Collaborate Disseminate
Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows… Continue reading Windows Server 2025 gets hotpatching option, without reboots
Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813). … Continue reading Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to… Continue reading Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory poi… Continue reading Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sending … Continue reading Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an… Continue reading SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty progr… Continue reading Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory … Continue reading Microsoft fixes 6 zero-days under active attack
July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to work through the CrowdStrike event, and finally many of us h… Continue reading August 2024 Patch Tuesday forecast: Looking for a calm August release
Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Round… Continue reading Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)