What do I need to know? Google has recently issued CVE-2023-5129, with a CVSS score of 10, for a zero-day vulnerability that is actively being exploited. This is the highest level of vulnerability so it is critical that it is dealt with. The vulnerability was initially misidentified as a Chrome vulnerability (CVE-2023-4863). However, it has been revealed that the vulnerability affects the libwebp image library, used for rendering images in a large number of apps including Teams. More information is available here.
Furthermore, since the above critical alert has been issued, another high risk vulnerability has been identified (CVE-2023-5217 Chromium); this is slightly less of a risk with a CVSS score of 8.8 and luckily the remediation steps are the same for both.
What do I need to do?
It’s essential for organisations to promptly apply the security patches released by all software vendors to prevent exploitation, this applies to mobile phone software as well.
If your devices (PC’s, Laptops, Macs, etc) are managed by our Remote Monitoring and Management (RMM) service then you do not need to worry, we are applying remediation across all of our client devices as soon as it becomes available. We started the remediation as soon as the vulnerability was identified, to secure the devices against potential compromise.
This vulnerability highlights the importance of devices being enrolled in a managed service such as RMM. It allows us to very quickly react to security threats by identifying all affected devices and applying the appropriate remediation across all of our customers at once, rather than having to deal with each system one by one.
This is much quicker and more reliable than depending on traditional methods, such as Windows Update and individual app update services.
For more information on any of the above, please contact your Connect Systems Account Manager or get in touch with us here and we’ll be happy to help you.< Back