Drupal security update addresses XSS vulnerability

Drupal issued a new security update (SA-CORE-2018-003) for Drupal core (versions 7 and 8) to address a moderately critical cross-site scripting (XSS) vulnerability. CKEditor is a third-party JavaScript library included in Drupal core.

Continue Reading Drupal security update addresses XSS vulnerability

Intel Spectre and Meltdown vulnerability guidance

Intel released new details of availability for microcode updates that address the Meltdown and Spectre design flaws in Intel processors. According to the company, Intel has stopped working on microcode updates for certain Intel processors as noted in the release.

Continue Reading Intel Spectre and Meltdown vulnerability guidance

Microsoft CredSSP vulnerability updates

Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.

Continue Reading Microsoft CredSSP vulnerability updates

Microsoft March 2018 patch updates

Microsoft issued March 2018 Security Updates that includes 75 vulnerability fixes, 15 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Exchange, Office, Office Services and Web Apps, ChakraCore, PowerShell and Adobe Flash.

Continue Reading Microsoft March 2018 patch updates

Microsoft February 2018 Patch Updates

Microsoft issued February 2018 Security Updates that includes more than 50 fixes, 14 of them critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore and Adobe Flash.

Continue Reading Microsoft February 2018 Patch Updates