With Patch Tuesday on the horizon, don’t forget to register for our webinar to get the latest news and detailed analysis after the release.

Browser exploits are the name of the game this week with Proof of Concepts released for Internet Explorer, Edge and Chrome this week. TheHackerNews has an article covering the Microsoft’s browser family where a researcher disclosed a vulnerability where an attacker can bypass the same-origin policy through a malicious website. Once bypassed, the attacker can request data from other websites within the same browser such as active login sessions. ZDNet details the vulnerability that has already been fixed in Google’s V8 engine since March 18th. This fix, however, has not been rolled into a stable channel release of Google Chrome, so the browser remains vulnerable. Keep an eye out next week as these disclosures tend to push the vendor to release as soon as possible.

Security Releases

At the end of last week, VMware released VMSA-2019-0005 in response to exploits found during Day 1 of Pwn2Own. 4 of the 5 CVEs listed in the advisory were found during the event where the researchers used the virtual USB host and the e1000 virtual network adapters to execute code on the host machine. Remediations have been released for all supported versions of ESXi, Workstation, Player, and Fusion.

Third-Party Updates

As always, our other supported third-party vendors have been releasing non-security updates for their respective products. While these updates might not have CVEs, they may also contain valuable stability updates for your end users:

Software Title

Ivanti ID

Ivanti KB

BlueJeans Outlook Addin 4.4.620

BLUEJA-005

QBJA44620

GoodSync 10.9.29

GOODSYNC-114

QGS10929

GoToMeeting 8.41.0

GOTOM-061

QGTM8410

Microsoft Power BI Desktop 2.67.5404.981

PBID-053

QBI2675404981

Node.JS 11.13.0 (Current)

NOJSC-013

QNODEJSC11130

Node.JS 6.17.1 (Maintain)

NOJSM-004

QNODEJSM6171

Notepad++ 7.6.6

NPPP-091

QNPPP766

Plex Media Player 2.31.0

PLXP-034

QPLXP2310967

Splunk Universal Forwarder 7.2.5.1

SPLUNKF-036

QSPLUNKF7251

Reduce risks of cybersecurity threats