What if a cyber-attack took down your company’s internet connection?
You might be left with a virtual version of your company, which is how Cisco Security researchers discovered a potential vulnerability in its latest vulnerability assessment tool.
The vulnerability has been dubbed a “virtualization flaw” by Cisco because it’s used to deploy virtual machines on a network and allows attackers to steal credentials.
The security team said the virtualization flaw is not being exploited by malicious actors, but it’s not a unique vulnerability because it was reported in previous versions of the Cisco security report.
Cisco Security also released a security advisory Wednesday that recommends using the security update immediately.
Consequently, you should not attempt to update to the latest version of Cisco’s latest vulnerability checkers until you have confirmed that it’s safe to do so.
CERT has said it will update the Cisco Security bulletin to fix the virtualizing vulnerability.
You can see the latest Cisco Security report here: https://www.cisco.com/security/en/products/security-advisory/security_report_2016-06-13.pdf The new vulnerability, dubbed a Virtualization Feat, allows a malicious actor to gain remote code execution when the virtual machine’s operating system is installed on a computer running a vulnerable version of the virtualized operating system.
The vulnerability could be used by an attacker to perform unauthorized actions such as install malicious software on the machine.CISCO Security has previously warned about the Virtualization Bug, which was first reported in February and identified in October.
The bug is not currently being exploited, according to Cisco.
The Cisco Security team said it did not attribute any attacks on its network in recent weeks, but added that there have been “a number of high-profile attacks” and that a small number of customers have been targeted by cybercriminals in the past.CIT has issued a warning for the virtualizability flaw, saying that the vulnerability has not been identified in the wild yet and could be fixed in a few days.
“While Cisco Security does not recommend anyone update their operating systems to the newest version of this vulnerability, the vulnerability could still be exploited by an attack,” the bulletin states.
Citrix, the maker of the popular software software, said on Wednesday it is “monitoring” the vulnerability and will be making an update available in the coming days.
Citing a Cisco Security advisory, Microsoft said it has confirmed that the latest virtualization vulnerability in Cisco’s security bulletin has been exploited by a “malicious actor.”
The company said the attack is “significant and ongoing” and it will be taken into account by its software and systems.
The threat, known as a “Windows zero-day” and dubbed a CVE-2016-2599, is designed to take advantage of weaknesses in Windows operating systems and is usually triggered when an attacker has maliciously installed malware on the victim computer.
Microsoft’s bulletin also states that the exploit is “unique” because it is a Windows zero- day, and not one in which it was previously used.
Microsoft’s vulnerability assessment report also states:The latest update is a patch that Microsoft has already released for all versions of Windows.
If you are not already using the latest update, you can upgrade by going to the Microsoft website to download it and installing it.
The update is now available for Windows 10, 10.0, 10, 7, and 7.1, and it is also available for older versions of Microsoft Windows.