Cisco has released security updates to address vulnerabilities in multiple products.  Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system.

Users and administrators are encouraged to review Cisco Security Advisories and apply the necessary updates.

For more information visit:

• Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability
• Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability
• Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

TZ-CERT is aware of the number of published reports regarding a computer malicious software named Petya Ransomware that has affected several computers around the world.

Ransomware is a type of malicious software family that infects and prevents users from accessing their files or systems, either by locking the system’s screen or by encrypting the user’s files unless a certain amount of money is paid. Paying a ransom does not guarantee access to be restored thus users organizations are discourage from paying the ransom.

The reports show that Petya Ransomware is infecting Windows based computers that have outdated and unpatched software and specifically with a Microsoft Server Message Block 1.0 (SMBv1) vulnerability by encrypting the master boot records.

The patch for this vulnerability was released by Microsoft earlier this year and users of Microsoft computers can secure their computers by installing the security patch.

Users and administrators are encouraged to review the security alert issued by TZ-CERT and apply the necessary Microsoft updates (MS17-010).

The Mozilla Foundation has release security update to address multiple security vulnerabilities in Thunderbird. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Security Advisory released and apply the necessary updates.

For more information please review Security Advisory for Thunderbird 52.2

The Internet Systems Consortium (ISC) has released security updates to highlight vulnerabilities in versions of BIND. These vulnerabilities could potentially allow an attacker to take control of an affected system.

The updates include:

• BIND version 9.11.1-P1
• BIND version 9.10.5-P1
• BIND version 9.9.10-P

Users and administrators are encouraged to review the ISC Knowledge Base and apply the necessary updates.

For more information visit AA-01495, AA-01496 and AA-01497

Google has released Chrome versions 59.0.3071.104 for Windows, Mac and Linux. This update addresses multiple vulnerabilities that could allow an attacker to cause denial of service condition.

Users and administrators are encouraged to review the Google Chrome release blog and apply the necessary updates, click here for more information.