Cisco Starts Rolling Out IOS XE Patches
Sunday Drivers
Yesterday Cisco made a patch available to customers which should resolve both of the vulnerabilities which were revealed last week. The number of infected edge devices is still unclear, with Cisco suggesting tens of thousands of devices, while other sources put that number in the hundreds of thousands. The actual number doesn’t matter, if you have Cisco kit you are almost guaranteed to be vulnerable so you should patch immediately.
The first step is to disable all HTTP(S) Server features on devices which face the internet; that should never be done in the first place but it does happen. As for the patch itself, this being Cisco you will need to reach out to your reseller if they haven’t already reached out to you. You won’t find this patch by searching the web, anything you find is pretty much guaranteed to be yet another hack. It might be a bit painful to jump through their hoops, however it’s less painful than having someone else own your network.
The Register has details on some other recent security nightmares here.
"We have now identified a fix that covers both vulnerabilities and estimate initial releases will be available to customers starting October 22," the Cisco spokesperson explained. "However, there are actions customers can take immediately."
More Tech News From Around The Web
- QNAP takes down server behind widespread brute-force attacks @ Bleeping Computer
- Report: Apple has a refreshed Apple Silicon iMac coming as soon as next week @ Ars Technica
- Microsoft Fixes the Excel Feature That Was Wrecking Scientific Data @ Slashdot
- Framework Motherboard Turned Cyberdeck @ Hackaday
- NASA Transmits Patches to the Two Voyager Probes Launched in 1977 @ Slashdot
- Will ChatGPT’s hallucinations be allowed to ruin your life? @ Ars Technica
- AMD gives 7000-series Threadrippers a frequency bump with Epyc core counts @ The Register
