Monthly Patches are out for Microsoft and Adobe. New Alerts for Fortinet, Technicolor, Rockwell Automation, and Linux.
It appears Apple pulled yesterday's RSR patch from the update servers.
Microsoft Exploit
Microsoft Monthly Patches are out, with 132 patched vulnerabilities, 9 rated Critical and 6 exploited in the wild. Highest CVSSv3 score of 9.8
More info. And here. And here.
Microsoft is investigating reports of a series of RCE vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. Only mitigations, an out-of-cycle fix is expected.
More info.
Adobe has published Monthly Patches for InDesign and ColdFusion. Highest CVSSv3 score of 9.8 (ColdFusion).
More info.
Fortinet has published several new bulletins. Highest CVSSv3 score of 9.8
More info.
A stack-based overflow vulnerability in FortiOS and FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. CVSSv3 score of 9.8
More info.
Technicolor TG670 Router DSL Gateway Router contains more than one hard-coded service account. These particular accounts allow full administrative access to the device via the WAN interface.
More info.
RCE and DoS vulnerabilities exist in several communication modules. Highest CVSSv3 score of 9.8
More info.
The PowerMonitor 1000 contains stored XSS vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker. CVSSv3 score of 8.8
More info.
SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
