Fortra Vulnerability Management will include the Microsoft Patch Tuesday checks in the NIRV 4.56.0 and FVM Agent 2.17.Microsoft addressed 70 vulnerabilities this release, including 16 rated as Critical.CVE-2024-49138 - Microsoft has disclosed an actively exploited vulnerability that allows attackers to gain SYSTEM privileges on Windows devices. No further information is provided from Microsoft on...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.54.0 and FVM Agent 2.15 releases.Microsoft addressed 89 vulnerabilities in this release, including 4 rated as Critical and 51 Remote Code Execution vulnerabilities.This release also includes fixes for two vulnerabilities that have been publicly disclosed and exploited in the wild.CVE-2024-43451 NTLM Hash Disclosure Spoofing...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.50.0 and FVM Agent 2.11 releases.Microsoft addressed 79 vulnerabilities in this release, including 7 rated as Critical and 23 Remote Code Execution vulnerabilities.This release also includes fixes for four vulnerabilities that have been exploited in the wild.CVE-2024-38217 and CVE-2024-38226 are Security Feature Bypass...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.48.0 and FVM Agent 2.10 releases.Microsoft addressed 86 vulnerabilities in this release, including 7 rated as Critical and 28 Remote Code Execution vulnerabilities.This release also includes fixes for six vulnerabilities that have been exploited in the wild.Microsoft Project Remote Code Execution Vulnerability (CVE-2024-38189...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.46.0 and FVM Agent 2.9 releases.Microsoft addressed 142 vulnerabilities in this release, including 5 rated as critical, and 59 remote code execution vulnerabilities.This release represents a huge increase in the number of CVEs, as opposed to last month’s count.Notable Vulnerabilities from this patch Tuesday release:CVE-2024...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.44.0 and FVM Agent 2.8 releases.Microsoft addressed 51 vulnerabilities in this release, including 1 rated as Critical and 18 Remote Code Execution vulnerabilities.CVE/AdvisoryTitleTagMicrosoft Severity RatingBase ScoreMicrosoft ImpactExploitedPublicly DisclosedCVE-2024-30069Windows Remote Access Connection Manager Information...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.40.0 and FVM Agent 2.6 releases.Microsoft addressed 150 vulnerabilities in this release, including 3 rated as Critical and 67 Remote Code Execution vulnerabilities.This release also includes a fix for the Proxy Driver Spoofing Vulnerability (CVE-2024-26234) that has been exploited in the wild.CVE/AdvisoryTitleTagMicrosoft...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.36.0 and Fortra VM Agent 2.4 releases.Microsoft addressed 73 vulnerabilities in this release, including 5 rated as Critical and 30 Remote Code Execution vulnerabilities.This release also includes fixes for CVE-2024-21351 and CVE-2024-21412 that have been exploited in the wild.Internet Shortcut Files Security Feature Bypass...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.34.0 and Agent 2.3 releases.Microsoft addressed 49 vulnerabilities in this release, including 2 rated as Critical and 12 Remote Code Execution vulnerabilities.CVE/AdvisoryTitleTagMicrosoft Severity RatingBase ScoreMicrosoft ImpactExploitedPublicly DisclosedCVE-2024-20666BitLocker Security Feature Bypass VulnerabilityWindows...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.32.0 and Agent 2.2 releases.Microsoft addressed 33 vulnerabilities in this release, including 4 rated as Critical and 8 Remote Code Execution vulnerabilities.CVE/AdvisoryTitleTagMicrosoft Severity RatingBase ScoreMicrosoft ImpactExploitedPublicly DisclosedCVE-2023-36696Windows Cloud Files Mini Filter Driver Elevation of...

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.29.0 and Agent 2.0 releases.Microsoft addressed 104 vulnerabilities in this October 2023 release, including 12 rated as Critical and 45 Remote Code Execution vulnerabilities.Three of the CVEs included in this month's release are also being exploited in the wild.HTTP/2 Rapid Reset Attack (CVE-2023-44487)This vulnerability in...

Today’s Microsoft Security Update includes the Microsoft Patch Tuesday checks in the NIRV 4.26.0 and Fortra VM Agent 1.63.0 releases.Microsoft included fixes for 74 vulnerabilities in this release, including 6 rated as Critical.Microsoft also released 2 security advisories this month with improvements related to defense in depth for Microsoft Office and the Memory Integrity System Readiness Scan...

Today’s Microsoft Security Update addressed 78 vulnerabilities, including 6 that are rated as Critical. None of the vulnerabilities included in the Patch Tuesday release appear to be currently exploited in the wild.Of note, Microsoft SharePoint Server Elevation of Privilege Vulnerability (CVE-2023-29357) appears to allow an attacker to bypass authentication using a spoofed JWT authentication token...

Apache Log4j2 Security AdvisoryDigital Defense by Fortra's Vulnerability Research Team (VRT) is aware of a recently disclosed security issue related to the open-source Apache “Log4j2” utility (CVE-2021-44228). Log4j is a logging framework found in Java software. The flaw is tied to a failure by certain features in the Java Naming and Directory Interface (JNDI) which is used in configuration, log...

We are disclosing a vulnerability identified in NETSHIELD Corporation Nano 25. The engineers at NETSHIELD Corporation were prompt in their response when notified of the flaw and have provided a patch for the cyber security issue.NETSHIELD Corporation has released a patch for the affected Nano 25 version 10.2.18.Fortra VM will not include an explicit check for this vulnerability due to the...

Microsoft Defender Zero-Day Remote Code Execution (RCE) VulnerabilityOn Tuesday, January 12th, Microsoft released a patch for an RCE vulnerability present within their antivirus solutions, Windows Defender, System Center Endpoint Protection, and Security Essentials. his vulnerability is being tracked as CVE-2021-1647. Although an exploit has not been publicly released, this vulnerability is...

Advisory Solarwinds Orion Vulnerabilities Security Advisory: SolarWinds OrionAs you have likely seen in news reports over the last weeks, a series of significant security incidents occurred in earlier this month related to malicious cyber actors exploiting VMware® Access and VMware Identity Manager products and a security breach at FireEye uncovering injected malware within SolarWinds network...

D-Link VPN Router VulnerabilitiesDigital Defense, Inc. is disclosing vulnerabilities identified in D-Link VPN routers discovered by our Vulnerability Research Team (VRT). The engineers at D-Link were prompt in their response when notified of the flaws and have provided hot fixes for these cyber security issues.D-Link has made a patch in the form of a hotfix for the affected firmware versions and...

Drupal Arbitrary PHP Code Execution VulnerabilityOn November 16th, 2020, several file manipulation vulnerabilities within the PEAR Archive_Tar library were disclosed, given CVE-2020-28948 and CVE-2020-28949. This PEAR library is used by Drupal, although these vulnerabilities impact any platform that utilizes PEAR in their code. If Drupal is configured to allow file uploads and the processing of...

ESXi OpenSLP Remote Code Execution (RCE) Vulnerability On October 20th, VMWare disclosed the presence of an RCE vulnerability with the OpenSLP within ESXi. Exposure of the vulnerability is through TCP port 427 and yields a CVSSv3 score of 9.8. The vulnerability is referenced by CVE-2020-3992 and was provided a patch by VMWare on the same day as disclosure. Products affected are ESXi, Workstation...