UCSF IT Technology

Microsoft has pulled the January Windows Server cumulative updates after numerous critical bugs were detected. These issues included domain controllers going through an endless reboot loop, ReFS volumes becoming inaccessible and showing as RAW file systems, and Hyper-V no longer starting on servers. 

Cisco has released security updates to address a Critical-risk vulnerability that was detected within the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit these vulnerabilities to take control of an affected system.

Microsoft has released security updates to address a Critical-risk vulnerability that exists within the IKE Extension component in Microsoft Windows Server 2022 and earlier. A remote attacker could exploit these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Microsoft security update guide vulnerabilities (CVE-2022-21849).

VMware has released a security advisory to address a High vulnerability in Workstation, Fusion, and ESXi. An attacker could exploit this vulnerability to take control of an affected system For a complete description of the vulnerabilities and effected systems, visit VMware Security Advisory. Read more about IT Security service offerings.

VMware has released a security advisory to address a critical vulnerability in Workspace ONE UEM console. An attacker could exploit this vulnerability to obtain sensitive information.  For a complete description of the vulnerabilities and effected systems, visit VMware Security Advisory VMSA-2021-0029

Apache has released an Important security update to address a second vulnerability in the Apache Log4j utility. Patch 2.16.0 has been released since the previous patch 2.15.0 did not fully remediate the vulnerability. A remote attacker could exploit this new vulnerability to cause a Denial of Service (DoS) attack.

The SAP Team has released its December 2021 security updates to address vulnerabilities in various SAP products. A remote attacker could exploit some of these vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit SAP Security Patch Day – December 2021.

Apple has released security updates to address vulnerabilities in multiple products. These updates protect against remote attackers using the vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Apple security updates.

CISA has released an Industrial Controls Systems Medical Advisory (ICSMA) detailing a vulnerability in multiple Hillrom Welch Allyn cardiology products. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit ICSMA-21-343-01: Hillrom Welch Allyn Cardio Products.

Zoho has released critical security updates to address vulnerabilities that is being actively exploited in ManageEngine Desktop and Desktop Central MSP. A remote attacker could exploit this vulnerability to take control of an affected system.