NCSC News – latest security updates

Please see two notifications for your review and where applicable, action.

CVE-2021-34527 Windows Print Spooler (PrintNightmare)

Microsoft has released security updates to address a security vulnerability in the Windows Print Spooler (CVE-2021-34527 “PrintNightmare”).

Microsoft recommends installing the June 2021 security update and security updates released on or after 6 July 2021.

Further information, workarounds and an FAQ are available at:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Moodle Cross Site Scripting & Open Redirect Vulnerabilities

The NCSC is aware of a cross site scripting vulnerability and an open redirect vulnerability affecting the Moodle learning management system.

The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest version as soon as practicable. Upgrading to at least version 3.11, 3.10.4, 3.9.7 and 3.8.9 addresses these security issues.

For more information see:
https://download.moodle.org/releases/latest/
https://moodle.org/mod/forum/discuss.php?d=422314

For those on CiSP, please see attached
https://share.cisp.org.uk/community/vulnerabilities/blog/2021/07/07/moodle-cross-site-scripting-open-redirect-vulnerabilities

For those not on CiSP, don’t miss out on key information that is not always available on our website. To get an account, register at
https://www.ncsc.gov.uk/section/keep-up-to-date/cisp

By julies|2021-07-08T09:25:32+01:00July 8th, 2021|Categories: Technology|0 Comments

NCSC News – latest security updates