UCSF IT Technology

Microsoft released a high security update to address a vulnerability in Microsoft Windows Server 2022 MSHTML Platform. A malicious actor could exploit this vulnerability to disclose Net-NTLMv2 hashes. Proof-of-concept (PoC) information is publicly available.

WordPress released a security update to address a High Actively Exploited vulnerability in Elementor Essential Addons for Elementor Plugin. Exploitation of this vulnerability could allow a remote, unauthenticated attacker to modify passwords for known usernames and escalate privileges. A proof-of concept (PoC) code is publicly available and exploitation of this vulnerability has been reported in the wild.

Microsoft released their May Security Update to address vulnerabilities in multiple Microsoft products. An attacker can exploit some of these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to May 2023 Security Update Guide. IT Security

Adobe has released security updates to address Critical and Important vulnerabilities in Adobe Substance 3D Painter. An attacker could exploit these vulnerabilities to take control of an affected system.  

Mozilla released security updates to address vulnerabilities in multiple Mozilla products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Mozilla Foundation Security Advisories. IT Security

Threat Alert: What to Watch For Scammers are creating malicious quick response (QR) codes which they are including on official looking forms in public spaces, such as on customer satisfaction surveys outside businesses or on lookalike parking tickets placed on parked cars.  The malicious QR codes lead to download sites for malicious third-party applications or lookalike payment websites.  These s

Google released Chrome 113.0.5672.63 (Linux and Mac) and 113.0.5672.63/.64( Windows) to address vulnerabilities in Chrome. For a complete description of the vulnerabilities and affected systems go to Chrome Stable Channel Update. IT Security

Android released its April Android update to address multiple vulnerabilities in Android Devices. For a complete description of the vulnerabilities and affected systems go to Android Security Bulletin—May 2023. IT Security Read more about IT Security service offerings.

WordPress released a security update to address a High vulnerability in two of their Plugins. Exploitation of this vulnerability could allow XSS attacks. For a complete description of the vulnerabilities and affected systems go to CVE-2023-0777 Detail. IT Security Read more about IT Security service offerings.