 February and was fixed Vulnerability-related.PatchVulnerability in a beta release less than 12 hours later . This patch was then pushed Vulnerability-related.PatchVulnerability to a stable release on 22 March . `` This was a very simple bug , made relatively straightforward to exploit due to a lack of modern exploit protections , '' Court says . `` The vulnerable code was probably very old , but as it was otherwise in good working order , the developers likely saw no reason to go near it or update their build scripts . '' `` The lesson here is that as a developer it is important to periodically include aging code and build systems in your reviews to ensure they conform to modern security standards , even if the actual functionality of the code has remained unchanged , '' the researcher added .

Adobe has resolved Vulnerability-related.PatchVulnerability six critical updates in the company 's latest round of security fixes . On Tuesday , Adobe said in a security advisory that the update impacts Vulnerability-related.DiscoverVulnerability ColdFusion version 11 , as well as the 2016 and 2018 releases of the web application development platform . In total , six of the security flaws are deemed Vulnerability-related.DiscoverVulnerability critical . The first set of vulnerabilities -- CVE-2018-15965 , CVE-2018-15957 , CVE-2018-15958 , and CVE-2018-15959 -- relate to the deserialization of untrusted data . In addition , CVE-2018-15961 is a security flaw which permits unrestricted file uploads in the software , and the final critical bug , CVE-2018-15960 , is described as Vulnerability-related.DiscoverVulnerability `` use of a component with a known vulnerability '' which can cause arbitrary file overwrite . If exploited Vulnerability-related.DiscoverVulnerability , all of the above security flaws can lead to arbitrary code execution . Three other bugs in ColdFusion have also been resolved Vulnerability-related.PatchVulnerability . CVE-2018-15962 is a flaw within directory listings that can lead to information disclosure ; CVE-2018-15963 is a security bypass bug which could permit attackers to create arbitrary folders , and CVE-2018-15964 is another security flaw caused by the use of a component with a known vulnerability which may cause data leaks . Adobe also released Vulnerability-related.PatchVulnerability a fix for Adobe Flash Player on desktop Windows , macOS , and Linux machines , as well as Flash for Google Chrome on Windows , macOS , Linux , and Chrome OS , versions 30.0.0.154 and earlier . This security flaw , CVE-2018-15967 is listed Vulnerability-related.DiscoverVulnerability as an `` important '' privilege escalation bug which could lead to information disclosure . Originally , Microsoft listed Vulnerability-related.DiscoverVulnerability the same vulnerability as critical and one which enabled attackers to perform remote code execution attacks . However , Microsoft has now amended its advisory to reflect Adobe 's severity rating . Adobe is not aware of any reports suggesting Vulnerability-related.DiscoverVulnerability the vulnerabilities have been exploited Vulnerability-related.DiscoverVulnerability in the wild but recommends Vulnerability-related.PatchVulnerability that users accept the automatic updates as soon as possible . The tech giant thanked researchers including Matthias Kaiser of Code White GmbH , Gsrc from Venustech-Adlab , and Nick Bloor of Cognitous for reporting Vulnerability-related.DiscoverVulnerability the vulnerabilities . This month 's security fixes build Vulnerability-related.PatchVulnerability upon Adobe 's August patch update , in which 11 security flaws were resolved Vulnerability-related.PatchVulnerability , including critical vulnerabilities in Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . In the same month , the tech giant also released Vulnerability-related.PatchVulnerability an out-of-schedule patch for Adobe Photoshop CC . The security update tackled Vulnerability-related.PatchVulnerability memory corruption bugs in the creative software which , if exploited Vulnerability-related.DiscoverVulnerability , could lead to code execution .

Microsoft releases Vulnerability-related.PatchVulnerability Intel 's microcode updates , including one to address Vulnerability-related.PatchVulnerability the recently revealed Foreshadow flaw . Microsoft has released Vulnerability-related.PatchVulnerability a set of new microcode patches from Intel that address Vulnerability-related.PatchVulnerability Spectre vulnerabilities , as well as the recently disclosed Foreshadow attacks . The updates are available Vulnerability-related.PatchVulnerability for all supported versions of Windows 10 and Windows Server . As noted on the support page for Windows 10 version 1803 , the microcode updates include mitigations for Spectre Variant 3a , CVE-2018-3640 , Spectre Variant 4 , CVE-2018-3639 , as well as two of the Foreshadow bugs , CVE-2018-3615 and CVE-2018-3646 , which are also known as Vulnerability-related.DiscoverVulnerability L1TF or 'L1 Terminal Fault ' . As Microsoft recently highlighted Vulnerability-related.DiscoverVulnerability , Windows machines with affected Intel CPUs will need microcode as well as software patches to mitigate Vulnerability-related.PatchVulnerability the Foreshadow attacks . Microsoft began helping Intel deliver Vulnerability-related.PatchVulnerability its microcode updates after Intel first started addressing Vulnerability-related.PatchVulnerability the Meltdown and Spectre CPU flaws in January . The microcode updates help mitigate Vulnerability-related.PatchVulnerability Spectre Variant 2 , CVE-2017-5715 . Foreshadow includes CVE-2018-3615 , which affects Vulnerability-related.DiscoverVulnerability Intel 's Software Guard Extensions ( SGX ) enclaves , while CVE-2018-3620 affects Vulnerability-related.DiscoverVulnerability operating systems and System Management Mode ( SMM ) memory . CVE-2018-3646 impacts Vulnerability-related.DiscoverVulnerability virtualization . Microsoft made Vulnerability-related.PatchVulnerability the updates , all dated 8/20/2018 , available Vulnerability-related.PatchVulnerability on the Microsoft Update Catalog this week .

Adobe has resolved Vulnerability-related.PatchVulnerability 11 security flaws in this month 's patch update on the heels of a far larger security round last month in which over a hundred bugs were squashed Vulnerability-related.PatchVulnerability . The patch release impacts Vulnerability-related.PatchVulnerability Adobe Flash , Acrobat and Reader , Experience Manager , and Creative Cloud . Two of the vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability in the release are described Vulnerability-related.DiscoverVulnerability as critical and affect Vulnerability-related.DiscoverVulnerability Acrobat and Reader . In July , Adobe issued Vulnerability-related.PatchVulnerability a security update which patched Vulnerability-related.PatchVulnerability a total of 112 vulnerabilities . The majority of bugs were uncovered Vulnerability-related.DiscoverVulnerability in Adobe Acrobat , but a critical code execution flaw was also resolved Vulnerability-related.PatchVulnerability in Adobe Flash . The critical bugs in this release impact Vulnerability-related.DiscoverVulnerability Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . The tech giant says Vulnerability-related.DiscoverVulnerability that exploitation of the security flaws , an out of bounds write issue ( CVE-2018-12808 ) and an untrusted pointer dereference problem ( CVE-2018-12799 ) can lead to arbitrary code execution . The vulnerabilities resolved Vulnerability-related.PatchVulnerability include five bugs in Adobe Flash . An out of bounds read flaw ( CVE-2018-12824 ) , a security bypass error ( CVE-2018-12825 ) , two information disclosure vulnerabilities ( CVE-2018-12826 , CVE-2018-12827 ) , and a privilege escalation flaw ( CVE-2018-12828 ) have all been patched Vulnerability-related.PatchVulnerability . A reflected cross-site scripting flaw ( CVE-2018-12806 ) , input validation bypass ( CVE-2018-12807 ) , and cross-site scripting ( XSS ) bug ( CVE-2018-5005 ) have been patched Vulnerability-related.PatchVulnerability in Adobe Experience Manager versions 6.0 -- 6.4 on all platforms . If exploited Vulnerability-related.DiscoverVulnerability , the security flaws can facilitate sensitive information disclosure and data modification . In addition , a single bug in Adobe Creative Cloud Desktop affecting Vulnerability-related.DiscoverVulnerability versions 4.5.0.324 and earlier versions on Windows systems has been resolved Vulnerability-related.PatchVulnerability . The DLL hijacking vulnerability ( CVE-2018-5003 ) can be exploited Vulnerability-related.DiscoverVulnerability in order for an attacker to escalate privileges on an account . Adobe recommends that users update their software as quickly as possible . Researchers from Trend Micro 's Zero Day Initiative , Palo Alto Networks , Google Project Zero , TenCent , and Cognizant Technology Solutions , among others , were thanked for reporting Vulnerability-related.DiscoverVulnerability the bugs . On Tuesday , Microsoft 's latest round of patches tackled Vulnerability-related.PatchVulnerability a total of 60 vulnerabilities , 19 of which were deemed critical . Two severe security flaws resolved Vulnerability-related.PatchVulnerability in the update are zero-day vulnerabilities which are being actively exploited Vulnerability-related.DiscoverVulnerability in the wild .

Yesterday , Oracle released Vulnerability-related.PatchVulnerability its quarterly critical patch update ( CPU ) for Q3 2018 , the October edition , during which the company fixed Vulnerability-related.PatchVulnerability 301 vulnerabilities . Of the 301 flaws , 45 had a severity rating of 9.8 ( on a scale of 10 ) and one even received the maximum 10 rating . Vulnerabilities that receive this severity ratings this high can be exploited Vulnerability-related.DiscoverVulnerability remotely , with no authentication , and the exploit chain is accessible even to low-skilled attackers , even to those with no in-depth technical knowledge . Oracle 's security team will publish more information about each vulnerability in the coming days . This will give companies more time to update Vulnerability-related.PatchVulnerability affected applications before details about each flaw are generally available Vulnerability-related.PatchVulnerability to everyone , including the bad guys . For now , little information is known , but the vulnerability that received the 10.0 rating impacts Vulnerability-related.DiscoverVulnerability Oracle GoldenGate , a data replication framework that can work with large quantities of information in real-time . This issue doesn't impact Vulnerability-related.DiscoverVulnerability standalone GoldenGate installations , but also the numerous other Oracle product setups where GoldenGate can be deployed as an add-in option , such as the Oracle Database Server , DB2 , MySQL , Sybase , Terradata , and others . As for vulnerabilities rated 9.8 on the severity scale , these were reported affecting Vulnerability-related.DiscoverVulnerability products such as the Oracle Database Server , Oracle Communications , the Oracle Construction and Engineering Suite , the Oracle Enterprise Manager Products Suite , Oracle Fusion Middleware , Oracle Insurance Applications , Oracle JD Edwards , MySQL , Oracle Retail , the Oracle Siebel CRM , and the Oracle Sun Systems Products Suite . Despite the staggering number of patched flaws -- 301 -- , this is n't Oracle 's biggest recorded CPU . That title goes to July 2018 's CPU , which addressed Vulnerability-related.PatchVulnerability 334 vulnerabilities , 55 of which had a 9.8 severity rating . This was also Oracle 's last CPU for 2018 . According to the folks at ERPScan , in 2018 , Oracle patched Vulnerability-related.PatchVulnerability 1119 vulnerabilities , the same number of flaws it patched Vulnerability-related.PatchVulnerability last year in 2017 .

CIsco has issued Vulnerability-related.PatchVulnerability a critical patch of a patch for a Cisco Prime License Manager SQL fix . Cisco this week said it patched Vulnerability-related.PatchVulnerability a “ critical ” patch for its Prime License Manager ( PLM ) software that would let attackers execute random SQL queries . The Cisco Prime License Manager offers enterprise-wide management of user-based licensing , including license fulfillment . Released Vulnerability-related.PatchVulnerability in November , the first version of the Prime License Manager patch caused its own “ functional ” problems that Cisco was then forced to fix Vulnerability-related.PatchVulnerability . That patch , called ciscocm.CSCvk30822_v1.0.k3.cop.sgn addressed Vulnerability-related.PatchVulnerability the SQL vulnerability but caused backup , upgrade and restore problems , and should no longer be used Cisco said . Cisco wrote that “ customers who have previously installed Vulnerability-related.PatchVulnerability the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch should upgrade Vulnerability-related.PatchVulnerability to the ciscocm.CSCvk30822_v2.0.k3.cop.sgn patch to remediate the functional issues . Installing Vulnerability-related.PatchVulnerability the v2.0 patch will first rollback the v1.0 patch and then install Vulnerability-related.PatchVulnerability the v2.0 patch. ” As for the vulnerability that started this process , Cisco says it “ is due to a lack of proper validation of user-supplied input in SQL queries . An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application . A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres [ SQL ] user. ” The vulnerability impacts Vulnerability-related.DiscoverVulnerability Cisco Prime License Manager Releases 11.0.1 and later .

Cisco has resolved Vulnerability-related.PatchVulnerability a set of critical vulnerabilities in Policy Suite which permit attackers to cause havoc in the software 's databases . This week , the tech giant released Vulnerability-related.PatchVulnerability a security advisory detailing four vulnerabilities which could place enterprise users at risk of information leaks , account compromise , database tampering , and more . The first vulnerability , CVE-2018-0374 , has earned a CVSS base score of 9.8 . Described as Vulnerability-related.DiscoverVulnerability an unauthenticated bypass bug , the security flaw `` could allow an unauthenticated , remote attacker to connect directly to the Policy Builder database , '' according to Cisco . The bug has been caused by a simple lack of authentication and as there is no requirement for identity verification , Policy Builder databases can be accessed and tampering with without limitation . Cisco Policy Suite releases prior to 18.2.0 are affected Vulnerability-related.DiscoverVulnerability . The second vulnerability , CVE-2018-0375 , is a default password error . The CVSS 9.8 bug is present in Vulnerability-related.DiscoverVulnerability the Cluster Manager of Cisco Policy Suite and could allow an unauthenticated , remote attacker to log in to a vulnerable system using a root account . The serious security problem has emerged Vulnerability-related.DiscoverVulnerability due to the use of undocumented , static user credentials for root accounts . If a hacker has knowledge of these credentials , they can become a root user and are able to execute arbitrary commands . Versions of the software prior to 18.2.0 are vulnerable Vulnerability-related.DiscoverVulnerability to exploit . The third bug , CVE-2018-0376 , is another unauthenticated access problem and is also caused by a lack of authentication measures . `` A successful exploit could allow the attacker to make changes to existing repositories and create new repositories , '' Cisco says Vulnerability-related.DiscoverVulnerability . Cisco Policy Suite versions prior to 18.2.0 are affected Vulnerability-related.DiscoverVulnerability . The fourth security flaw , CVE-2018-0377 , affects Vulnerability-related.DiscoverVulnerability the Open Systems Gateway initiative ( OSGi ) interface of Cisco Policy Suite . There is a lack of authentication within the OSGi interface which permits attackers to circumvent security processes and directly connect to the interface , access any files contained within they wish , and modify any content which is accessible through the process . This vulnerability impacts Vulnerability-related.DiscoverVulnerability Policy Suite versions prior to 18.1.0 . There are no workarounds to circumvent these vulnerabilities . However , patches have been issued to address Vulnerability-related.PatchVulnerability them and Cisco says that no reports have been received which indicate the bugs are being exploited Vulnerability-related.DiscoverVulnerability in the wild . In addition , Cisco has revealed Vulnerability-related.DiscoverVulnerability seven now-patched bugs affecting Vulnerability-related.DiscoverVulnerability SD-WAN solutions . The vulnerabilities included command injection security flaws , a remote code execution bug , and arbitrary file overwrite issues .

Yesterday , on Microsoft ’ s Patch Tuesday the company released Vulnerability-related.PatchVulnerability its monthly security patches that fixed Vulnerability-related.PatchVulnerability 62 security flaws . These fixes also included a fix for a zero-day vulnerability that was under active exploitation before these patches were made available Vulnerability-related.PatchVulnerability . Microsoft also announced the re-release of its Windows 10 version 1809 and Windows Server 2019 . Microsoft credited Kaspersky Lab researchers for discovering Vulnerability-related.DiscoverVulnerability this zero-day , which is also known as Vulnerability-related.DiscoverVulnerability CVE-2018-8589 and impacts Vulnerability-related.DiscoverVulnerability the Windows Win32k component . A Kaspersky spokesperson told ZDNet , “ they discovered Vulnerability-related.DiscoverVulnerability the zero-day being exploited Vulnerability-related.DiscoverVulnerability by multiple cyber-espionage groups ( APTs ) . ” The zero-day had been used to elevate privileges on 32-bit Windows 7 versions . This is the second Windows elevation of privilege zero-day patched Vulnerability-related.PatchVulnerability by Microsoft discovered Vulnerability-related.DiscoverVulnerability by Kaspersky researchers . Last month , Microsoft patched Vulnerability-related.PatchVulnerability CVE-2018-8453 , another zero-day that had been used by a state-backed cyber-espionage group known as FruityArmor . However , in this month ’ s Patch Tuesday , Microsoft has not patched Vulnerability-related.PatchVulnerability a zero-day that is affecting Vulnerability-related.DiscoverVulnerability the Windows Data Sharing Service ( dssvc.dll ) . This zero-day was disclosed Vulnerability-related.DiscoverVulnerability on Twitter at the end of October . According to ZDNet , “ Microsoft has published this month a security advisory to instruct users on how to properly configure BitLocker when used together with solid-state drives ( SSDs ) . ” As reported by Microsoft , the Windows 10 October 2018 update caused user ’ s data loss post updating . Due to this , the company decided to pause the update . However , yesterday , Microsoft announced that it is re-releasing Windows 10 version 1809 . John Cable , the director of Program Management for Windows Servicing and Delivery at Microsoft said , “ the data-destroying bug that triggered that unprecedented decision , as well as other quality issues that emerged during the unscheduled hiatus , have been thoroughly investigated and resolved. ” Microsoft also announced the re-release of Windows Server 2019 , which was affected Vulnerability-related.DiscoverVulnerability by the same issue . According to ZDNet , “ The first step in the re-release is to restore the installation files to its Windows 10 Download page so that “ seekers ” ( the Microsoft term for advanced users who go out of their way to install a new Windows version ) can use the ISO files to upgrade PCs running older Windows 10 versions. ” Michael Fortin , Windows Corporate Vice President , in a blog post , offered some context behind the recent issues and announced changes to the way the company approaches communications and also the transparency around their process . Per Fortin , “ We obsess over these metrics as we strive to improve product quality , comparing current quality levels across a variety of metrics to historical trends and digging into any anomaly. ” To know more about this in detail , visit Microsoft ’ s official blog post .

The technical details of security vulnerabilities impacting Vulnerability-related.DiscoverVulnerability the Nvidia Video and an Android driver have been revealed Vulnerability-related.DiscoverVulnerability by Zimperium , which acquired the flaws as part of an exploit acquisition program . On Tuesday , Zimperium zLabs researchers published Vulnerability-related.DiscoverVulnerability a blog post detailing the security flaws , two escalation of privilege bugs found Vulnerability-related.DiscoverVulnerability within the NVIDIA Video driver and MSM Thermal driver . The Nvidia bug , CVE-2016-2435 , impacts Vulnerability-related.DiscoverVulnerability Android 6.0 on the Nexus 9 handset . The problem arises Vulnerability-related.DiscoverVulnerability when attackers craft an application to tamper with read/write memory values and force privilege escalation . The second security flaw , CVE-2016-2411 , involves Vulnerability-related.DiscoverVulnerability a Qualcomm power management kernel driver , the MSM Thermal driver , in Android version 6 . If an attacker crafts a malicious application , they can give themselves root access through an internal bug in the driver , leading to privilege escalation . These bugs are well documented Vulnerability-related.DiscoverVulnerability , known Vulnerability-related.DiscoverVulnerability , and for the most part security updates have been issued Vulnerability-related.PatchVulnerability . However , Zimperium says Vulnerability-related.DiscoverVulnerability that making the technical details available of these so-called Vulnerability-related.DiscoverVulnerability `` N-day '' flaws is important and can act as a catalyst to boost the speed of patch production and to iron out problems arriving between a patch being created Vulnerability-related.PatchVulnerability and vendors distributing Vulnerability-related.PatchVulnerability the update in good time . In February , Zimperium launched Vulnerability-related.DiscoverVulnerability an N-day acquisition program which is only interested in known security problems , rather than unknown and unpatched zero-days . Over the next year , the exploit purchaser is budgeting a total of $ 1.5 million to pick up the details on these exploits . Once a bug has been discovered Vulnerability-related.DiscoverVulnerability and a fix is being worked on Vulnerability-related.PatchVulnerability , an N-day exploit indicates a time of one or more days in which user systems can be compromised until a security update is issued Vulnerability-related.PatchVulnerability . `` By focusing on N-days , or patched vulnerabilities , Zimperium is applying pressure on the mobile ecosystem to re-think how and when users receive Vulnerability-related.PatchVulnerability security updates , '' the company said at the time . `` [ The ] program will reward the hard work of researchers who would n't otherwise receive compensation for an N-day exploit . ''

Huawei has just announced Vulnerability-related.DiscoverVulnerability a new vulnerability that is currently possible on both the Huawei Honor 7 and the Huawei Mate S. This is said Vulnerability-related.DiscoverVulnerability to be a privilege elevation vulnerability that is possible thanks to an arbitrary file upload in Huawei Themes . The vulnerability already has an update ready to fix Vulnerability-related.PatchVulnerability it and devices susceptible to this simply needs to apply Vulnerability-related.PatchVulnerability the latest update to be safe from it . As of right now , we don ’ t have any details about how quickly this update is going out to devices though . Huawei tells Vulnerability-related.DiscoverVulnerability us this vulnerability was initially reported Vulnerability-related.DiscoverVulnerability to Huawei PSIRT by Nicky ( Wu Huiyu ) . Nicky works in Tencent ’ s Security Platform Department and is responsible for finding Vulnerability-related.DiscoverVulnerability vulnerabilities in various products and services . We ’ re told Mr. Wu followed proper protocol to contact Huawei and coordinated the vulnerability disclosure Vulnerability-related.DiscoverVulnerability so they can keep their customers as safe as possible . We ’ re told this vulnerability impacts Vulnerability-related.DiscoverVulnerability the Huawei Honor 7 that is running software versions newer than PLK-UL00C17B385 . Meaning , if you have the Honor 7 from Huawei and have the PLK-UL00C17B385 firmware ( or newer ) , then your device is safe from this attack . This attack is also possible on the Huawei Mate S , but it was fixed Vulnerability-related.PatchVulnerability in software version CRR-L09C432B380 . So again , if you have the Mate S from Huawei and are running the CRR-L09C432B380 firmware ( or newer ) , then you ’ re safe as well . This was not a remote attack and you were only at risk when certain conditions were met . You would have had to have someone trick you into installing a malicious theme on your device for it to infect it . This was possible because of a lack of a “ theme pack check ” since it allowed the theme to include some malicious files which would have been executed once installed

Warning Vulnerability-related.DiscoverVulnerability the device is susceptible to denial of service attacks , Cisco Systems on Wednesday released Vulnerability-related.PatchVulnerability a patch for its NetFlow Generation Appliance . The flaw traces back to the hardware ’ s Stream Control Transmission Protocol ( SCTP ) used by the appliance , according to a Cisco Security Advisory posted Vulnerability-related.DiscoverVulnerability Wednesday . Cisco warns Vulnerability-related.DiscoverVulnerability the vulnerability , “ could allow an unauthenticated , remote attacker to cause the device to hang or unexpectedly reload , causing a denial of service ( DoS ) condition ” . The bug ( CVE-2017-3826 ) is due to incomplete validation of SCTP packets being monitored on the NGA data ports , Cisco wrote . It impacts Vulnerability-related.DiscoverVulnerability Cisco NetFlow Generation Appliances NGA 3140 , NGA 3240 and NGA 3340 . NetFlow Generation Appliances are located within enterprise data centers and designed to monitor Gigabit Ethernet high-throughput networks . An attacker exploiting the vulnerability , “ could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port . SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability . An exploit could allow the attacker to cause the appliance to become unresponsive or reload , causing a DoS condition , ” Cisco said . While there are no workarounds to fix Vulnerability-related.PatchVulnerability the vulnerability , Cisco is urging users to apply an update that fixes Vulnerability-related.PatchVulnerability the bug , Cisco NetFlow Generation Appliance Software release Vulnerability-related.PatchVulnerability 1.1 ( 1a ) . The company added that the fix does not apply Vulnerability-related.PatchVulnerability to NGA 3140 because that platform was sunsetted January 11 , 2014 . Last month , Cisco patched Vulnerability-related.PatchVulnerability an authentication bypass vulnerability in its Cisco Prime Home hardware . In January , Cisco patched Vulnerability-related.PatchVulnerability a flaw rated critical found in Vulnerability-related.DiscoverVulnerability is WebEx Chrome Plugin , used by tens of millions for web conferencing in business environments , that exposed computers to remote code execution . Cisco Systems released Vulnerability-related.PatchVulnerability a patch Monday to fix Vulnerability-related.PatchVulnerability a critical security vulnerability , with a CVSS rating of 10 , in its Secure Sockets Layer VPN solution called Adaptive Security Appliance