Microsoft Releases Out-of-Band Security Updates for Exchange Server

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, andCVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

We encourage users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.

Cisco Releases Security Updates?

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

• Cisco Application Services Engine Unauthorized Access Vulnerabilities cisco-sa-case-mvuln-dYrDPC6w
• Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability cisco-sa-3000-9000-fileaction-QtLzDRy2
• Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability cisco-sa-mso-authbyp-bb5GmBQv

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.

We encourage users and administrators to review the Mozilla security advisories for Firefox 86, Firefox ESR 78.8, and Thunderbird 78.8 and apply the necessary updates.