Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates

Executive summary

In line with Microsoft’s November Patch Tuesday, several vendors, including Ivanti, Adobe, and Google, have released security updates to fix vulnerabilities in their products. Microsoft has addressed 72 security issues, including a critical Windows Common Log File System (CLFS) vulnerability that is being actively exploited. Ivanti’s updates cover its Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry products, fixing multiple critical vulnerabilities, one of which has the highest severity rating of 10, allowing unauthorised remote attackers to gain administrative access. Adobe has released patches for 168 security issues across various products, including Experience Manager, Connect, Animate, and InDesign. Google has updated Chrome to fix three high-severity vulnerabilities in the browser.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

Ivanti

Further details on specific updates across affected Ivanti products can be found here:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?language=en_US

Adobe

Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:

https://helpx.adobe.com/security/security-bulletin.html

Chrome

Further details of the vulnerabilities in the Chrome Browser products can be found here:

https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html

#threatadvisory #threatintelligence #cybersecurity