This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

Windows Security Updates Released (April 2021)

Tuesday, April 13, 2021

Microsoft has released April 2021 security updates for Windows 10/8/7, Windows Server 2012/2008, Microsoft Exchange Server 2019/2016/2013, and SharePoint Server 2019.

These updates include 40 security fixes. Users should update as soon as possible to avoid potential exploitation.

System administrators should update servers immediately to mitigate newly disclosed Microsoft Exchange vulnerabilities.

Important links:
How to update Windows
April 2021 Security Updates (Release Notes)

VMware Patches Critical Vulnerability in Carbon Black Cloud Workflow

Thursday, April 1, 2021

VMware has patched a critical security vulnerability in Carbon Black Cloud Workflow that could allow a remote attacker to take control of an affected system.

Administrators should update to version 1.0.2 immediately to avoid potential exploitation.

Read the full details here:
VMware Security Advisory VMSA-2021-0005

The Samba Team Patches Critical Vulnerabilities in Samba Software

Wednesday, March 24, 2021

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Read the full details here:
Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases

Adobe Patches Critical Vulnerabilities in ColdFusion

Monday, March 22, 2021

Adobe has patched a critical vulnerability in ColdFusion that could be exploited to take control of a vulnerable system.

ColdFusion software should be updated immediately to avoid potential exploitation.

Read the full details here:
Adobe Security Bulletin APSB21-16: Security updates available for Adobe ColdFusion

General Advisory: Microsoft Releases One-Click Mitigation Tool for Critical On-Premises Exchange Vulnerabilities

Monday, March 15, 2021

Microsoft has released a one-click mitigation tool as an interim mitigation for on-premises exchange vulnerabilities. It’s designed to prevent attacks for servers that have not yet applied the on-premises exchange security updates.

The on-premises exchange vulnerabilities are being exploited in the wild at an alarming rate, causing CISA to issue an emergency directive on March 3rd, 2021.

Attackers can gain persistent system access and control of an enterprise network without authenticating, and are known to install malware on compromised systems.

Any on-premises exchange servers should run the mitigation tool immediately to prevent exploitation of these vulnerabilities and then apply security updates as soon as possible.

Read the full details here:
One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021

Windows Security Updates Released (March 2021)

Tuesday, March 9, 2021

Microsoft has released March 2021 security updates for Windows 10/8/7 and Windows Server 2012/2008. These updates include 44 security fixes. Users should update as soon as possible to avoid potential exploitation.

Important links:
How to update Windows
March 2021 Security Updates (Release Notes)

Microsoft Patches Critical RDP Vulnerabilities in Remote Desktop Gateway

Tuesday, January 14, 2020

Microsoft has released patches for a critical vulnerability in Remote Desktop Gateway (RD Gateway) that allows attackers to completely take over a vulnerable target using Remote Desktop Protocol (RDP).

Any devices running Windows Server should be updated immediately to avoid exploitation of this critical vulnerability.

Read the full details here:
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability (CVE-2020-0609)
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability (CVE-2020-0610)

Microsoft Patches Critical RDP Vulnerability “BlueKeep”

Tuesday, May 14, 2019

BlueKeep (CVE-2019-0708) is a critical remote code execution vulnerability that could allow an unauthenticated remote attacker to completely take over a vulnerable target running Remote Desktop Protocol (RDP).

Microsoft has patched this vulnerability in the May 2019 Security Updates. All Windows devices should be updated immediately.

Read the full details here:
Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019

Email Alerts