Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to "identify interesting features in source code" and can help enable developers understand software components your apps use.
Citrix has published firmware updates for Application Delivery Controller (ADC) and Citrix Gateway products to address a critical vulnerability. An unathenticated attacker could exploit the vulnerability and execute arbitrary code.
Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.
Google has released Chrome 79.0.3945.130 for Windows, Mac and Linux. The update includes 11 security fixes.
Oracle has released its Critical Patch Update for January 2020 to include 334 vulnerability fixes across multiple products. The company also continues to receive reports of remote attackers attempting to maliciously exploit unpatched vulnerabilities.
Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.
VMware has released security updates to address a local privilege escalation vulnerability (CVE-2020-3941) in VMware Tools for Windows.
The time has finally arrived. Microsoft Windows 7 and multiple versions of Windows Server 2008 have reached end of support today, January 14, 2020. As a result, customers will no longer receive technical support and software updates for those products as of today.
On May 12, 2017, the now infamous WannaCry ransomware burst onto the worldwide scene on its way to infecting over 200,000 systems and 150 countries in just 3 days. NHS hospitals in the UK operations ground to a halt. Petya malware followed suit soon afterwards by targeting and ransacking systems in Ukraine, Russia, and Europe before spreading to other countries.
Cisco has released security updates for Webex, IOS, and other products. Two of the vulnerabilities are rated High severity and should be prioritized.