Adobe Releases Security Updates

Original release date: March 13, 2018

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Connect, and Dreamweaver. A remote attacker could exploit these vulnerabilities to take control of an affected system. NC…

Original release date: March 13, 2018

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Connect, and Dreamweaver. A remote attacker could exploit these vulnerabilities to take control of an affected system. 

NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-05, APSB18-06, and APSB18-07, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Original release date: March 13, 2018

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages…

Original release date: March 13, 2018

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2018-1050 and CVE-2018-1057 and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.


This product is provided subject to this Notification and this Privacy & Use policy.


Patch Tuesday drops the mandatory antivirus requirement after all

(credit: amalthya / Flickr)
In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antiv…

(credit: amalthya / Flickr)

In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antivirus software created a special entry in the registry to indicate that it's compatible with the Windows fixes.

This was due to the particularly invasive nature of the Meltdown fix: Microsoft found that certain antivirus products manipulated Windows' kernel memory in unsupported ways that would crash systems with the Meltdown fix applied. The registry entry was a way for antivirus software to positively affirm that it was compatible with the Meltdown fix; if that entry was absent, Windows assumed that incompatible antivirus software was installed and hence did not apply the security fix.

This put systems without any antivirus software at all in a strange position: they too lack the registry entries, so they'd be passed over for fixes, even though they don't, in fact, have any incompatible antivirus software.

Read 5 remaining paragraphs | Comments

Mozilla Releases Security Updates for Firefox

Original release date: March 13, 2018

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encour…

Original release date: March 13, 2018

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 59 and Firefox ESR 52.7 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.