Advisories

MA-991.112023: MyCERT Advisory - Adobe Releases Security Updates for ColdFusion

  • 24 Nov 2023
  • Advisory
  • adobe, coldfusion, vulnerability, update

1.0 Introduction

On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software.

2.0 Impact
Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system.

3.0 Affected Products

ProductUpdate numberPlatform
ColdFusion 2023
 		Update 5 and earlier versions
  		All
ColdFusion 2021
 		Update 11 and earlier versionsAll

4.0 Recommendations
MyCERT urges organizations to review Adobe ColdFusion security bulletin APSB23-52 for more information and to:

Kindly visit https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html for more information.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-985.112023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 21 Nov 2023
  • Advisory
  • adobe, security, update

1.0 Introduction

Recently, Adobe has released security updates to address vulnerabilities affecting multiple Adobe products.

2.0 Impact
A cyber threat actor could exploit some of these vulnerabilities to take control of affected system.

3.0 Affected Products

  • Adobe ColdFusion
  • Adobe RoboHelp Server
  • Adobe Acrobat and Reader
  • Adobe InDesign
  • Adobe Photoshop
  • Adobe Bridge
  • Adobe FrameMaker Publishing Server
  • Adobe InCopy
  • Adobe Animate
  • Adobe Dimension
  • Adobe Media Encoder
  • Adobe Audition
  • Adobe Premiere Pro
  • Adobe After Effects

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/news-events/alerts/2023/11/14/adobe-releases-security-updates-multiple-products

Read More

MA-972.092023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 16 Sep 2023
  • Advisory
  • adobe, update

1.0 Introduction

Recently, Adobe has released security updates to address vulnerabilities affecting Adobe software.

2.0 Impact
A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Kindly visit the links below:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-963.082023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 11 Aug 2023
  • Advisory
  • adobe, security, update

1.0 Introduction

Recently, Adobe has released security updates to address multiple vulnerabilities in Adobe software.

2.0 Impact
An attacker can exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-953.072023: MyCERT Advisory - Adobe Releases Security Updates for ColdFusion and InDesign

  • 13 Jul 2023
  • Advisory
  • adobe, coldfusion, indesign, security, update, vulnerability

1.0 Introduction

Recently, Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign.

2.0 Impact
An attacker can exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

  • Adobe ColdFusion
  • Adobe InDesign

4.0 Recommendations
MyCERT encourages users and administrators to review the Adobe security releases APSB23-38 and APSB23-40 and apply the necessary updates.

Kindly refer to the following URLs:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-923.042023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 14 Apr 2023
  • Advisory
  • adobe, security, update

1.0 Introduction

Recently, Adobe has released security updates to address multiple vulnerabilities in Adobe software.

2.0 Impact
An attacker can exploit these vulnerabilities to take control of an affected system.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

https://www.cisa.gov/news-events/alerts/2023/04/11/adobe-releases-security-updates-multiple-products

Read More

MA-904.012023: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 13 Jan 2023
  • Advisory
  • adobe, acrobat, reader, indesign, incopy, dimension, security, update

1.0 Introduction

Recently, Adobe has released security updates to address multiple vulnerabilities in Adobe software.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

  • Adobe Acrobat and Reader
  • Adobe InDesign
  • Adobe InCopy 
  • Adobe Dimension

4.0 Recommendations
MyCERT encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-874.102022: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 13 Oct 2022
  • Advisory
  • adobe, software, update, security, vulnerability

1.0 Introduction
Recently, Adobe has released security updates to address multiple vulnerabilities in Adobe software.

2.0 Impact
An attacker can exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
•    Adobe Cold Fusion
•    Adobe Acrobat and Reader
•    Adobe Commerce and Magneto Open Source
•    Adobe Dimension

4.0 Recommendations
MyCERT encourages users and administrators to review Adobe Security Bulletins and apply the necessary updates.

Kindly refer to the URLs below to apply the necessary updates for each of the following affected products:
•    Adobe Cold Fusion: https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html
•    Adobe Acrobat and Reader: https://helpx.adobe.com/security/products/acrobat/apsb22-46.html
•    Adobe Commerce and Magneto Open Source: https://helpx.adobe.com/security/products/magento/apsb22-48.html
•    Adobe Dimension: https://helpx.adobe.com/security/products/dimension/apsb22-57.html

Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
•   https://www.cisa.gov/uscert/ncas/current-activity/2022/10/11/adobe-releases-security-updates-multiple-products

•   https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html

•   https://helpx.adobe.com/security/products/acrobat/apsb22-46.html

•   https://helpx.adobe.com/security/products/magento/apsb22-48.html

•   https://helpx.adobe.com/security/products/dimension/apsb22-57.html

 

Read More

MA-781.032020: MyCERT Alert - Vulnerability in Adobe Type Manager Library

  • 25 Mar 2020
  • Alert
  • Adobe, ATM, Microsoft.

1.0 Introduction

According to Microsoft, there were ongoing exploitations in the wild targeting the unpatched vulnerabilities related to Adobe Type Manager (ATM) Library.

Two remote code execution vulnerabilities have been identified existing in Microsoft Windows ATM Library related to improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.

Microsoft has confirmed the issues, released an advisory “ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability”, and is currently working on a fix.

2.0 Impact

By causing a Windows system to open a specially crafted document or view it in the Windows preview pane, an unauthenticated remote attacker may be able to execute arbitrary code with kernel privileges on a vulnerable system. Windows 10 based operating systems would execute the code with limited privileges, in an AppContainer sandbox.

3.0 Affected System and Devices

  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1709 for ARM64-based Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows RT 8.1
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)

4.0 Recommendations

According to Microsoft, they are currently working to mitigate the addressed issue. In the meantime, users could follow suggested workaround by Microsoft on details below:

  • Disable the Preview Pane and details pane in Windows Explorer.
  • Disable the WebClient service.
  • Rename the ATMFD.DLL.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 - 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More

MA-753.102019: MyCERT Advisory - Adobe Releases Security Updates for Multiple Products

  • 18 Oct 2019
  • Advisory
  • Experience Manager Acrobat and Reader Experience Manager Forms Download Manager

1.0 Introduction

Adobe has released security updates to address vulnerabilities in multiple Adobe products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

  • Experience Manager
  • Acrobat and Reader
  • Experience Manager Forms
  • Download Manager

4.0 Recommendations
Users and administrators are advise to review the following Adobe Security Bulletins and apply the necessary updates:

 

Generally, MyCERT advises the users of this products to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 - 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Read More
Showing 1-10 of 113 items.
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
Popular Advisories
Archives