Summary: On February 1, 2022, proof-of-concept exploit code was published for a critical Samba remote code execution vulnerability (CVE-2021-44142). Samba is used for file and print services in Windows, macOS, and Linux operating systems. It… More »
Summary: On January 25, 2022, Qualys disclosed a PwnKit privilege escalation vulnerability (CVE-2021-4034) that affects the pkexec program installed by default on all major Linux distributions. Pkexec is a component of Polkit (formerly PolicyKit), which… More »
As previously shared as part of ESS’s separation from Capita, ESS (Education Software Solutions) will be migrating all of their customers out of the Capita support tool and into the ESS support tool from 24… More »
Summary: On January 11, 2022, Microsoft released patches for critical and important remote code execution (RCE) vulnerabilities that could be appealing to threat actors. There are no reports of active exploitation as of this publication,… More »
As part of ongoing performance improvements, we will be replacing some key equipment within the NetSweeper Web filtering infrastructure. In order to achieve this customers will see a period of outage while the change over… More »
Following on from the Log4j advisories sent 13/12 and 15/12, Apache has released version 2.17.0 of Log4j after discovering issues with their previous release, 2.16. Summary: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from… More »
Summary Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass… More »
As posted previously there have been a number of vulnerabilities to Log4j services based on an update to CVE-2021-44228 – Vulnerability, has now had major developments regarding the Log4j vulnerability since our last advisory. This update… More »
Summary In the wake of the Log4Shell vulnerability - CVE-2021-44228, our support partner JISC have been monitoring network connectivity and looking for proactive ways to prevent exploitation. It is imperative to take into consideration the entire infrastructure when responding… More »