Drupal Security Updates, Security Tips for ASUS Wireless Routers, Microsoft Update for EMET and GNU glibc Vulnerability



Connectikpeople recalls that, Drupal has released updates to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.

Available updates include:
  • Drupal core 6.38 for 6.x users
  • Drupal core 7.43 for 7.x users
  • Drupal core 8.0.4 for 8.0.x users
Users and administrators are encouraged to review Drupal's Security Advisory and apply the necessary updates.

It is also indispensable to recall that:
The Federal Trade Commission (FTC) has provided network security tips for vulnerable ASUS-branded wireless routers. These routers were found to have major security flaws, allowing hackers to obtain sensitive personal information.
Therefore, FTC urges consumers to download the latest security updates for their routers and be cautious when setting up any personal cloud storage. Users and administrators are encouraged to visit FTC's blog for more information and review US-CERT's Tip on Securing Your Home Network ST15-002.

Connectikpeople is aware of a vulnerability in Microsoft Enhanced Mitigation Experience Toolkit (EMET) versions prior to 5.5. Exploitation of this vulnerability may allow a remote attacker to bypass or disable EMET to take control of an affected system.

Therefore, we recommend users and administrators visit the Microsoft Security TechCenter  and upgrade to EMET version 5.5. 

At the end, GNU glibc contains a buffer overflow vulnerability in the DNS resolver. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Vulnerability Note VU#457759 and the glibc Project Notification for additional details and to refer to their respective Linux or Unix-based OS vendor for an appropriate patch.