Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall, Zyxel, Google Chrome and Zoom Security Updates - updated

Written By Black Arrow Admin

Updated

Since writing further updates have been released for another Ivanti vulnerability, this time affecting Endpoint Manager, as well as updates for Google Chrome, to address 132 fixes and 16 unique security issues, and Zoom to address a number of security issues across Windows, Mac and Linux clients.

See more details on each of those in the relevant sections below

Executive Summary

Microsoft’s Patch Tuesday for January 2025 started the year with security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also included fixes for twelve critical vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws.

Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers. Adobe issued updates for popular products such as Photoshop, Illustrator for iPad, and Animate, while Cisco addressed issues across multiple tools, including ThousandEyes and Crosswork Network Controller. Ivanti and Fortinet tackled zero-day vulnerabilities actively exploited in attacks, with Ivanti focusing on Connect Secure and Fortinet on its FortiOS and FortiProxy platforms.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall & Zyxel - updated to include Google Chrome and Zoom

Further details of the vulnerabilities in affected Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel products can be found here:

https://helpx.adobe.com/security/security-bulletin.html

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

https://www.ivanti.com/blog/january-security-update

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Upgrade-to-FortiOS-7-0-17-to-resolve-vulnerability/ta-p/370334

https://github.blog/open-source/git/git-security-vulnerabilities-announced-5/

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

#threatadvisory #threatintelligence #cybersecurity

 

Black Arrow Admin
Next

Black Arrow Cyber Threat Intelligence Briefing 10 January 2025