Security News
Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to...
Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities - none listed as under active attack or already known to the public. "This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server," according to the security update.
On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited. One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.
For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. CVE-2024-20674 is a security feature bypass vulnerability that may allow attackers to impersonate Windows' Kerberos server.
According to complaints from Windows admins, the issue is triggered after installing KB5031361 and KB5031364 on Windows Server 2019 and Windows Server 2022 systems. When it released the buggy cumulative updates, the company revised the support document for KB5031364, including and removing a known issue related to VMware ESXi, describing boot issues encountered by guest VMs operating Windows Server 2022 with Secure Boot enabled.
Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. As part of the Kali Linux release, the Kali team has released a pre-built Hyper-V image configured for 'Enhanced Session Mode,' which allows you to connect to the virtual machine using the Remote Desktop Protocol for a better experience.
Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform.Aside from updates for existing tools, a new Kali version usually comes with new tools.
Microsoft has pushed out an emergency fix for a problem in Windows Server caused by patch updates that made it impossible for some organizations to create virtual machines on Hyper-V hosts. The issue arose after Windows Server 2019 and Windows Server 2022 users installed two updates that were part of this month's Patch Tuesday releases.
We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.
Updates to Windows Server that were included in Microsoft's Patch Tuesday batch of fixes this week could trip up users who want to spin up new virtual machines in some Hyper-V hosts. The software giant is warning the problem can arise after installing the KB5021249 or KB5021237 updates on Windows Server or Azure Stack HCI hosts that are managed by System Center Virtual Machine Manager and are in software-defined networking-enabled environments with a network controller.