September 2023 Patch Tuesday. Microsoft released security updates for products that preempt and mitigate critical vulnerabilities that may affect your infrastructure.
A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Citrix released an advisory tagged CTX561482
October 10th, of 2023, might seem far off but that’s when Microsoft is ending support for Windows Server 2012 and Windows Server 2012 R2.
On Monday, March 24th, 2023, Microsoft announced that it is enabling a transport-based enforcement system in Exchange Online serving three functions: reporting, throttling, and blocking.
May 30th, 2023, marks the end-of-life (EOL) for Citrix NetScaler firmware 12.1. EOL refers to the termination of support and updates for Citrix NetScaler 12.1. This means that after the May 30th date, Citrix will no longer provide technical support, security updates, or bug fixes for NetScaler 12.1. Users’ Citrix NetScaler devices will no longer receive critical security updates or technical support, leaving their devices vulnerable to potential security threats and software bugs. This can result in reduced system performance, reliability, and compatibility issues with newer software and hardware.
ICYMI: Recap of Last Week’s Security Alerts – week of March 12, 2023 VMware Cloud Foundation remote code execution vulnerability via XStream (CVE-2021-39144) CISA identified VMware products to the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities (KEV) catalog following confirmation from VMware that this bug is being exploited since December 2022. Veeam Backup & Replication Vulnerability (CVE-2023-27532) A vulnerability been found in Veeam Backup & Replication that enables an unauthenticated user to request encrypted credentials, [...]
CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.
CISA identified VMware products to the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities (KEV) catalog following confirmation from VMware that this bug is being exploited since December 2022.
A vulnerability been found in Veeam Backup & Replication that enables an unauthenticated user to request encrypted credentials, which can give them access to server hosts used for backup infrastructure.
