Avis
Users operating TLS servers may consider disabling TLS client authentication, if it is being used, until fixes are applied.
To address the issue, VMware has updated XStream to version 1.4.19 and to apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' available at:
The Centre for Cyber security Belgium recommends system administrators to identify software which includes this library as a supply-chain dependency.
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and analyze system and network logs for any suspicious activity. This report has instructions to help your organization.
The CCB recommends installing updates for vulnerable software with the highest priority, after thorough testing.Detailed instructions can be found on: Adobe security advisory
Upgrade
Always ensure your systems are up to date.
Microsoft Exchange Online Customers:
- Microsoft Exchange Online Customers do not need to take any action.
Mitigations for On-premise Microsoft Exchange customers: