Month: September 2020

Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends  users and administrators to review  the  Chrome Release and apply the necessary updates....

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends  users and administrators to review  the Microsoft’s September 2020 Security Update Summary and Deployment Information and apply the necessary updates....

Risk Description: The Bhutan Computer Incident Response Team recommends WordPress website administrators about the new Vulnerability identified in the File Manager plugin which allows remote code execution. File Manager Plugin allows site Admins to upload, edit. delete files and folders directly from the WordPress backend without having to use FTP. If the vulnerability exploited successfully, it would allow attacker to upload web shell disguised inside an image file on the victim’s server. The attacker then access the web shell and take over the victim’s site. Versions Affected: File manager versions 6.0 – 6.8 Recommendations: Apply appropriate updates provided by...

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. Therefore, Bhutan Computer Incident Response Team recommends  users and administrators to review  the following Cisco Advisories and apply the necessary updates: Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability cisco-sa-jabber-UyTKCPGg Enterprise NFV Infrastructure Software File Overwrite Vulnerability cisco-sa-nfvis-file-overwrite-UONzPMkr Jabber for Windows Protocol Handler Command Injection Vulnerability cisco-sa-jabber-vY8M4KGB IOS XR Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-cli-privescl-sDVEmhqv IOS XR Software Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-LJtNFjeN...