If you use Webex at work – from your browser, which I’m sure you do…better pay attention.
Cisco just released a CRITICAL vulnerability alert that would allow someone to take control of your pc if they can get you to click on a meeting link that’s malicious. Many vendors have people use Webex – many companies pay big money to use webex – so pay attention and go save yourself!
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Google Chrome
Cisco WebEx Extension for Google Chrome version 1.0.7 was released on January 26, 2017 and contains a fix for this vulnerability. Chrome users can ensure they are using the fixed version of the Cisco WebEx Extension for Google Chrome by doing the following:
- In Chrome, open the Settings page.
- Click Extensions.
The extension version is listed next to the Cisco WebEx Extension name.
Mozilla Firefox
Version 106 of the ActiveTouch General Plugin Container for Mozilla Firefox was released on January 28, 2017 and contains a fix for this vulnerability. Mozilla users can ensure they are using the fixed version of the ActiveTouch General Plugin Container for Mozilla by:
- Clicking the menu button (three horizontal bars on the upper right of the application) and selecting Add-ons.
- In the Add-ons Manager tab, click the Plugins panel
- Locate the ActiveTouch General Plugin Container in the list of Plugins and click on the More link to obtain the version information
Microsoft Internet Explorer
Version 10031.6.2017.0127 of the GpcContainer Class for Microsoft Internet Explorer was released on January 28, 2017 and contains a fix for this vulnerability. Internet Explorer users can ensure they are using the fixed version of the GpcContainer Class for Internet Explorer by:
- In Internet Explorer, select the Tools button
- Select Manage add-ons
- Select All add-ons from the Show drop-down menu
- Select the GpcContainer Class add-on under Cisco WebEx LLC
The version number is displayed at the bottom of the Manage Add-ons window.
Fixed Releases
For the latest information about the following products, please consult the Cisco bug ID provided:
- Cisco WebEx Meeting Centers: CSCvc86959
- Cisco WebEx Meetings Server: CSCvc88194
- Cisco WebEx Meetings: CSCvc88535
Google Chrome
Cisco WebEx Extension for Google Chrome version 1.0.7 was released on January 26, 2017 and contains a fix for this vulnerability. Chrome users can ensure they are using the fixed version of the Cisco WebEx Extension for Google Chrome by doing the following:
- In Chrome, open the Settings page.
- Click Extensions.
- Select the Developer mode checkbox.
- Click Update extensions now.
- Restart the Chrome browser.
Mozilla Firefox
Version 106 of the ActiveTouch General Plugin Container for Mozilla Firefox was released on January 28, 2017 and contains a fix for this vulnerability. Mozilla users can ensure they are using the fixed version of the ActiveTouch General Plugin Container for Mozilla by:
- Clicking the menu button (three horizontal bars on the upper right of the application) and selecting Add-ons.
- In the Add-ons Manager tab, click the Plugins panel
- Locate the ActiveTouch General Plugin Container in the list of Plugins and click on the More link to obtain the version information
Microsoft Internet Explorer
Version 10031.6.2017.0127 of the GpcContainer Class for Microsoft Internet Explorer was released on January 28, 2017 and contains a fix for this vulnerability. Internet Explorer users can ensure they are using the fixed version of the GpcContainer Class for Internet Explorer by:
- In Internet Explorer, select the Tools button
- Select Manage add-ons
- Select All add-ons from the Show drop-down menu
- Select the GpcContainer Class add-on under Cisco WebEx LLC
The version number is displayed at the bottom of the Manage Add-ons window.
Current WebEx customers can confirm that their site has received updated software by reviewing the Application Version information found in the Support section of their WebEx page. To view this information, please perform the followings steps:
- Sign into your WebEx account
- Click the Meeting Center tab
- Under Support, click Downloads
The Application Version is displayed on the right hand side of the screen under the About Meeting Center heading.
| Cisco WebEx Software Major Release | First Fixed Application Version |
|---|---|
| T31.10.2 | 31.10.2.5 |
| T31.9.8 | 31.9.8.5 |
| T30.16.2 | 30.16.2.10007 E |
| T30.15.5 | 30.15.5.10009 E |
| T30.14.2 | 30.14.2.10003 E |
| T30.12.4 | 30.12.4.10004 E |
| T30.9.2 | 30.9.2.10010 E |
| T30.6.6 | 30.6.6.10006 E |
| T30.4.4 | 30.4.4.10003 E |
| T29.13.121 | 29.13.121.10011 E |
| T29.13.94 | 29.13.94.10005 E |
| T29.13.73 | 29.13.72.10007 E |
| T29.13.56 | 29.13.56.10008 E |
| T29.13.42 | 29.13.42.10008 E |
| T29.13.35 | 29.13.25.10005 E |
| T29.13.14 | 29.13.14.10012 E |
