Jan 31 2018

Cisco Releases Security Updates

Original release date: January 31, 2018

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Jan 30 2018

Mozilla Releases Security Update for Firefox

Original release date: January 30, 2018

Mozilla has released a security update to address a vulnerability in Firefox. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 58.0.1 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Jan 29 2018

Cisco Releases Security Update

Original release date: January 29, 2018

Cisco has released a security update to address a vulnerability in its Adaptive Security Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Jan 29 2018

New Windows patch disables Intel’s bad Spectre microcode fix

Enlarge / A closeup shot of an Intel Haswell die, with a pin for size reference. (credit: Intel)

Microsoft has released a new Windows patch to disable Intel's hardware-based mitigation for the Spectre attack due to bugs introduced by Intel's mitigation.

In the wake of the Spectre and Meltdown attacks that use the speculative execution behavior of modern processors to leak sensitive information, Intel released a microcode update that offers operating systems additional controls over the processor's ability to predict branches. When paired with corresponding operating system changes, the extra controls can prevent the unwanted information disclosure.

Unfortunately, Intel discovered earlier this month that the microcode updates are causing machines to reboot. Initially this was confirmed to be the case for Haswell and Broadwell chips; Intel later confirmed that it also applied to Sandy Bridge, Ivy Bridge, Skylake and Kaby Lake parts. Intel's advice was to stop deploying the microcode. A week ago the company said that it had isolated the root cause of reboots, at least for Haswell and Broadwell processors, and that it would soon begin testing a new version.

Read 2 remaining paragraphs | Comments