Today, the Pulse Secure team released a security update to address the issue outlined in Security Advisory SA44784 (CVE-2021-22893) impacting Pulse Connect Secure appliance. We recommend that customers move quickly to apply the update to ensure they are protected.
The Pulse Secure team has worked closely with the Cybersecurity and Infrastructure Security Agency (CISA) as well as leading forensic experts and industry groups, including Mandiant/FireEye and Stroz Friedberg, among others, to investigate and respond quickly to malicious activity that was identified on a very limited number of customer systems. The Pulse team took swift action to provide mitigations directly to the limited number of impacted customers that remediates the risk to their system, and we are pleased to be able to deliver a security patch in such short order to address the vulnerability. Visit Security Advisory SA44784 (CVE-2021-22893) for more information.
As sophisticated threat actors continue their attacks on U.S. businesses and government agencies, we will continue to work with our customers, the broader security industry, law enforcement and government agencies to mitigate these threats. Companywide we are making significant investments to enhance our overall cyber security posture, including a more broad implementation of secure application development standards.
In that vein, we recommend that customers take advantage of our Pulse Security Integrity Checker Tool, an efficient and easy-to-use tool for our customers to identify malicious activity on their systems, and continue to apply and follow recommended guidance for all available security patches.
Please visit our most recent blog post for additional information on previously known vulnerabilities that organizations should take action on immediately.
Thank you,
Phil Richards
CSO