Security News

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
2024-04-10 04:57

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated...

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
2024-04-09 17:34

Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.

April 2024 Patch Tuesday forecast: New and old from Microsoft
2024-04-08 05:20

Regular patch releases will be critical to keep this product updated because it does not receive immediate security updates like its related, cloud-connected versions. Hard to believe, Windows 11 21H2 for Education and Enterprise and Windows 11 22H2 Home and Pro are already reaching EOS on November 8th. Microsoft recently reversed its decision to end the preview updates for Windows 11 22H2 in February and announced it will continue through June.

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
2024-03-28 10:20

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable...

Exploit released for Fortinet RCE bug used in attacks, patch now
2024-03-21 15:17

Security researchers have released a proof-of-concept exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server software, which is now actively exploited in attacks.On Thursday, one week after Fortinet released security updates to address the security flaw, security researchers with Horizon3's Attack Team published a technical analysis and shared a proof-of-concept exploit that helps confirm if a system is vulnerable without providing remote code execution capabilities.

March Patch Tuesday sees Hyper-V join the guest-host escape club
2024-03-13 00:16

Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities - none listed as under active attack or already known to the public. "This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server," according to the security update.

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
2024-03-12 19:55

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited. One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs
2024-03-12 17:52

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
2024-03-11 04:28

Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "Holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Avast claims Lazarus Group used the vulnerability to obtain read/write primitive on the Windows kernel and install their FudModule rootkit, but Microsoft's opinion on the severity of admin-to-kernel exploits meant it didn't prioritize the matter, waiting until February's patch Tuesday to fix the issue, which it tagged as CVE-2024-21338, with a CVSS score of 8/10. "Some Windows components and configurations are explicitly not intended to provide a robust security boundary," Microsoft states on its Security Servicing criteria page.

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast
2024-03-10 09:00

What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity. Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.