Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.
Citrix has released patches for Citrix XenServer that address several vulnerabilities. If exploited, an attacker or malicious administrator of a guest VM could crash or compromise certain XenServer hosts.
Microsoft issued March 2018 Security Updates that includes 75 vulnerability fixes, 15 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Exchange, Office, Office Services and Web Apps, ChakraCore, PowerShell and Adobe Flash.
Red Hat released security guidance that addresses recent Distributed Denial of Service (DDoS) amplification attacks being performed by attackers who are exploiting vulnerable memcached systems exposed to the internet.
Microsoft issued February 2018 Security Updates that includes more than 50 fixes, 14 of them critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore and Adobe Flash.
Adobe has released security updates that fix critical vulnerabilities, to include one zero-day bug, in its Flash Player for Windows, Macintosh, Linux and Chrome OS.
Intel said the root cause of the reboot issues have been identified. To that end, the company said customers and partners should not install its current versions of Spectre/Meltdown patches rolled out earlier this month as they "may introduce higher than expected reboots and other unpredictable system behavior."
Intel made an update yesterday to previously issued security advisory on the Spectre/Meltdown 'speculation execution' vulnerabilities that could cause information disclosure on systems running Intel processors.
Oracle has released its Critical Patch Update Advisory for January 2018. The update includes 237 new security fixes for multiple Oracle products to include Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities.
Microsoft issued January 2018 Security Updates that includes patches to fix 16 critical bugs in Microsoft products Office, Word and SharePoint.