Fortinet and Citrix Active Exploits, and Windows Versions Reach End of Service
Active Exploits on Fortinet and Citrix Devices
by Artie Kaye
Fortinet’s SSL-VPN has a flaw that could allow arbitrary code execution. The company has released a patch to address the problem. The flaw is listed as CVE-2022-42475.
https://www.fortiguard.com/psirt/FG-IR-22-398
Citrix ADC and Gateway network devices have a vulnerability which could allow remote code execution. The NSA has observed Citrix devices as a prolonged target by threat actors and released a statement with advice and suggestions. There is a patch available to address this problem. The flaw is listed as CVE-2022-27518.
https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Windows End of Service Announcement
by Artie Kaye
Microsoft has rolled out their final service update for the 21H1 version of Windows 10. No more patches, or security updates will be made available from the company after this. To continue to get support updating Windows 10 to 21H2 is advised. Additionally in January 2023, Windows 7’s extended support will end, and 8.1’s regular support will terminate as well.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)