make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

Vulnerability Information Updates: November 2017

11/27/2017  |  By: Jessica Mantz

Share

Social Logo Social Logo Social Logo Social Logo

Serious Vulnerability Found in Security Protocol Used In Most Wi-Fi Networks

Security researchers discovered a serious flaw affecting the Wi-Fi Protected Access II (WPA2) protocol, leaving correct implementations of WPA2 vulnerable to a new attack. The Key Reinstallation Attack (KRACK) allows an attacker within range of a vulnerable device to intercept and read encrypted network traffic. This could allow an attacker to steal sensitive information such as passwords, emails, credit card numbers, and more. Most devices that support Wi-Fi are affected, including Android, Apple, Linux, Windows, and other systems. It is recommended to apply security updates to an affected device as soon as an update becomes available.

More information on this vulnerability can be found at:

Microsoft Patches 53 Vulnerabilities Including Four Publicly Disclosed Flaws

In this month’s Patch Tuesday, Microsoft released security updates to address 53 total vulnerabilities. Of the most notable, there are multiple scripting engine memory corruption vulnerabilities affecting Microsoft Edge and Internet Explorer 11 that could allow remote code execution and should be prioritized for immediate patching. Additionally, four vulnerabilities currently have public exploits available and should be patched as soon as possible (CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700). Although, there are currently no reports of attackers actively exploiting these four vulnerabilities.

For more information on the latest patches, please visit:

Adobe Releases Patches to Address 80 Vulnerabilities - 56 Affecting Reader and Acrobat Software

Adobe has addressed 80 vulnerabilities this month across many products including Flash Player, Photoshop, Shockwave Player, Acrobat and Reader. Although none of the vulnerabilities are reported to be actively under attack, a total of 56 vulnerabilities were addressed in Acrobat and Reader alone, including many critical vulnerabilities that could allow remote code execution. Five critical remote code execution vulnerabilities are also addressed with Adobe’s Flash Player update. It is recommended to apply these updates as soon as possible. 

More information on the latest vulnerabilities addressed can be found at:

Vulnerability Information Updates: November 2017

Related People

  • Jessica Mantz