The Cybersecurity and Infrastructure Security Agency (CISA) recently distributed a number of notices related to updates for addressing key vulnerabilities from a number of major industrial software providers:
- Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
- Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. They include:
- FG-IR-23-396 ReadOnly Users Could Run Some Sensitive Operations
- FG-IR-23-475 FortiOS - SSLVPN Session Hijacking Using SAML Authentication
- FG-IR-24-144 Privilege Escalation via Lua Auto Patch Function
- FG-IR-24-199 Named Pipes Improper Access Control
- Adobe released security updates to address multiple vulnerabilities in Adobe software. They include:
- Security update available for Adobe Bridge | APSB24-77
- Security update available for Adobe Audition | APSB24-83
- Security update available for Adobe After Effects | APSB24-85
- Security update available for Adobe Substance 3D Painter | APSB24-86
- Security update available for Adobe Illustrator| APSB24-87
- Security update available for Adobe InDesign | APSB24-88
- Security update available for Adobe Photoshop | APSB24-89
- Security update available for Adobe Commerce | APSB24-90
- Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM), Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client.
- Ivanti Security Advisory EPM
- Ivanti Security Advisory Avalanche
- Ivanti Security Advisory Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client
- Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording.