Avid Security Guidelines and Best PracticesAvid Endpoint Security Guidelines Includes information on endpoint security systems, including specific data on CrowdStrike Falcon.Antivirus Support on Interplay and MediaCentral (updated March 19, 2020)Includes information on general system security and antivirus solutions.Note: Avid no longer qualifies its systems with traditional anti-virus applications. See the Endpoint Security Guidelines (above) for more information on Avid's current qualification efforts.Avid_MS_SecBulletin_Status_2023-01.pdf Includes information on monthly security updates for Microsoft Windows.Older monthly bulletins are listed at the bottom of this page.Follow this page to stay up to date on the latest information available from Avid.For additional information on specific security threats, see the following:February 8, 2023 UpdateOn February 6, 2023 Avid became aware of the attack campaign which is targeting VMWare ESXi hypervisors.Suspected aim of the campaign is to deploy ransomware on to VMWare ESXi systems. An authoritative source -2023-ALE-015/ also made an announcement.The description of the infiltration point suspected to be used by malicious actors is covered in the CVE-2021-21974. Patch for for CVE-2021-21974 has been available since February 23, 2021.This vulnerability affects the Service Location Protocol ( SLP ) service and allows a attacker to remotely exploit arbitrary code. As it comes from the list of versions being affected by the CVE-2021-21974, VMWare ESXi systems not only of versions 6.x and prior to 6.7,but, the following:
A flaw in Microsoft Corp.'s almost universally used Windows operating system could allow hackers to take control of a PC by luring users to a malicious Web site and coaxing them into clicking on a link, the company warned on Tuesday. Microsoft Corp. Chairman Bill Gates is shown in silhouette as he watches a video during his keynote address at the annual Windows Hardware Engineering Conference, Tuesday, May 4, 2004, in Seattle. The conference draws engineers, product designers and others who build the hardware that works with Microsoft's Windows computer operating system. [AP]The world's largest software maker issued the warning as part of its monthly security bulletin, along with a patch to fix the problem. The security warning was rated \"important,\" the second most serious on Microsoft's four-tiered rating scale for computer security threats. The highest is \"critical.\" Anti-virus software company Symantec Corp. called the vulnerability a \"high risk\" due to the impact the flaw could have if successfully exploited. The security flaw affects the latest versions of Windows, including Windows XP, and software for networked computers such as Windows Server 2003, Microsoft said. Vincent Gullotto, vice president of the anti-virus emergency response team at Network Associates Inc, said he did not believe the vulnerability was a high risk but said computer users should retrieve security patches from Microsoft's Web site. Stephen Toulouse, a manager at Microsoft's Security Response Center, said that while the vulnerability would not allow for the automatic spread of a virus in the way the recent Sasser worm spread across global networks, it could still have serious consequences. \"The net result of an attack would be for an attacker to be able to do anything you already do on your computer,\" he said. To exploit the vulnerability, an attacker would have to host a Web site that contains a Web page used to exploit the vulnerability and then persuade the user to visit the Web site and perform several actions before the attacker could take over a computer, Toulouse said. The fast-moving Sasser computer worm hit PC users running the ubiquitous Microsoft Windows 2000, NT and XP operating systems a little over a week ago, afflicting computer users around the world by causing automatic reboots and slowing down Internet connections. The suspected author of the Sasser worm was caught in Germany this past weekend. Tuesday's security bulletin is the 15th issued so far this year by Microsoft, of which seven have identified \"critical\" flaws in its software. Redmond, Washington-based Microsoft issued 51 security bulletins in 2003. Last year, Microsoft adopted a new monthly patch release program, which it said would let customers apply software fixes for security bugs more easily.
Symantec takes the security and proper functionality of our products very seriously. Symantec appreciates the coordination of Ollie Whitehouse and @stake, Inc. in identifying and providing technical details of areas of concern as well as working closely with Symantec so we could properly address the issue. Anyone with information on security issues with Symantec products should contact firstname.lastname@example.org. 1e1e36bf2d