Microsoft, Adobe, Cisco CVEs and Patches and Security Updates

Microsoft, Adobe, Cisco CVEs and Patches and Security Updates

CVE’s and Patches – Oh my!
For February, the most important security updates and patches for Adobe, Cisco, and Microsoft were released. This Common Vulnerabilities & Exposures (CVEs), will ensure that your company is protected and allows you to maintain a safe working environment. Below are the most important updates for Cisco, Adobe, and Microsoft this month. Let’s Review.
Big Microsoft Patch February 17, 2020

Last week’s Microsoft Patch Tuesday release was likely to have resulted in a hectic week for both server administrators and other remediation administrators.
12 of the 99 vulnerabilities patches that were released were deemed critical.
One of the patches, CVE-2020-0674, fixes a very serious vulnerability in Internet Explorer. Microsoft had previously issued an Out-OfBand advisory last month.
Another patch, which was considered a standalone, was released to fix a bug in Unified Extensible Firmware Interface’s (UEFI) boot manager. It has now been removed. This update was causing widespread problems among the user community, including failed installations and profile corruption. Administrators and home users are advised to ensure that servers or PCs have recent, successful backups before applying these patches.

** Additional information and guidance about the UEFI patch that was removed can be found here.
Renato Marinho, from the SANS Internet Storm Center, wrote an excellent article about this month’s Microsoft Patch release. You can find it here:
Adobe Patch Releases

Adobe also released patches this month for vulnerabilities in,
Flash Player (APSB20-06)Acrobat & Reader (APSB20-05)Experience Manager (APSB20-08)Framemaker (APSB20-04)These addressed 17 flaws, including one critical flaw in Flash Player. Adobe is still working on Flash Player’s final retirement. Chrome and Firefox will update Flash Player via Auto-Update even though it is disabled by default in both browsers.
Cisco Security Updates, Disclosures and Vulnerabilities Patches

Cisco issued several disclosures earlier in the month, including critical issues regarding Cisco Discovery Protocol (CDP), which could lead to remote code execution and denial-of service. These vulnerabilities have been addressed by software updates. Customers are advised to update their software and disable CDP functionality where it is not necessary. Below are some of the most serious CIsco vulnerabilities this month.
CVE-2020-3110 – Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service VulnerabilityCVE-2020-3111 – Cisco IP Phone Remote Code Execution and Denial of Service VulnerabilityCVE-2020-3118 – Cisco IOS XR Software Cisco Discovery Protocol Format String VulnerabilityCVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution VulnerabilityCVE-2020-3120 – Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service VulnerabilityHow Vulnerability Management as a Service Can Help Your Business
Common Vulnerabilities (CVEs), patches updates, and critical security advisories are constantly changing. You need to be on top of security changes to ensure you have the best coverage. A 24/7 access to a vigilant vulnerability team could be a benefit for your company. Consider Vulnerability Management as a Service with Internetwork Engineering. We will keep you informed with monthly patch updates.

About Jason Smith
Jason Smith is the Security Consultant at Internetwork Engineering (IE). He has over 15 years of experience in IT Security & IT Security including finance, aerospace, defense, and retail. Connect with Jason via LinkedIn.
Get in touch with Jason Smith