ICYMI: Recap of Last Week’s Security Alerts – week of March 12, 2023

VMware Cloud Foundation remote code execution vulnerability via XStream (CVE-2021-39144)

CISA identified VMware products to the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities (KEV) catalog following confirmation from VMware that this bug is being exploited since December 2022.

Veeam Backup & Replication Vulnerability (CVE-2023-27532)

A vulnerability been found in Veeam Backup & Replication that enables an unauthenticated user to request encrypted credentials, which can give them access to server hosts used for backup infrastructure.

Microsoft Outlook Privilege Elevation Vulnerability (CVE-2023-23397)

CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.

Contact Cornerstone.IT for assistance remediating this issue. If you are a small or mid-sized law firm, Cornerstone.IT’s dedicated 24/7 Network Operations Center (NOC) can help you with future patches, monitoring, and other mundane tasks that keep you from focusing on moving your firm forward.