Trust Center
Creditsafe's Security Program is driven through supporting the delivery of business objectives by protecting the company’s reputation, safeguarding existing revenue, and supporting the generation of future revenue. Dedicated subject matter experts in our Information Security and Compliance, Security Operation Center (SOC), and Security Engineering teams are committed to ensuring that appropriate measures are taken to protect the confidentiality, integrity, and availability of information entrusted to the organisation by its customers, business partners, and stakeholders.
Security can often be misunderstood, and we therefore pride ourselves on balancing a positive security culture with a robust control environment. Therefore, our approach is to enable new and existing customers to interact with our products and services in a straightforward and secure manner.
Information security is an integral part of our operations and ingrained within our people, processes, and technologies. Systems and data are protected by a comprehensive ISO 27001 certified security program, and our responsibilities are encompassed by: • Security Operation Center (SOC) to continuously monitor the organisation's security posture whilst preventing, detecting, and responding to cybersecurity incidents or threats. • Security Engineering which covers the development, integration and maintenance of current and future security controls, technologies, and procedures across the organisation. • A dedicated Compliance team to implement security policies, manage risks, maintain audit systems, and ensure good security practices are embedded in our company culture. We do this via user awareness training, auditing and ongoing stakeholder engagement.
Documents
March Update 2025
In March, Microsoft announced 6 zero day and 6 critical flaws. The zero day vulnerabilities are as follows:
- CVE-2025-24993 - Remote Code Execution
- CVE-2025-24993 - Heap Buffer Overflow
- CVE-2025-24983 - Elevation of Privilege
- CVE-2025-26633 - Security Feature Bypass
- CVE-2025-24985 - Information Disclosure Vulnerabilities
- CVE-2025-24984 - Information Disclosure Vulnerabilities
The critical alerts are grouped into the following dependency areas:
- Windows Remote Desktop Services
- CVE-2025-24645
- CVE-2025-24035
- CVE-2025-24045
- Windows Subsystem for Linux Kernel (WSL2)
- CVE-2025-24084
- Windows Domain Name Service
- CVE-2025-24064
- Microsoft Office
- CVE-2025-24057
Additionally, Apple announced iOS 18.3.2 and MacOS 15.3.2.
All vulnerabilities and updates will be addressed through our regular patching process.
Oracle Breach
Following the disclosure of a possible data breach of Oracle Cloud, via a vulnerability in Oracle Access Manager, Creditsafe can confirm that it is not affected by this breach. Creditsafe does not host any of its Oracle databases on Oracle Cloud, nor does it make use of Oracle Access Manager for SSO or any other purpose.
February Update 2025
In February, Microsoft announced 3 zero day vulnerabilities: CVE-2023-24932 - Secure Boot Security; CVE-2025-21391 - Storage Elevation of Privilege and CVE-2025-21418 - Elevation of Privilege. Microsoft also announced 4 critical vulnerabilities. There were no significant announcements from other vendors. All patches will be dealt with in the normal patching cycle within the Creditsafe estate.
January Update 2025
In January, Creditsafe was affected by 3 x Microsoft Windows Hyper-V zero day exploits,(CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335). Microsoft also announced two further exploits affecting Microsoft Office (CVE-2025-21186 and CVE-2025-21366). Veeam disclosed CVE-2025-23082, however Creditsafe was already above the minimum patching level to mitigate this issue.
December Update 2024
In December, Creditsafe faced two critical Zerodays (CVE-2024-52316 and CVE-2024-50379) with CVE scores of 9.0+, related to a vendor authentication vulnerability. These affect a few non-internet facing servers, and mitigation is in place pending vendor updates. Other Zerodays (CVE 8.9 and below) are managed through the standard patching and update process.