Tanzania Computer Emergency Response Team

Advisory No: TZCERT/SA/2021/03/04 Date of First Release: 04th March 2021 Source: Microsoft Software Affected:  Microsoft Exchange Server 2013Microsoft Exchange Server 2016Microsoft Exchange Server 2019 Overview: The four Microsoft Exchange vulnerabilities are part of an attack chain that may cause an unauthenticated attacker to execute arbitrary code remotely. These vulnerabilities are Server-Side Request Forgery (SSRF) …

Google has released security updates to address vulnerabilities in chrome prior to 89.0.4389.72. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system. Users and administrators are encouraged to review Chrome releases page and apply necessary updates.

VMware has released security update to address vulnerability in VMware View Planner. Exploitation of this vulnerability could allow an attacker to take control of an affected system. Users and Administrators are encouraged to review VMWare security Advisory and apply necessary updates.

Microsoft has released security updates to address vulnerabilities in Exchange Server. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system. Users and Administrators are encouraged to review Microsoft Security Response Center page and apply necessary updates.

Google has released security updates to address vulnerabilities in Android OS. Exploitation of these vulnerabilities could allow an attacker to take control of an affected systems. Users and Administrators are encouraged to review Android Security Bulletin and apply necessary updates.

Ubuntu has released security updates to address multiple vulnerabilities in its Linux Kernel. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Ubuntu Security Notices and apply necessary updates.

Cisco has released security updates to address vulnerabilities to its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Cisco Security Advisories cisco-sa-sudo-privesc and cisco-sa-n9kaci-unauth-access and apply necessary updates.

Ubuntu has released security updates to address vulnerabilities in Linux kernel, python and LibTIFF. Exploitation of these vulnerabilities may allow an attacker to take control of affected systems. Users and administrators are encouraged to review Ubuntu Security Advisories and apply necessary updates.

Red Hat has released security updates to address vulnerabilities in Ansible Engine and OpenShift Container Platform. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2021:0100 and RHSA-2021:0664 and apply necessary updates.

Advisory No: TZCERT/SA/2021/02/25 Date of First Release: 25th February 2021 Source: VMware Software Affected:  VMware vCenter Server version 6.5, 6.7 and 7.0VMware ESXi version 6.5, 6.7 and 7.0VMware Cloud Foundation (vCenter Server) version 3.x and 4.xVMware Cloud Foundation (ESXi) version 3.x and 4.x Overview: The vSphere Client (HTML5) contains a remote code execution vulnerability …