A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)
More Vulnerabilities Impacting the Windows Print Spooler
Do this: Apply the latest Microsoft security updates and, if possible, stop—then disable—the Print Spooler service.
Why: Microsoft has warned of another vulnerability that’s been discovered in its Windows Print Spooler. The vulnerability–separate from PrintNightmare–can allow attackers to escalate privileges and gain full user rights to a system; however, it can only be exploited locally.
Additional Info: Write-up: https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/ MSRC:
Using a SonicWall VPN?
Do this: Upgrade the firmware on any appliances that are still supported and immediately disconnect any legacy products including:
- SRA 4600/1600 (EoL 2019)
- SRA 4200/1200 (EoL 2016)
- SSL-VPN 200/2000/400 (EoL 2013/2014)
Additional Info: Write-up: https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
Using Adobe Acrobat?
Do this: Update your Adobe Acrobat to fix 11 vulnerabilities for both the Windows and macOS platforms.
Why: Adobe posted on their security bulletin, “Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.”
Additional Info: From Adobe: https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
About the Author
Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.