January 11, 2024 at 09:43AM
On the first Patch Tuesday of 2024, Intel, AMD, Zoom, and Splunk released security advisories. Intel addressed BIOS firmware vulnerabilities, AMD reported a low-severity SEV-SNP issue, and Splunk patched critical and high-severity vulnerabilities. Zoom informed customers of a high-severity flaw affecting Windows products. Several other companies also released their first patches of 2024.
From the meeting notes:
– Intel has announced patches for multiple high-severity and medium-severity vulnerabilities in NUC BIOS firmware and NUC software, requiring local access for exploitation.
– AMD reported a low-severity issue involving SEV-SNP, with no planned mitigation at this time.
– Splunk has released multiple advisories covering critical- and high-severity vulnerabilities, along with medium-severity flaws, patched in various products such as Splunk Enterprise Security and User Behavior Analytics.
– Zoom Desktop, VDI Client, and Windows SDKs are affected by a high-severity flaw allowing an authenticated attacker to escalate privileges via local access, with patches already released.
Additionally, other companies like Siemens, Schneider Electric, SAP, and Microsoft have also released advisories for critical vulnerabilities as part of the first Patch Tuesday of 2024.