The Essential Vulnerability Assessment Report – Q1 2019

TL;DR – Go Straight to the Report

You can’t protect what you don’t know exists. The discovery of hard- and software data plays a critical role in maintaining an up-to-date synopsis of your entire IT estate. Leveraging that collected network data is a fundamental starting point for implementing security measures across your organization. A vulnerability report can do wonders!

The next step is to multiply the value of your network inventory with powerful reporting. Aside from our popular monthly Patch Tuesday reports, we publish ad-hoc vulnerability reports to help you mitigate security risks as soon as possible.

Time for a comprehensive security roundup with our ultimate network vulnerability report. The report combines all separate reports from Q1 2019 into one ultimate vulnerability assessment report.

Reported Vulnerabilities in Q1

LibreOffice Remote Code Execution Flaw

LibreOffice is a free and open-source office suite that includes applications for word processing, the creation, and editing of spreadsheets, slideshows, diagrams, drawings, and databases. Prior to versions 6.0.7 and 6.1.3, LibreOffice is vulnerable to a directory traversal attack.

19-Year Old Critical WinRAR Vulnerability

The Popular Windows data compression tool WinRAR has patched a serious 19-year-old security flaw that was discovered on its platform, potentially impacting 500 million users. The security vulnerability allows attackers to extract malicious software to anywhere on your hard drive.

After the security researchers informed WinRAR of their findings, the team patched the vulnerability with version 5.70 beta 1 of the software.

Actively Exploited Chrome Zero-Day Flaw

Time to update your Google Chrome installations immediately to the latest version. Why the urgency? There is a zero-day vulnerability for Chrome that the Google Threat Analysis Group has determined is being actively exploited in the wild.

The vulnerability, assigned as CVE-2019-5786, affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux.

https://twitter.com/justinschuh/status/1103087046661267456

Critical Flaw Provides Another Reason to Update Windows 7

Google has warned us about another Zero-Day vulnerability impacting Windows 7 users, that was being used together with the Chrome exploit to take over Windows systems.

The Windows vulnerability has yet to be patched but Microsoft believes it only affects Windows 7 32-bit systems. In the meantime, Google is recommending that all users still running Windows 7 should upgrade to Windows 10.

PuTTY Software Update Patches 8 Important Vulnerabilities

The popular SSH client program has released the latest version of its software that includes security patches for 8 security flaws. All PuTTY versions prior to 0.71 have been found vulnerable to multiple security vulnerabilities that could allow a malicious server or a compromised server to hijack a client’s system in different ways.

Combined Vulnerability Report for Q1 2019

Our custom vulnerability report can tell you in no time which devices still have a vulnerable software version in place and need to be patched.

Reported Vulnerabilities in Q2 So Far

The second quarter took off in April and we have to face it: it started off with a bang. Below, you can find a list of all vulnerabilities we reported on so far in the second quarter of 2019.

• Confluence – Two Critical Confluence Vulnerabilities Actively Exploited
• Internet Explorer – New Unpatched Zero-Day Internet Explorer Vulnerability
• Dell SupportAssist – Dell PCs Exposed to Pre-Installed SupportAssist Security Exploit
• NVIDIA – NVIDIA Patches 3 Major Windows GPU Display Driver Flaws
• WhatsApp – WhatsApp Zero-Day Vulnerability Allows Spyware Installation
• Intel – Discover Intel CPUs Vulnerable to Zombieload MDS Attacks
• Firefox – Critical Mozilla Firefox Flaws Fixed in 67 Release