Cisco has released security updates to addressvulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor,Unified Computing System (UCS) Director, and UCS Director Express for Big Data.A remote attacker could exploit these vulnerabilities to take control of anaffected system.
We encourage users and administrators to review the following Cisco SecurityAdvisories and apply the necessary updates:
-Authentication Bypass Vulnerability in IMCSupervisor, UCS Director, and UCS Director Express for Big Data releasescisco-sa-20190821-imcs-ucs-authbypass.
-Authentication Bypass Vulnerability in IMCSupervisor, UCS Director, and UCS Director Express for Big Data releasescisco-sa-20190821-imcs-ucs-authbypass.
-Secure Copy (SCP) User Default CredentialsVulnerability in IMC Supervisor, UCS Director, and UCS Director Express for BigData releases cisco-sa-20190821-imcs-usercred.
-Application Programming Interface (API)Authentication Bypass Vulnerability in UCS Director and UCS Director Expressfor Big Data releases cisco-sa-20190821-ucsd-authbypass.
Microsoft has released a security update to address an elevation of privilege vulnerability(CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system.
We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.
Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:
An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.
Information for industrial control systems owners, operators, and vendors.
Resources for information sharing and collaboration among government agencies.
Information for system administrators and technical users.
