Sunday, November 24, 2024
CybersecurityNewsOperating Systems

Fortinet and Citrix Active Exploits, and Windows Versions Reach End of Service

Active Exploits on Fortinet and Citrix Devices

by Artie Kaye

Fortinet’s SSL-VPN has a flaw that could allow arbitrary code execution. The company has released a patch to address the problem. The flaw is listed as CVE-2022-42475.
https://www.fortiguard.com/psirt/FG-IR-22-398

Citrix ADC and Gateway network devices have a vulnerability which could allow remote code execution. The NSA has observed Citrix devices as a prolonged target by threat actors and released a statement with advice and suggestions. There is a patch available to address this problem. The flaw is listed as CVE-2022-27518.
https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Windows End of Service Announcement

by Artie Kaye

Microsoft has rolled out their final service update for the 21H1 version of Windows 10. No more patches, or security updates will be made available from the company after this. To continue to get support updating Windows 10 to 21H2 is advised. Additionally in January 2023, Windows 7’s extended support will end, and 8.1’s regular support will terminate as well.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)