Nyheder uge 28

Microsofts juli 2021 Patch Tuesday lapper 9 0-dags sårbarheder og 117 fejl.

 

Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured. Microsoft has fixed 117 vulnerabilities with today's update, with 13 classified as Critical, 1 Moderate, and 103 as Important.

<https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2021-patch-tuesday-fixes-9-zero-days-117-flaws/>
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/microsoft-releases-july-2021-security-updates>
<https://www.zdnet.com/article/microsoft-july-2021-patch-tuesday-117-vulnerabilities-pwn2own-exchange-server-bug-fixed/>
<https://blog.talosintelligence.com/2021/07/microsoft-patch-tuesday-for-july-2021.html>
<https://krebsonsecurity.com/2021/07/microsoft-patch-tuesday-july-2021-edition/>
<https://www.darkreading.com/vulnerabilities---threats/microsoft-patches-3-windows-zero-days-amid-117-cves/d/d-id/1341524>
<https://www.helpnetsecurity.com/2021/07/13/july-2021-patch-tuesday/>
<https://www.securityweek.com/microsoft-patches-3-under-attack-windows-zero-days>

Google udsender patch til 0-dags sårbarhed i Chrome, den ottende i 2021.

 

Google has released security updates today for its Chrome web browser, including a patch to address a zero-day vulnerability that was exploited in the wild. Tracked as CVE-2021-30563, the zero-day was described as a “type confusion” bug in V8, the Chrome browser component responsible for running and interpreting JavaScript code.

<https://therecord.media/google-patches-chrome-zero-day-eighth-one-in-2021/>


 

SonicWall advarer om 'kritisk' ransomware risko ved end-of-life SMA 100 VPN-udstyr.

 

SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

<https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-eol-sma-100-vpn-appliances/>
<https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/>
<https://therecord.media/sonicwall-warns-of-imminent-ransomware-campaign-targeting-its-eol-equipment/>
<https://www.darkreading.com/attacks-breaches/sonicwall-imminent-ransomware-attack-targets-older-products/d/d-id/1341533>
<https://www.securityweek.com/sonicwall-warns-imminent-ransomware-attacks-targeting-firmware-flaw>
 


 

Adobe-opdatering fixer 28 sårbarheder i 6 programmer.

 

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge.

<https://www.bleepingcomputer.com/news/security/adobe-updates-fix-28-vulnerabilities-in-6-programs/>
<https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/adobe-releases-security-updates-multiple-products>
<https://www.securityweek.com/adobe-critical-flaws-reader-acrobat-illustrator>
<https://securityaffairs.co/wordpress/120062/security/adobe-reader-acrobat-illustrator-flaws.html>


 

CISA udsender nød-direktiv om Microsoft Windows Print Spooler.

 

CISA has issued Emergency Directive (ED) 21-04: Mitigate Windows Print Spooler Service Vulnerability addressing CVE-2021-34527. Attackers can exploit this vulnerability to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization. Specifically, ED 21-04 directs federal departments and agencies to immediately apply the Microsoft July 2021 updates and disable the print spooler service on servers on Microsoft Active Directory (AD) Domain Controllers (DCs).

<https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/cisa-issues-emergency-directive-microsoft-windows-print-spooler>
<https://cyber.dhs.gov/ed/21-04/>
<https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-windows-printnightmare-bug/>