Adobe has released an emergency update for its ColdFusion platform to resolve a serious zero-day vulnerability. The update fixes a flaw that could have led to RCE attacks using a ColdFusion service. Designated as CVE-2019-7816, Adobe has categorized the vulnerability as ‘file upload restriction bypass’ which means that it allowed unrestricted access to servers to execute malicious codes.
The following are the affected products and versions issued with the update(s):
Updates can be found here.
Google has released security patches this month for its Android platform. In its bulletin, the company announced two security patch ‘levels’ labeled as 2019-03-01 and 2019-03-05. This is to resolve issues timely across all devices with similar vulnerabilities. The most serious vulnerability addressed in the bulletin is an RCE flaw which allowed malicious files to perform arbitrary code execution in Android devices.
Users with the most recent Android devices (version 7.0 & later) are expected to receive updates soon. The following is a brief description of the two updates:
Microsoft released a batch update to address multiple issues in Windows 10 and Windows Server 2019. The KB4482887 release mainly enables Retpoline on certain devices, a coding implementation created by Google to bring down Spectre V2 vulnerability. Apart from this, the update resolves several bugs associated with hardware.
Microsoft has recommended users to install the latest servicing stack update (SSU) before installing this update.
The updates can be found here.
For this week, Ubuntu has released three security bulletins to address kernel vulnerabilities, as well as a flaw associated with OpenSSH. The following are the releases: