Microsoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated

Microsoft has warned of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444). The tech giant also released workarounds for the threat until a permanent fix is released.

Continue ReadingMicrosoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated

Fortinet patches High risk RCE vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer

Fortinet has patched a High risk use-after-free vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer fgfmsd daemon. An attacker could exploit the vulnerability to launch remote code execution (RCE) as root and take control of an impacted system.

Continue ReadingFortinet patches High risk RCE vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer

F5 patches Critical RCE vulnerability (CVE-2020-5902) in BIG-IP configuration utility

F5 has patched a Critical remote code execution (RCE) vulnerability (CVE-2020-5902) in the Configuration utility of BIG-IP. Researchers further discovered 8,000 devices were vulnerable on the internet and could result in full system compromise.

Continue ReadingF5 patches Critical RCE vulnerability (CVE-2020-5902) in BIG-IP configuration utility

Netgear fixes high risk vulnerability in multiple routers and network devices

Netgear has released firmware updates to fix a high severity remote code execution (RCE) vulnerability in multiple Netgear routers and other network devices. A remote attacker could exploit to take control of an affected device.

Continue ReadingNetgear fixes high risk vulnerability in multiple routers and network devices

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.

Continue ReadingMicrosoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)