make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

Vulnerability Information Updates: October 2017

10/16/2017  |  By: Jessica Mantz

Share

Social Logo Social Logo Social Logo Social Logo

Microsoft Addresses Zero Day Vulnerability in Office—62 Vulnerabilities Total

This Patch Tuesday, Microsoft released patches to address a total of 62 vulnerabilities across six different products. Of those vulnerabilities, 28 were rated critical and should be patched immediately. The most notable vulnerability included in this round of patches is an actively-exploited zero-day vulnerability affecting Microsoft Office (CVE-2017-11826). If left unpatched, an attacker could entice a user to open a malicious file to exploit the vulnerability and execute code remotely on the vulnerable system in the context of the current user. This is especially dangerous if the current user has administrative privileges. This month, Windows users should also prioritize patching CVE-2017-11779, a vulnerability affecting DNS requests that could allow malicious code execution with system privileges.

For more information, please visit:

Oracle Issues Seven Security Updates to Patch Apache Struts 2 Vulnerabilities

In response to the Equifax breach, Oracle released multiple updates to fix additional vulnerabilities in Apache Struts 2. Although none of the vulnerabilities are directly related to the Equifax breach, Oracle strongly recommends its customers to apply the new updates immediately. The vulnerabilities addressed in Oracle’s patches include: CVE-2017-9805, CVE-2017-7672, CVE-2017-9787, CVE-2017-9791, CVE-2017-9793, CVE-2017-9804, and CVE-2017-12611. One of the more notable vulnerabilities, CVE-2017-9805, could allow remote code execution on a vulnerable host if left unpatched.

More information on this can be found at:

Joomla 3.8 Fixes 8-Year-Old Credential Stealing Vulnerability

Joomla recently patched an eight-year-old LDAP injection vulnerability that could allow attackers to steal credentials from a vulnerable system. The vulnerability (CVE-2017-14596) is due to a lack of input sanitization used in the LDAP plugin, affecting Joomla versions 1.5.0 through 3.7.5 which use the plugin. The vulnerability has been fixed with the release of version 3.8, and customers are advised to upgrade their Joomla installations as soon as possible.

More details on this vulnerability can be found at:

Vulnerability Information Updates: October 2017