GitLab has released security updates to address multiple vulnerabilities in GitLab. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review GitLab Releases and apply necessary updates.

Red Hat has released security updates to address vulnerabilities affecting its multiple packages. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Red Hat Security Advisories dated 18^th July 2023 and apply necessary updates.

IBM has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review IBM Security Advisories dated 18^th July 2023 and apply necessary updates.

Advisory No: TZCERT/SA/2023/07/14-01

Date of First Release: 14^th July 2023

Source: Microsoft

Software Affected: Microsoft Office and Windows

Overview:

Microsoft has released security workaround to address a critical vulnerability affecting Microsoft Office and Windows. The vulnerability may allow an attacker to take control of affected system.

Description:

Microsoft Office and Windows are affected with a remote code execution vulnerability. The vulnerability allows the attacker to use a specially crafted Microsoft Office document to perform remote code execution in the context of the victim. However, for the exploit to be successful, the attacker must persuade the victims to open the malicious Office document.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Microsoft has released a workaround for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
2. https://securityaffairs.com/148380/hacking/office-zero-day-cve-2023-36884.html

Advisory No: TZCERT/SA/2023/07/14-02

Date of First Release: 14^th July 2023

Source: Citrix

Software Affected: Citrix ADC

Overview:

Citrix has released security patches to address a critical vulnerability affecting the secure access client for Ubuntu. The vulnerability could allow an attacker to execute arbitrary code.

Description:

Citrix Secure Access client for Ubuntu is affected with remote code execution vulnerability. The vulnerability allows an elevated privilege access to the attacker with access to vulnerable client. A victim user must open an attacker-crafted link and accept further prompts.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Citrix has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
2. https://securityaffairs.com/148405/security/citrix-critical-flaw-secure-access-client-for-ubuntu.html
3. https://digital.nhs.uk/cyber-alerts/2023/cc-4353