make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

Vulnerability Information Updates: September 2017

09/18/2017  |  By: Jessica Mantz

Share

Social Logo Social Logo Social Logo Social Logo

Patch Released for Critical Apache Struts Vulnerability Affecting All Versions Since 2008

The Apache Software Foundation recently patched a critical remote code execution vulnerability (CVE-2017-9805) that affects all versions of the Struts framework since 2008. Shortly after the disclosure of the vulnerability, exploit code for the vulnerability has been published online, and attackers are actively scanning for vulnerable systems to attack. Any web application that uses Struts’ REST plugin are vulnerable and should be patched immediately. There is currently no workaround for this vulnerability, therefore developers are advised to upgrade to Apache Struts version 2.5.13 as soon as possible.

More information on this vulnerability can be found at the following sites:

Microsoft Patches Actively Exploited Zero-Day Along With 80+ Vulnerabilities

In Microsoft’s September Patch Tuesday, the company addressed 83 vulnerabilities, including one zero-day remote code execution vulnerability that is reported to be actively exploited by attackers. This vulnerability (CVE-2017-8759) affects the .NET framework and could allow an attacker to take control of a system by having a victim open a specially-crafted document or application. Researchers have reported that recent attacks have exploited this vulnerability by sending users malicious Word documents to deliver malware. This month’s security updates also addressed multiple critical vulnerabilities in Internet Explorer, Edge, Windows, and NetBIOS. Microsoft also issued an advisory for a patch addressing a Bluetooth driver spoofing vulnerability that was recently disclosed.

For more information, please visit the following sites:

Billions of Devices Vulnerable to New Bluetooth Vulnerabilities Requiring No User Interaction

Armis Labs has discovered a collection of vulnerabilities in Bluetooth, affecting at least 5.8 billion Bluetooth-enabled devices, such as smartphones, computers, and IoT devices running on Android, iOS, Windows, and Linux. The collection, referred to as BlueBorne, includes eight total vulnerabilities, three of which are rated critical in severity. According to Armis Labs, attacks rely on devices having its Bluetooth feature enabled and do not require any user interaction, such as Bluetooth pairing between the victim and the attacker. If an attacker is within range of a targeted device, they could silently compromise devices and deploy malware, such as ransomware or a worm that can spread to other devices via Bluetooth. Microsoft announced that a security update addressing the BlueBorne vulnerabilities was released in July, therefore Windows computers with the update applied are protected.

For more information on BlueBorne and its capabilities, please visit:

Tagged with: vulnerability updates
Vulnerability Information Updates: September 2017

Related People

  • Jessica Mantz