Service Updates

19/05/2022
Exploitation for VMware Vulnerabilities (CVE-2022-22972 and CVE-2022-22973)

Summary: On May 18, 2022, VMware disclosed two vulnerabilities (CVE-2022-22972 and CVE-2022-22973) in VMware Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. On the same day,… More »

Service Updates
31/03/2022
Spring4Shell Vulnerability

Summary: As identified by Jisc, one of our trusted support partners a 0-day Remote Code Execution (RCE) vulnerability in Spring Core, a popular Java framework for building Java applications, has been identified. The RCE vulnerability… More »

Service Updates
03/02/2022
Proof-of-concept exploit available for critical Samba vulnerability (CVE-2021-44142)

Summary: On February 1, 2022, proof-of-concept exploit code was published for a critical Samba remote code execution vulnerability (CVE-2021-44142). Samba is used for file and print services in Windows, macOS, and Linux operating systems. It… More »

Service Updates
26/01/2022
Exploit Code Available for PwnKit Vulnerability (CVE-2021-4034)

Summary: On January 25, 2022, Qualys disclosed a PwnKit privilege escalation vulnerability (CVE-2021-4034) that affects the pkexec program installed by default on all major Linux distributions. Pkexec is a component of Polkit (formerly PolicyKit), which… More »

Service Updates
13/01/2022
Critical HTTP and Microsoft Exchange Server vulnerabilities – Remote Code Execution

Summary: On January 11, 2022, Microsoft released patches for critical and important remote code execution (RCE) vulnerabilities that could be appealing to threat actors. There are no reports of active exploitation as of this publication,… More »

Service Updates
20/12/2021
Further Update on Log4Shell Vulnerability (CVE-2021-44228)

Following on from the Log4j advisories sent 13/12 and 15/12, Apache has released version 2.17.0 of Log4j after discovering issues with their previous release, 2.16.   Summary:   Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from… More »

Service Updates
16/12/2021
noPac Vulnerability (CVE-2021-42287 and CVE-2021-42278 ) 

Summary Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass… More »

Service Updates
15/12/2021
Update on Log4Shell Vulnerability (CVE-2021-44228) 

As posted previously there have been a number of vulnerabilities to Log4j services based on an update to CVE-2021-44228 – Vulnerability, has now had major developments regarding the Log4j vulnerability since our last advisory. This update… More »

Service Updates
03/12/2021
Zoho managengine ServiceDesk Plus Vulnerability – CVE-2021-44077

Summary This is an authentication bypass vulnerability in some specific application URLs that allows an attacker to gain access to an organisation’s data on the ServiceDesk Plus application. By manipulating one of these URLs from… More »

Service Updates

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners