critical

F5 fixes BIG-IP auth bypass allowing remote code execution attacks

by

October 27, 2023 at 11:17AM A critical vulnerability, CVE-2023-46747, has been discovered in the F5 BIG-IP configuration utility. It allows unauthenticated remote code execution by attackers with remote access to the utility. The vulnerability has a CVSS v3.1 score of 9.8. Devices with the Traffic Management User Interface exposed to the internet are at risk. … Read more

Microsoft Exchange gets ‘better’ patch to mitigate critical bug

by

October 10, 2023 at 04:07PM Microsoft has released a new security update (CVE-2023-36434) to address a critical vulnerability in Microsoft Exchange Server (CVE-2023-21709). The update eliminates the need for additional steps and manual removal of a vulnerable Windows IIS Token Cache module. Admins who have already removed the module must install the new security update … Read more