Security Alerts
Our support will regularly inform you of important events here.
Would you like to be notified by e-mail in case of future Security Alerts? Then sign up here in!
- 25/10/2023
- 13:25
VMware has addressed vulnerabilities hidden in vCenter Server. These vulnerabilities were announced under CVE-2023-34048, CVE-2023-34056. A similar vulnerability was also fixed earlier this year.
A malicious person with network access to vCenter Server could potentially exploit this problem to execute arbitrary code on the underlying operating system.
Take action
The severity of this vulnerability is high (CVE score = 9.8), which means action is required. We recommend that you upgrade vCenter to version 7.0U3o or 8.0U1d. This upgrade will not cause any disruption to your environment and can be performed during business hours.
Given the urgency of the situation, we are implementing these upgrades proactively at our Managed Services clients.
Do you have questions about this or do you, as a non-Managed Services customer, still want support? Please do not hesitate to contact us: support@vanroey.be.
- 19/07/2023
- 11:47
Citrix recently a security bulletin released regarding NetScaler ADC and NetScaler Gateway. This includes multiple vulnerabilities with identifiers CVE-2023-3466, CVE-2023-3467, CVE-2023-3519.
A malicious person could potentially exploit this problem remotely to execute arbitrary code.
Take action
The severity of this vulnerability is high (CVE score = 9.8), which means action is required. We recommend that you upgrade Netscaler to the latest version according to Citrix recommendations.
Given the urgency of the situation, we contacted proactive our Managed Services clients who are using Citrix NetScaler to schedule the update.
Do you have questions about this or do you, as a non-Managed Services customer, still want support? Please do not hesitate to contact us: support@vanroey.be.
- 26/06/2023
- 11:16
VMware recently addressed multiple memory corruption vulnerabilities in vCenter Server that can be exploited to execute external code. These vulnerabilities, designated CVE-2023-20892 to CVE-2023-20896, are in the software implementation of the DCERPC protocol.
A malicious person with network access to vCenter Server could potentially exploit this problem to execute arbitrary code on the underlying operating system hosting vCenter Server.
Take action
The severity of this vulnerability is high (CVE score = 5.9-8.1), which means action is required. We recommend that you upgrade vCenter to version 7.0U3m or 8.0 U1b, released on 22 June 2023. This upgrade will not cause any disruption to your environment and can be performed during business hours.
Given the urgency of the situation, we are implementing these upgrades proactively at our Managed Services clients.
Do you have questions about this or do you, as a non-Managed Services customer, still want support? Please do not hesitate to contact us: support@vanroey.be.
- 12/06/2023
- 13:43
Fortinet has released important security updates for FortiOS firmware versions 6.0, 6.2, 6.4, 7.0 and 7.2. An official communication regarding a possible leak is not yet available, but it is suggested that it is a critical SSL-VPN RCE vulnerability that this update fixes.
Take action
The above vulnerability is very critical (CVE score = 9.2) and therefore immediate action is required! Customers with a service contract whose environment we can remotely access will be patched after business hours (7pm).
Don't have a service contract and would like to call on our experts to update your firewall(s)? Then contact us via the info below.
- 09/06/2023
- 11:26
To take the security level within Microsoft 365 to the highest level, geolocation is often used. Only login attempts from trusted countries are allowed here.Microsoft has recently IPv6 enabled in Azure AD, which causes problems with Conditional Access rules for some customers. This results, among other things, in unjustified blocking of login attempts.
Are you experiencing problems, are users no longer logged on and would you like to call on our expertise? Then contact our helpdesk via support@vanroey.be or the phone number 014 47 06 00.
- 15/03/2023
- 10:45
Due to a vulnerability in Microsoft Outlook, we ask everyone to close the Outlook client and temporarily work through https://outlook.office.com/mail/
Thanks to a newly discovered vulnerability, cybercriminals can already penetrate your system by simply sending a malicious mail. As soon as this mail is processed by the Outlook client, it is already activated. So you don't even have to open this mail.
Updating as soon as possible is recommended.
We would just like to mention that you can alternatively update Office 365 in Word. You can see how to do this in the picture below or in this guide.
Alerts in your mailbox?
Would you like to be notified by e-mail in case of future Security Alerts?
