Black Arrow Cyber Advisory 13 November 2024 – Microsoft, Ivanti, Adobe, Fortinet, Citrix, AMD, Intel, Chrome and Zoom Security Updates
Executive summary
Alongside Microsoft's November Patch Tuesday, several vendors—including Ivanti, Adobe, Fortinet, Citrix, Intel, AMD, Google, and Zoom—have released security updates to address vulnerabilities across their product ranges. Microsoft's updates rectify 91 security issues, including four zero-day vulnerabilities, with two actively being exploited. Ivanti has issued updates for Endpoint Manager, Avalanche, Connect Secure, and Security Access Client, addressing multiple vulnerabilities rated as 'critical', 'high', and 'medium'. Adobe's patches tackle 48 security issues affecting Commerce, InDesign, Photoshop, Illustrator, and Substance 3D Painter. Fortinet has released updates for several products, including FortiOS, to remediate 'high' rated vulnerabilities. Citrix has provided security updates for various products such as Virtual Apps, Desktops, and Netscaler. Intel has issued 44 security advisories covering a variety of products. AMD has released eight advisories relating to incorrect default permissions in various software utilities. Lastly, Google has updated Chrome, and Zoom has released updates, both addressing multiple 'high' severity security issues.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov
Ivanti
Further details on specific updates across affected Ivanti products can be found here:
Adobe
Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
Fortinet
Further details of the vulnerabilities in affected Fortinet products can be found here:
https://www.fortiguard.com/psirt/FG-IR-23-396
https://www.fortiguard.com/psirt/FG-IR-23-475
https://www.fortiguard.com/psirt/FG-IR-24-144
https://www.fortiguard.com/psirt/FG-IR-24-199
Citrix
Further details of the vulnerabilities in affected Citrix products can be found here:
Intel
Further details of the vulnerabilities in affected Intel products can be found here:
https://www.intel.com/content/www/us/en/security-center/default.html
AMD
Further details of the vulnerabilities in affected AMD products can be found here:
https://www.amd.com/en/resources/product-security.html
Chrome
Further details of the vulnerabilities in Google Chrome can be found here:
https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html
Zoom
Further details of the vulnerabilities in Zoom can be found here:
https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US
#threatadvisory #threatintelligence #cybersecurity