Highlights and Updates

Cisco Releases Security Updates

Thursday, 22nd August 2019

Cisco has released security updates to addressvulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor,Unified Computing System (UCS) Director, and UCS Director Express for Big Data.A remote attacker could exploit these vulnerabilities to take control of anaffected system.

 

We encourage users and administrators to review the following Cisco SecurityAdvisories and apply the necessary updates:

 

-Authentication Bypass Vulnerability in IMCSupervisor, UCS Director, and UCS Director Express for Big Data releasescisco-sa-20190821-imcs-ucs-authbypass.

-Authentication Bypass Vulnerability in IMCSupervisor, UCS Director, and UCS Director Express for Big Data releasescisco-sa-20190821-imcs-ucs-authbypass.

-Secure Copy (SCP) User Default CredentialsVulnerability in IMC Supervisor, UCS Director, and UCS Director Express for BigData releases cisco-sa-20190821-imcs-usercred.

-Application Programming Interface (API)Authentication Bypass Vulnerability in UCS Director and UCS Director Expressfor Big Data releases cisco-sa-20190821-ucsd-authbypass.

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

Friday, 16th August 2019

Microsoft has released a security update to address an elevation of privilege vulnerability(CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system.

We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.



Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Thursday, 15th August 2019

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:

- Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10
- Windows Server 2016
- Windows Server 2019

An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.

More Highlight

Information For

Control System Users

Information for industrial control systems owners, operators, and vendors.

Government Users

Resources for information sharing and collaboration among government agencies.

Home and Business

Information for system administrators and technical users.