Vulnerabilities & Exploits

Securezoo Cybersecurity Threat Center blog posts of new vulnerabilities and exploits.

Drupal security update

Drupal issued a security advisory (SA-CORE-2018-004) on Wednesday to address a Highly Critical Remote Code Execution vulnerability (CVE-2018-7602). It is important to note this vulnerability is being exploited in the wild.  An excerpt from the advisory:   “A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors

Drupal security update Read More »

Intel Spectre and Meltdown vulnerability guidance

Intel released new details of availability for microcode updates that address the Meltdown and Spectre design flaws in Intel processors. According to the company, Intel has stopped working on microcode updates for certain Intel processors as noted in the release.

Intel Spectre and Meltdown vulnerability guidance Read More »

Microsoft fixes CredSSP vulnerability

Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.

Microsoft fixes CredSSP vulnerability Read More »