News and Blog
Citrix Workspace App local privilege escalation vulnerability on Windows (CVE-2024-7889 / CVE-2024-7890)
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges with Citrix Workspace application on Windows.
Jim Moreo Interview at ILTACON 2024 with Jennie Azoulai
Interview with Jim Moreo with Jennie Azoulai (Legal Tech Publishing) at ILTACON 2024.
Why Do a Tech Assessment?
Whether you do them yourself or get some help, taking stock of your technology, your team’s skills and your processes is never a bad thing. Many firms do them every few years as a self-check. They help you identify gaps that need to be addressed and points the way to solutions that may not be evident until you see everything summarized in one place.
Zero-click Vulnerability on Windows TCP/IP IPv6 (CVE-2024-38063)
An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
Key Takeaway from CrowdStrike Incident
This issue, affecting computers running Microsoft Windows, underscores the importance of having a reliable Managed IT Services provider.
Citrix NetScaler Console, Agent and SVM Security Bulletin
Two vulnerabilities have been discovered in NetScaler Console (formerly NetScaler ADM), NetScaler SVM, and NetScaler Agent. Sensitive information disclosure and Denial of Service.
Cornerstone.IT Achieves Comprehensive ISO 27001 Certification, Ensuring Enhanced Data Security for Law Firms
To our prospective clients, choosing Cornerstone.IT means you’ll be partnering with an ISO-certified provider. Our services not only meet ISO standards, but we also strive to impart the benefits of these standards to your firm.
Steering Towards the Future: The AI Revolution in Legal Tech with iManage and Microsoft Copilot Integration
As we draw nearer to the introduction of iManage’s innovative Artificial Intelligence (AI) services at ConnectLive NYC, the anticipation is tangible. This groundbreaking initiative was a significant focus at the recent iManage partner conference.
Cornerstone.IT: Partnering Exclusively with Top-Tier Vendors for Premier Managed Services
Congratulations Arctic Wolf for being named a leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response report!
CISCO IOS and IOS XE Software Vulnerabilities
Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their Updates Channel.
Google Chrome (Desktop) Multiple Security Vulnerabilities
Multiple vulnerabilities found with desktop version of Google Chrome prior to version 123.0.6312.86
Mozilla Firefox Desktop – Critical Security Vulnerabilities
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26162)
An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application.
VMWare ESXi 7.0 and 8.0 Multiple Vulnerabilities
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-26192)
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
Critical Connectwise ScreenConnect Vulnerabilities (CVE-2024-1709 & CVE-2024-1708)
ConnectWise ScreenConnect 23.9.7 and prior are affected by an authentication bypass using an alternate path or channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Cornerstone Information Technologies, LLC Recognized on CRN’s 2024 MSP 500 List
CRN®, a brand of The Channel Company, has named Cornerstone.IT to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2024.
Microsoft Exchange Server Elevation of Privilege Vulnerability
Leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.
Multiple Microsoft Outlook Vulnerabilities
A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.