Today’s Security Advisories

The page contains today’s important security advisories and news bulletins that are critical to me in my daily work as an SQL Server Database Developer.

 

 

 

 

• 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
• 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
• 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
• 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
• 4025685 - Guidance related to June 2017 security update release - Version: 1.0
• 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
• 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
• 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
• 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
• 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0

 

 

 

 
See also: US CERT Alerts.

• VU#199397: Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
• VU#952657: Rsync contains six vulnerabilities
• VU#529659: Howyar Reloader UEFI bootloader vulnerable to unsigned software execution
• VU#164934: PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement
• VU#123336: Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J
• VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server
• VU#455367: Insecure Platform Key (PK) used in UEFI system firmware signature
• VU#244112: Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement
• VU#312260: Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
• VU#456537: RADIUS protocol susceptible to forgery attacks.
• VU#163057: BMC software fails to validate IPMI session.
• VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files
• VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
• VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows
• VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks