Outdated and vulnerable PostgreSQL version 9.2.4 used in 3CX V14 SP3

3CX Version 14 Service Pack 3 seems to include/use a very old and insecure PostgreSQL version 9.2.4 (released 04-04-2013).

There have been at least 13 releases since 9.2.4, the latest being 9.2.17 which have resolved the following vulnerabilities: CVE-2014-0066, CVE-2014-0065, CVE-2014-0064, CVE-2014-0063, CVE-2014-0062, CVE-2014-0061, CVE-2014-0060, CVE-2014-0067, CVE-2014-8161, CVE-2015-0244, CVE-2015-0243, CVE-2015-0242, CVE-2015-0241, CVE-2015-3167, CVE-2015-3166, CVE-2015-3165, CVE-2015-5288 and CVE-2016-0773
This means that 3CX V14 Service Pack 3 is likely to be vulnerable to all of the above vulnerabilities.  Using an IPS firewall may help to reduce the risk to your system until an updated version of PostgreSQL is integrated into 3CX.

Tpm.sys – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

Tpm.sys – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)
02-Jun-2014 – 6.1.7601.22707 – Tpm.sys – x64 – https://support.microsoft.com/en-us/kb/2920188 – Update to add support for TPM 2.0 in Windows 7 and Windows Server 2008 R2
02-Jun-2014 – 6.1.7601.18491 – Tpm.sys – x64 – https://support.microsoft.com/en-us/kb/2920188 – Update to add support for TPM 2.0 in Windows 7 and Windows Server 2008 R2

Mcupdate_genuineintel.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

Mcupdate_genuineintel.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)
09-May-2015 – 6.1.7601.18848 – Mcupdate_genuineintel.dll – x86/x64 – https://support.microsoft.com/en-gb/kb/3064209 – June 2015 microcode update for Intel processors in Windows
02-Aug-2014 – 6.1.7601.22758 – Mcupdate_genuineintel.dll – x64 – https://support.microsoft.com/en-us/kb/2970215 – Host Microcode update for Intel processors to improve the reliability of Windows Server
02-Aug-2014 – 6.1.7601.18548 – Mcupdate_genuineintel.dll – x64 – https://support.microsoft.com/en-us/kb/2970215 – Host Microcode update for Intel processors to improve the reliability of Windows Server
10-Feb-2011 – 6.1.7601.21658 – Mcupdate_genuineintel.dll – x86/x64 – https://support.microsoft.com/en-us/kb/2493989 – Microcode update for Intel processors in Windows 7 or in Windows Server 2008 R2
10-Feb-2011 – 6.1.7601.17558 – Mcupdate_genuineintel.dll – x86/x64 – https://support.microsoft.com/en-us/kb/2493989 – Microcode update for Intel processors in Windows 7 or in Windows Server 2008 R2

Wbemcore.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

Wbemcore.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)
18-Feb-2015 – 6.1.7601.18766 – Wbemcore.dll – x86/x64 – https://support.microsoft.com/en-gb/kb/3020369 – April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2

IT – Software and Hardware Support Resources