Government of the Republic of Trinidad and Tobago                                                                                                                                        


Security Advisories

TTCSIRT-217.070919: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that an elevation of privilege vulnerability exists in Azure Automation “RunAs account” runbooks for users with contributor role. This could potentially allow members of an organization to access Key Vault secrets through a runbook, even if these members would personally not have access to that Key Vault. To […]

Read More


TTCSIRT-216.070919: TT-CSIRT Advisory – Android Security Updates

Google has released a security update stating that it has found the following issues in the Android OS: a) Framework vulnerability enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions – (CVE-2019-2104). b) Library vulnerability enable a remote attacker using a specially crafted file to execute […]

Read More


TTCSIRT-215.062819: TT-CSIRT Advisory – Ubuntu Security Updates

Canonical has released a security update stating that it has discovered a vulnerability in its Ubuntu Linux OS where a sequence of specifically crafted selective acknowledgements (SACK) may trigger an integer overflow, leading to a denial of service or possible kernel failure. Further information on this vulnerability and how it can be mitigated can be […]

Read More


TTCSIRT-214.062819: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that it has discovered a vulnerability in Microsoft Exchange 2013 which can allow a remote attacker to gain administrative privileges. This is issue is caused due to one of the EWS API functions called PushSubscriptionRequest. This can be can be used to cause the Exchange server to connect […]

Read More


TTCSIRT-213.061419: TT-CSIRT Advisory – Chrome Security Updates

Google has released a security update stating that it has found the following vulnerabilities in Google Chrome: a) Cross-origin resources size disclosure in Appcache – (CVE-2019-5837) b) Heap buffer overflow in Angle – (CVE-2019-5836) c) Inconsistent security UI placement – (CVE-2019-5833) d) Incorrect CORS handling in XHR – (CVE-2019-5832) e) Incorrect handling of certain code […]

Read More


TTCSIRT-212.061419: TT-CSIRT Advisory – Cisco Security Updates

Cisco has released a security update stating that a vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The issue is due to insufficient CSRF protections for the web UI on an affected device. […]

Read More


TTCSIRT-211.053119: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following vulnerabilities in Mozilla FireFox ver67.0: a) Timing Attack Vulnerability (CVE-2019-9815) – if hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. b) Type Confusion Vulnerability (CVE-2019-9816) – a possible vulnerability exists where type confusion can occur when […]

Read More


TTCSIRT-210.053119: TT-CSIRT Advisory – IBM Security Updates

IBM has released a security update stating that it has discovered a vulnerability in IBM WebSphere Application Server that could allow for remote code execution. This issue occurs when serializing an object from an untrusted source. IBM WebSphere Application Server is a software framework and middleware that hosts Java-based web applications. Further information on this […]

Read More


TTCSIRT-209.051519: TT-CSIRT Advisory – VMware Security Updates

VMware has released a security update stating that VMware Workstation contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. Further information on this […]

Read More


TTCSIRT-208.051519: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security update stating that it has discovered the following issues in the latest versions of Adobe Acrobat and Reader: a) Multiple Out-of-Bounds Read vulnerabilities that could allow for Information Disclosure – (CVE-2019-7841, CVE-2019-7836). b) Multiple Use After Free vulnerabilities that could allow for Arbitrary Code Execution – (CVE-2019-7835, CVE-2019-7834). c) A […]

Read More