make a good business better

Blog Information Security

Print Divider Print Divider Branding

Vulnerability Information Updates: February 2018

02/26/2018  |  By: Jessica Mantz


Social Logo Social Logo Social Logo Social Logo

Cisco Patches Critical VPN Vulnerability Affecting Adaptive Security Appliances

Ok, folks, this is a big one, so pay attention. It’s a remote code execution vulnerability and it received a CVSS base score of 10 (highest possible). If you use Cisco’s ASA software, you need to fix this vulnerability ASAP.

The vulnerability (CVE-2018-0101) affects various Adaptive Security Appliance (ASA) and Firepower Threat Defense Software products. It can be exploited remotely and does not require authentication. The proof of concept code available at the time of this writing creates a denial of service condition. However, we are expecting to see an exploit that allows the attacker to run arbitrary code any day now. Cisco initially released a patch in January to fix the flaw.  However, after learning of additional attack vectors, they released a second patch to fully remediate the vulnerability. We recommend applying the appropriate Cisco patches immediately.

More information on this can be found at:

Microsoft Addresses 50 Vulnerabilities in This Month’s Patch Tuesday

This month, Microsoft released patches to address 50 total vulnerabilities affecting Windows, Microsoft Office, Internet Explorer, Microsoft Edge, and the ChakraCore JavaScript engine. 14 of the vulnerabilities addressed were considered critical. Microsoft also included additional patches for the Meltdown and Spectre vulnerabilities in this month’s security updates. 

One particular nasty vulnerability (CVE-2018-0852) affects Outlook and should be prioritized for remediation. By sending a specially-crafted file to a user with an affected version of Outlook, an attacker could execute code in the context of the user when the victim views the email in the preview pane of Outlook. This one has “Internet worm” written all over it. We recommend you patch it as soon as possible.

Additional details on this month’s security updates can be found at:

Adobe Released Patch to Address Critical Zero-Day Flash Vulnerability

South Korea’s computer emergency response team identified an actively-exploited vulnerability dubbed CVE-2018-4878. The critical vulnerability is present in Adobe Flash Player and earlier versions and affects Windows, MacOS, Chrome OS, and Linux operating systems. If successfully exploited, the vulnerability could allow an attacker to remotely execute code on a vulnerable system. Adobe has released an update to address this vulnerability. We recommend upgrading Flash Player to the latest version as soon as possible.

More information on this can be found at: