October 23, 2024 at 09:55AM A critical vulnerability in Microsoft SharePoint (CVE-2024-38094) has been added to the CISA’s KEV catalog, allowing remote code execution for authenticated attackers. Patches were released in July 2024, and agencies must apply them by November 12, 2024. Meanwhile, a zero-day flaw in Samsung processors also poses exploitation risks. ### Meeting … Read more
October 16, 2024 at 07:45AM North Korean group ScarCruft exploited a zero-day vulnerability (CVE-2024-38178) in Windows to deploy RokRAT malware via a compromised advertising server. Users are tricked into clicking malicious links. This incident showcases ScarCruft’s evolving techniques, emphasizing the need for software updates to enhance security against such threats. ### Meeting Takeaways – October … Read more
October 9, 2024 at 11:19AM Microsoft has resolved issues related to the Windows 11 Patch Tuesday preview (KB5043145), which previously caused multiple restarts and device connectivity failures. The latest update includes critical security fixes. However, Windows 11 22H2 users will no longer receive updates, with other editions approaching end-of-support dates as well. ### Meeting Takeaways: … Read more
October 9, 2024 at 03:27AM Microsoft has issued security updates for 118 vulnerabilities, including two under active exploitation. Key vulnerabilities include CVE-2024-43572 and CVE-2024-43573, both related to remote code execution and spoofing. The U.S. CISA has added these to its catalog, mandating fixes by October 29, 2024. ### Meeting Takeaways – Microsoft Security Updates (Oct … Read more
October 8, 2024 at 07:40PM Patch Tuesday released 117 Microsoft patches, addressing serious vulnerabilities including CVE-2024-43572, a high-risk flaw allowing unauthorized code execution, and CVE-2024-43573, a moderate spoofing issue. Adobe and SAP also issued numerous updates, with notable concerns in BusinessObjects and Apache Log4j related to their respective vulnerabilities. ### Meeting Takeaways **Patch Tuesday Overview … Read more
October 8, 2024 at 03:10PM Microsoft’s October 2024 Patch Tuesday addresses a known issue in Windows servers disrupting Remote Desktop connections post-July security updates. It may affect legacy protocol usage. Temporary fixes include firewall customization and registry edits. Notably, this follows previous instances of connectivity problems after security updates. The update addresses 118 vulnerabilities, including … Read more
October 8, 2024 at 02:18PM The text lists numerous CVE IDs and their associated vulnerabilities, including remote code execution, denial of service, elevation of privilege, and information disclosure. These vulnerabilities impact various Microsoft products such as .NET, Visual Studio, Azure, Windows, and Office, among others. The severity ranges from critical to moderate. Based on the … Read more
October 8, 2024 at 01:48PM Microsoft released KB5044284 and KB5044285 Windows 11 cumulative updates for versions 24H2 and 22H2/23H2, addressing security vulnerabilities and resolving 27 bugs and performance issues. Users can install the updates through Windows Update or manually from the Microsoft Update Catalog. The updates include various fixes and improvements, with details available in … Read more
October 8, 2024 at 01:26PM Microsoft released the KB5044273 cumulative update for Windows 10 22H2 and 21H2, containing nine changes and fixes, including an opt-in notification for Windows Update. It’s mandatory and includes security updates for October 2024 Patch Tuesday. Users can install it through Settings or manually from the Microsoft Update Catalog. The update … Read more
September 16, 2024 at 03:56PM CISA orders U.S. federal agencies to secure systems against a Windows MSHTML spoofing bug exploited by the Void Banshee APT group. The vulnerability (CVE-2024-43461) was exploited before being fixed, allowing attackers to execute code on unpatched Windows systems. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, and … Read more