Today’s VERT Alert addresses Microsoft’s November 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-915 on Wednesday, November 11th. Note: Microsoft has changed their advisory format and no longer provides basic vulnerability descriptions.In-The-Wild & Disclosed CVEsCVE-2020-17087This CVE descr

Tripwire‘s October 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, Adobe, and Oracle.First on the patch priority list this month is a very high priority vulnerability in Oracle WebLogic Server. The vulnerability is within the Console component of Oracle WebLogic Server, and it can be exploited without au

A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution on unpatched systems. Although there have been a series of actively exploited WebLogic deserialization bugs, the exploit payload in this case imm

Vulnerability DescriptionTripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the HTTP/HTTPS service used for product management as well as SSL VPN remote access.Exposure and Im

Today’s VERT Alert addresses Microsoft’s October 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-909 on Wednesday, October 14th.In-The-Wild & Disclosed CVEsCVE-2020-16938This CVE describes an information disclosure in the Windows kernel that could allow a local attacker to disclose informatio

Tripwire‘s September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions.Up first on the patch priority list this month is a very high priority vulnerability, which is called “Zerologon” and identified by CVE-2020-1472. It is an elevation of privilege vulnerability

Today’s VERT Alert addresses Microsoft’s September 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-903 on Wednesday, September 9th.In-The-Wild & Disclosed CVEsThere were no in-the-wild or disclosed CVEs included in this month’s security guidance.CVE Breakdown by TagWhile historical Microsoft

Tripwire‘s August 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Apple.Up first on the patch priority list this month are patches for Microsoft and Apple for vulnerabilities that have been integrated into various exploits. Metasploit has recently added exploits for Microsoft .NET Framework, SharePoi

Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th.In-The-Wild & Disclosed CVEsCVE-2020-1464A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed files by by

Tripwire’s July 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, F5 Networks, Cisco, and Oracle.Up first on the patch priority list this month are patches for F5 Networks and Cisco for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for F5 Networks’ B

Today’s VERT Alert addresses Microsoft’s July 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-895 on Wednesday, July 15th.In-The-Wild & Disclosed CVEs CVE-2020-1463A vulnerability in the SharedStream Library could allow a locally authenticated attacker to run a malicious application in order

What is the Windows Store?The Windows Store is a digital platform that allows for the distribution of applications. This platform offers both free and paid. Users use the Window Store to install applications that are of interest to them.Can you disable the Windows Store?Windows Store can be disabled via group policy to prevent users from installing applicati

Today’s VERT Alert addresses Microsoft’s June 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-888 on Wednesday, June 10th.In-The-Wild & Disclosed CVEsNone of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft.CVE Breakdown by TagWhile hist

Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and Sal

Today’s VERT Alert addresses Microsoft’s May 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-884 on Wednesday, May 13th.In-The-Wild & Disclosed CVEsNone of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft.CVE Breakdown by TagWhile histor