Black Arrow Cyber Advisory 13 November 2024 – Microsoft, Ivanti, Adobe, Fortinet, Citrix, AMD, Intel, Chrome and Zoom Security Updates

Executive summary

Alongside Microsoft's November Patch Tuesday, several vendors—including Ivanti, Adobe, Fortinet, Citrix, Intel, AMD, Google, and Zoom—have released security updates to address vulnerabilities across their product ranges. Microsoft's updates rectify 91 security issues, including four zero-day vulnerabilities, with two actively being exploited. Ivanti has issued updates for Endpoint Manager, Avalanche, Connect Secure, and Security Access Client, addressing multiple vulnerabilities rated as 'critical', 'high', and 'medium'. Adobe's patches tackle 48 security issues affecting Commerce, InDesign, Photoshop, Illustrator, and Substance 3D Painter. Fortinet has released updates for several products, including FortiOS, to remediate 'high' rated vulnerabilities. Citrix has provided security updates for various products such as Virtual Apps, Desktops, and Netscaler. Intel has issued 44 security advisories covering a variety of products. AMD has released eight advisories relating to incorrect default permissions in various software utilities. Lastly, Google has updated Chrome, and Zoom has released updates, both addressing multiple 'high' severity security issues.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov

Ivanti

Further details on specific updates across affected Ivanti products can be found here:

https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022?language=en_US&_gl=1*pchng3*_gcl_au*ODM2NTAyMzg1LjE3MjY2NjkwMTg

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release?language=en_US&_gl=1*pchng3*_gcl_au*ODM2NTAyMzg1LjE3MjY2NjkwMTg

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US&_gl=1*6ap9xw*_gcl_au*ODM2NTAyMzg1LjE3MjY2NjkwMTg

Adobe

Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:

https://helpx.adobe.com/security/security-bulletin.html

Fortinet

Further details of the vulnerabilities in affected Fortinet products can be found here:

https://www.fortiguard.com/psirt/FG-IR-23-396

https://www.fortiguard.com/psirt/FG-IR-23-475

https://www.fortiguard.com/psirt/FG-IR-24-144

https://www.fortiguard.com/psirt/FG-IR-24-199

Citrix

Further details of the vulnerabilities in affected Citrix products can be found here:

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US

Intel

Further details of the vulnerabilities in affected Intel products can be found here:

https://www.intel.com/content/www/us/en/security-center/default.html

AMD

Further details of the vulnerabilities in affected AMD products can be found here:

https://www.amd.com/en/resources/product-security.html

Chrome

Further details of the vulnerabilities in Google Chrome can be found here:

https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html

Zoom

Further details of the vulnerabilities in Zoom can be found here:

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

#threatadvisory #threatintelligence #cybersecurity

Previous
Previous

Black Arrow Cyber Threat Intelligence Briefing 15 November 2024

Next
Next

Black Arrow Cyber Threat Intelligence Briefing 08 November 2024