Microsoft, Adobe, and Cisco CVEs, Patches, and Security Updates
CVE’s, Patches, and Security Updates - oh my!
The recent security updates and patch releases for Microsoft, Cisco, and Adobe were particularly critical for February. Staying on top of these Common Vulnerabilities and Exposures (CVEs) will keep the proverbial kinks out of your company’s armor, allowing you to maintain a secure working environment. Below we’ve detailed a few of the most critical updates this month for Microsoft, Adobe, and Cisco. Let’s Review.
Big Microsoft Patch on February 17, 2020
Last week’s Microsoft Patch Tuesday release likely resulted in a busy and wild week for server administrators and other remediation administrators alike.
12 of the 99 vulnerability patches released were considered critical.
One of the patches (CVE-2020-0674) fixes a particularly nasty vulnerability in Internet Explorer, which Microsoft had released an Out-Of-Band advisory for last month.The workarounds are suggested in the advisory, now that the vulnerability has been fixed.
Another one of the patches, considered a stand-alone, that was issued to address a bug in the Unified Extensible Firmware Interface (UEFI) boot manager, has now been removed. The update was apparently causing widespread problems in the user community with failed installations and profile corruption among other issues. Administrators and home users should be advised to ensure that servers and PCs have recent, successful backups prior to applying these patches.
** Further information about the removed UEFI patch and guidance can be found here:
Renato Marinho from the SANS Internet Storm Center did an excellent writeup of this month”s Microsoft Patch release, which can be found here:
Adobe Patch Releases
Adobe also released patches this month to address vulnerabilities found in,
- Flash Player (APSB20-06)
- Acrobat & Reader (APSB20-05)
- Experience Manager (APSB20-08)
- Framemaker (APSB20-04)
These addressed 17 flaws, including one critical flaw in Flash Player. Adobe is still on track to (finally) retire Flash Player later this year. Chrome and Firefox will update Flash Player using Auto-Update, even though it is now disabled by default in both browsers.
Cisco Security Updates, Disclosures, Vulnerabilities, and Patches
Cisco released several disclosures earlier this month, including critical issues with Cisco Discovery Protocol (CDP) which could result in denial-of-service and remote code execution. They have since released software updates that address these vulnerabilities. Customers are recommended to update software and disable CDP where CDP functionality is not required. Review a few of this month’s biggest CIsco Vulnerabilities below,
- CVE-2020-3110 - Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
- CVE-2020-3111 - Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability
- CVE-2020-3118 - Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability
- CVE-2020-3119 - Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability
- CVE-2020-3120 - Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability
How Vulnerability Management as a Service Can Help Your Business
Common Vulnerabilities and Exposures (CVEs), patch updates and critical security advisories are always changing and you have to stay ahead of the curve to ensure full security coverage. Your company could benefit from having 24/7 access to a vigilant vulnerabilities team. Consider Vulnerability Management as a Service (VMaaS) with Internetwork Engineering. We will keep you posted with monthly patch updates.