Cisco issued new security updates to address vulnerabilities on multiple Cisco products to include WebEx, Secure Access Control System (ACS), Wireless LAN Controller (WLC), Meeting Server, and Aironet.
Security Updates & Patches
Securezoo Cybersecurity Threat Center blog posts of new security updates and patches.
Microsoft issued a security advisory for a remote code execution (RCE) vulnerability that exists on the Windows Host Compute Service Shim (hcsshim) library, an open source tool used to import Docker containers and run on Windows systems.
Tenable Research discovered a critical remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition.
Microsoft has released two additional Windows security updates that address the Spectre side-channel vulnerabilities that were revealed in January of 2018.
Drupal issued a security advisory (SA-CORE-2018-004) on Wednesday to address a Highly Critical Remote Code Execution vulnerability (CVE-2018-7602). It is important to note this vulnerability is being exploited in the wild. An excerpt from the advisory: “A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors
Oracle has released its Critical Patch Update (CPU) for April 2018 that addresses 254 vulnerabilities across multiple products.
Intel released new details of availability for microcode updates that address the Meltdown and Spectre design flaws in Intel processors. According to the company, Intel has stopped working on microcode updates for certain Intel processors as noted in the release.