Cisco Releases Security Updates for Multiple Products
             Cisco has released security updates to address vulnerabilities in multiple Cisco products. An
             attacker could exploit some of these vulnerabilities to take control of an affected system. The
             Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to
             review the following Cisco Security Advisories and apply the necessary updates:
                    • Webex Network Recording Player and Webex Player Arbitrary Code Execution
                       Vulnerabilities cisco-sa-20190807-webex-player
                    • Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability cisco-sa-
                       20190807-nfvis-vnc-authbypass
                    • IOS XR Software Intermediate System-to-Intermediate System Denial of Service
                       Vulnerability cisco-sa-20190807-iosxr-isis-dos-1918
                    • IOS XR Software Intermediate System-to-Intermediate System Denial of Service
                       Vulnerability cisco-sa-20190807-iosxr-isis-dos-1910
                    • Adaptive Security Appliance Software Web-Based Management Interface Privilege
                       Escalation Vulnerability cisco-sa-20190807-asa-privescala
                    • Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities cisco-
                       sa-20190806-sb220-rce
                    • Small Business 220 Series Smart Switches Authentication Bypass Vulnerability cisco-sa-
                       20190806-sb220-auth_bypass


             SWAPGS Spectre Side-Channel Vulnerability
             The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-
             1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer
             processors. This vulnerability can be exploited to steal sensitive data present in a computer
             systems' memory. Spectre is a flaw an attacker can exploit to force a program to reveal its data. The
             name derives from "speculative execution"—an optimization method a computer system performs
             to check whether it will work to prevent a delay when actually executed. Spectre affects almost all
             devices including desktops, laptops, and cloud servers.
             CISA encourages users and administrators to review the following guidance, refer to their hardware
             and software vendors for additional details, and apply an appropriate patch when available:
                    • Microsoft: Windows Kernel Information Disclosure Vulnerability
                    • Red Hat: Spectre SWAPGS gadget vulnerability
                    • Google: Spectre Side Channels


             Adobe Releases Security Updates for Multiple Products
             Adobe has released security updates to address vulnerabilities in multiple Adobe products. An
             attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity
             and Infrastructure Security Agency (CISA) encourages users and administrators to review the
             following Adobe Security Bulletins and apply the necessary updates:
                    • After Effects CC APSB19-31
                    • Character Animator CC APSB19-32
                    • Premiere Pro CC APSB19-33
                    • Prelude CC APSB19-35
                    • Creative Cloud Desktop Application APSB19-39
                    • Acrobat and Reader APSB19-41
                    • Experience Manager APSB19-42
                    • Photoshop CC APSB19-44





                                                    www.accumepartners.com
                                                                                                                    18