CISA warns of Windows flaw used in infostealer malware attacks

September 16, 2024 at 03:56PM CISA orders U.S. federal agencies to secure systems against a Windows MSHTML spoofing bug exploited by the Void Banshee APT group. The vulnerability (CVE-2024-43461) was exploited before being fixed, allowing attackers to execute code on unpatched Windows systems. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, and … Read more

About that Windows Installer ‘make me admin’ security hole. Here’s how it’s exploited

September 12, 2024 at 07:39AM Microsoft warned users of a Windows Installer flaw, CVE-2024-38014, allowing for SYSTEM-level privilege escalation via an .msi file, exploited in the wild. Security firm SEC Consult disclosed the flaw and released msiscan, an open source tool to detect vulnerable files. Microsoft patched the vulnerability in its latest Patch Tuesday update … Read more

ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA

September 11, 2024 at 05:15AM The September 2024 Patch Tuesday saw security advisories from Siemens, Schneider Electric, and ABB, addressing critical vulnerabilities in their products, including authentication bypass, remote code execution, and privilege escalation issues. CISA also issued advisories for various ICS vulnerabilities, emphasizing the importance of implementing available mitigations and workarounds. Based on the … Read more

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

September 11, 2024 at 03:45AM Microsoft disclosed three new security flaws impacting the Windows platform, with 79 vulnerabilities addressed in the September 2024 Patch Tuesday update. Seven are rated Critical, 71 Important, and one Moderate. Exploited vulnerabilities include CVE-2024-38014, CVE-2024-38217, and CVE-2024-38226. Additional security updates were released by various vendors to address vulnerabilities. Based on … Read more

Microsoft fixes Windows Server performance issues from August updates

September 10, 2024 at 04:51PM Microsoft’s latest Patch Tuesday cumulative updates address a known issue causing boot problems, freezes, and performance issues on Windows Server 2019 after installing August 2024 security updates. Based on the meeting notes provided, it appears that Microsoft’s Patch Tuesday cumulative updates for this month also address a known issue related … Read more

Windows 11 KB5043076 cumulative update released with 19 changes

September 10, 2024 at 01:53PM Microsoft released the mandatory Windows 11 23H2 KB5043076 cumulative update to fix 79 vulnerabilities, including four zero-day exploits, and make 19 improvements. Users can install the update via Windows Update or manually from the Microsoft Update Catalog. The update includes fixes for File Explorer, Windows Installer, Widgets Board, Windows Share, … Read more

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

September 10, 2024 at 01:37PM Today, Microsoft’s September 2024 Patch Tuesday addresses 79 flaws, including four zero-days. Seven critical vulnerabilities were fixed, with details on each category of flaws provided. Notably, one of the zero-days, CVE-2024-38014, allows attackers to gain SYSTEM privileges. The update also includes vulnerabilities in various Microsoft products and services, along with … Read more

Chrome 128 Updates Patch High-Severity Vulnerabilities

September 3, 2024 at 04:51AM Two Chrome browser updates, 128.0.6613.113/.114 and 128.0.6613.119/.120, addressed eight vulnerabilities last week. Four high-severity memory safety flaws, including issues in the V8 JavaScript engine, were resolved. The security patches also covered a heap buffer overflow in Skia. Google urges prompt updates, but no evidence of exploitation in the wild has … Read more

Microsoft shares temp fix for Linux boot issues on dual-boot systems

August 23, 2024 at 02:08PM Microsoft provided a workaround for Linux boot issues caused by August security updates on dual-boot systems with Secure Boot enabled. It sounds like Microsoft provided a workaround for the Linux boot issues caused by the August security updates on dual-boot systems with Secure Boot enabled. Full Article

August Windows security update breaks dual boot on Linux systems

August 21, 2024 at 11:05AM August 2024 Windows security updates are causing issues for dual-boot on some Linux systems with Secure Boot enabled. Microsoft applied a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 vulnerability, impacting various Linux distributions. The affected users are experiencing “Verifying shim SBAT … Read more