Critical Patches Issued for Microsoft Products
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
- Many popular Microsoft products including, but not limited to, Windows, Office, and Edge
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all Microsoft products have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in Mozilla Products
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
- Firefox versions prior to 144
- Firefox ESR versions prior to 115.29
- Firefox ESR versions prior to 140.4
- Thunderbird versions prior to 144
- Thunderbird versions prior to 140.4
- Thunderbird ESR versions prior to 140.4
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all versions of all Mozilla products are updated to their latest versions
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in Adobe Products
Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.
Affected Systems:
- Adobe Connect 12.9 and earlier versions
- Adobe Commerce 2.4.9-alpha2 and earlier versions
- Adobe Commerce B2B 1.5.3-alpha2 and earlier versions
- Magento Open Source 2.4.9-alpha2 and earlier versions
- Adobe Creative Cloud Desktop Application 6.7.0.278 and earlier versions
- Adobe Bridge 14.1.8 (LTS) and earlier versions
- Adobe Bridge 15.1.1 and earlier versions
- Adobe Animate 2023 23.0.13 and earlier versions
- Adobe Animate 2024 24.0.10 and earlier versions
- Adobe Experience Manager (AEM) Screens 6.5.22 Screens FP11.6
- Adobe Substance 3D Viewer 0.25.2 and earlier versions
- Adobe Substance 3D Modeler 1.22.3 and earlier versions
- Adobe FrameMaker 2020 Release Update 9 and earlier versions
- Adobe FrameMaker 2022 Release Update 7 and earlier versions
- Adobe Illustrator 2025 29.7 and earlier versions
- Adobe Illustrator 2024 28.7.9 and earlier versions
- Adobe Dimension 4.1.4 and earlier versions
- Adobe Substance 3D Stager 3.1.4 and earlier versions
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all versions of all Adobe products are updated to their latest versions
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in VMware Aria Operations and VMware Tools Could Allow for Privilege Escalation
Multiple vulnerabilities have been discovered in VMware Aria Operations and VMware Tools, the most severe of which could allow for privilege escalation to root. VMware Aria is a multi-cloud management platform that provides automation, operations, and cost management for applications and infrastructure across private, public, and hybrid cloud environments. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation to root. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
- VMware Cloud Foundation Operations versions prior to 9.0.1.0
- VMware Tools versions prior to 13.0.5.0, 13.0.5, and 12.5.4
- VMware Aria Operations versions prior to 8.18.5
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all versions of all VMware products are updated to their latest versions
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Multiple Vulnerabilities in Cisco Products
Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution as root, which may lead to the complete compromise of the affected device.
Affected Systems:
- Cisco Secure Firewall ASA Software
- Cisco Secure FTD Software
- Cisco Secure FMC Software
- Cisco IOS and IOS XE Software
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all versions of all Cisco products are updated to their latest versions
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
.png)