Este nuevo feed de seguridad es un recurso para que los MSP y los profesionales de TI se mantengan al día con las últimas noticias de ciberseguridad y alertas de vulnerabilidad relacionadas con el sistema operativo, los navegadores, la VPN y el RDP. Proteja su negocio y a sus clientes con las noticias de seguridad a medida que se producen.

VMware Patches Vulnerability in VMware ESXi and Cloud Foundation

Tuesday, July 13, 2021

VMware has patched a vulnerability in their VMware ESXi and Cloud Foundation products.

This vulnerability could be exploited by an attacker with network access to port 5989 to bypass SFCB authentication on an affected ESXi server.

Administrators should update immediately to avoid potential exploitation.

Read the full details here:
VMware ESXi updates address authentication and denial of service vulnerabilities

Solarwinds Patches Critical Vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP

Friday, July 9, 2021

Solarwinds has released updates to address a critical remote code execution (RCE) vulnerability in their “Serv-U Managed File Transfer” and “Serv-U Secure FTP” products.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to immediately log in to their customer portal and install the “Serv-U version 15.2.3 hotfix (HF) 2” update.

Important links:
Solarwinds Serv-U Security Advisory for Serv-U Remote Memory Escape Vulnerability
ZDNet: SolarWinds releases security advisory after Microsoft says customers ‘targeted’ through vulnerability

Microsoft Patches “PrintNightmare” Print Spooler RCE Vulnerability

Tuesday, July 6, 2021

Microsoft has released an out-of-band security update to fix a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the latest Windows updates as soon as possible.

Users should also update Windows as soon as possible to avoid potential exploitation.

Important links:
Out-of-Band (OOB) Security Update available for CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
PrintNightmare Breakdown: Analysis and Remediation

Windows “PrintNightmare” Print Spooler RCE Vulnerability

Thursday, July 1, 2021

Microsoft has released details of a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the June 2021 updates as soon as possible.

Important links:
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
CISA Offers New Mitigation for PrintNightmare Bug

VMware Patches Critical Vulnerability in Carbon Black App Control

Tuesday, June 22, 2021

VMware has patched a critical security vulnerability in Carbon Black App Control that could allow a remote attacker to take control of an affected system.

Administrators should update to version 8.6.2 immediately to avoid potential exploitation.

Read the full details here:
VMware Security Advisory VMSA-2021-0012

Cisco Patches Vulnerabilities in Multiple Products (June 2021)

Thursday, June 17, 2021

Cisco has released software updates to fix high priority vulnerabilities in multiple products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates for Multiple Products
Cisco Security Advisories

Windows Security Updates Released (June 2021)

Tuesday, June 8, 2021

Microsoft has released June 2021 security updates for Windows 10/8/7, Windows Server 2016/2012/2008, and SharePoint Server 2019/2016/2013.

These updates include 33 security fixes, including 5 fixes for critical security issues. Users should update as soon as possible to avoid potential exploitation.

System administrators should update servers as soon as possible to avoid potential exploitation.

Important links:
How to update Windows
June 2021 Security Updates (Release Notes)

Cisco Patches Lasso SAML Implementation Vulnerability Affecting Cisco Products

Tuesday, June 1, 2021

Cisco has released software updates to apply fixes for a vulnerability in the Lasso SSO library.

Authenticated attackers could exploit this vulnerability to impersonate another user.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021

VMware Patches Critical Vulnerabilities in vCenter Server and Cloud Foundation

Tuesday, May 25, 2021

VMware has patched multiple critical vulnerabilities in their vCenter Server and Cloud Foundation products.

These vulnerabilities could be exploited by a remote attacker to take control of an affected system.

Administrators should update immediately to avoid potential exploitation.

Read the full details here:
VMware Security Advisory VMSA-2021-0010

Windows Security Updates Released (May 2021)

Tuesday, May 11, 2021

Microsoft has released May 2021 security updates for Windows 10/8/7, Windows Server 2016/2012/2008, and Microsoft Exchange Server 2019/2016/2013.

These updates include 55 security fixes. Users should update as soon as possible to avoid potential exploitation.

System administrators should update servers as soon as possible to avoid potential exploitation.

Important links:
How to update Windows
May 2021 Security Updates (Release Notes)

Subscribe to the Feed

RSS