Cyber security news for all

More

    Microsoft and Autodesk have released new security recommendations

    Microsoft and Autodesk have released security updates for software that accesses the Autodesk program library. Microsoft has also released security advisories for an update of the Autodesk FBX Library and for an OpenSSL Remote Denial of Service vulnerability. It is an unscheduled security update that fixes remote code execution vulnerabilities in an Autodesk FBX library that is integrated with Microsoft Office and 3D applications.

    The whole thing has been known since March 2020.Microsoft has changed the days of the download links and this is communicated to a security advisory.

    The closed security gaps originally came from the FBX Software Development, which was used to create the program library. All FBX versions are affected by this .Thus potentially also software projects that use these SDK versions. Attackers could have used the vulnerabilities remotely to obtain the same access rights to the respective system as the currently logged in user. To do this, they would first have to open a specifically prepared file with 3D content in one of the vulnerable programs.

    AutoDesk published the security recommendation in the previous week. Some of these vulnerabilities are suitable for executing injected code, the other vulnerabilities are DoS vulnerabilities. Developers can find the updated SDK on the FBX website.

    Corresponding Security Updates

    Microsoft announces the availability of corresponding security updates. Another security recommendation concerns OpenSSL. There was also an update for Edge recently.

    Microsoft security recommendation warns of a publicly known DoS vulnerability in OpenSSL. The vulnerability was eliminated in OpenSSL too. Microsoft says that Windows is not affected. Rather, Microsoft’s warning is that third parties may be running virtual machines on the platform that run other software that uses OpenSSL.

    Microsoft Rates The Unscheduled Updates As Important

    Users should therefore update the respective software as soon as possible. Administrators should  also install the security update to protect against the vulnerability.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox