Security News > 2023 > March > Week in review: Public MS Word RCE PoC, API exploitation, Patch Tuesday forecast
Veeam Backup & Replication admins, get patching!Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible.
Fortinet plugs critical RCE hole in FortiOS, FortiProxyFortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.
PoC exploit for recently patched Microsoft Word RCE is publicA PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.
March 2023 Patch Tuesday forecast: It's not about luckEvery month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday.
Vulnerability in DJI drones may reveal pilot's locationSerious security vulnerabilities have been identified in multiple DJI drones.
Attackers exploit APIs faster than ever beforeAfter combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm.
News URL
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-10 | CVE-2023-27532 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |
2023-02-14 | CVE-2023-21716 | Unspecified vulnerability in Microsoft products Microsoft Word Remote Code Execution Vulnerability | 9.8 |