SECURITY

No Image

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

2019-08-14 KENNETH 0

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction. The affected … Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Read More » Source: Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

No Image

August 2019 Security Updates

2019-08-14 KENNETH 0

August 2019 Security Updates We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of … August 2019 Security Updates Read More » Source: August 2019 Security Updates

No Image

USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities

2019-08-14 KENNETH 0

USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities linux-lts-xenial, linux-aws vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN [ more… ]

No Image

USN-4096-1: Linux kernel (AWS) vulnerability

2019-08-14 KENNETH 0

USN-4096-1: Linux kernel (AWS) vulnerability linux-aws, linux-aws-hwe vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary The system could be made to expose sensitive information. Software Description linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems Details Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 linux-image-5.0.0-1012-aws – 5.0.0-1012.13 linux-image-aws – 5.0.0.1012.12 Ubuntu 18.04 LTS linux-image-4.15.0-1045-aws – 4.15.0-1045.47 linux-image-aws – 4.15.0.1045.44 Ubuntu 16.04 LTS linux-image-4.15.0-1045-aws – 4.15.0-1045.47~16.04.1 linux-image-aws-hwe – 4.15.0.1045.45 To update your system, please follow these instructions: [ more… ]

No Image

USN-4095-1: Linux kernel vulnerabilities

2019-08-14 KENNETH 0

USN-4095-1: Linux kernel vulnerabilities linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors Details Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial [ more… ]