November 13, 2024 at 11:36AM Microsoft’s November 2024 Patch Tuesday addressed 89 vulnerabilities, including four zero-days, with two actively exploited. Key fixes involve critical flaws in remote code execution and privilege escalation. Other notable updates were shared by Adobe, Cisco, and Google. Comprehensive vulnerability details are outlined in the full report. ### Meeting Takeaways – … Read more
November 13, 2024 at 07:15AM A security analysis of the OvrC cloud platform revealed ten vulnerabilities that could allow remote code execution on connected devices. These flaws impact OvrC Pro and Connect, with some allowing attackers to impersonate devices and access unauthorized controls. Fixes were issued in May 2023 and November 2024. ### Meeting Takeaways … Read more
November 13, 2024 at 07:15AM Microsoft’s November 2024 Patch Tuesday addressed 90 security flaws, including two actively exploited vulnerabilities in Windows NTLM and Task Scheduler. Notably, CVE-2024-43451 affects NTLMv2 hash disclosure, while CVE-2024-49039 allows privilege escalation. The update also highlights critical vulnerabilities in Azure CycleCloud and .NET, alongside adopting CSAF for improved vulnerability reporting. **Meeting … Read more
November 12, 2024 at 08:32PM Microsoft’s recent Patch Tuesday update addressed 89 security flaws, including two under active attack. Vulnerabilities CVE-2024-49039 and CVE-2024-43451 enable privilege escalation and account impersonation, respectively. Additionally, severe flaws in Azure and .NET products could lead to remote code execution. CISA highlighted an increase in zero-day exploitations throughout 2023. ### Meeting … Read more
November 12, 2024 at 05:45PM Microsoft’s November security update addresses 89 vulnerabilities, including four zero-day bugs actively exploited by attackers. Among these, CVE-2024-43451 allows unauthorized access to NTLMv2 hashes, while CVE-2024-49039 enables privilege escalation. Microsoft also adopted the Common Security Advisory Framework (CSAF) to improve vulnerability disclosure. ### Meeting Takeaways: 1. **Vulnerability Update**: – Microsoft … Read more
November 12, 2024 at 02:04PM Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical flaws and two actively exploited zero-days. Notable vulnerabilities include NTLM Hash Disclosure and Windows Task Scheduler issues. The update also highlights fixes for other major products and features from various vendors, ensuring enhanced security across systems. ### Meeting Takeaways … Read more
November 12, 2024 at 12:52PM Citrix has released patches for two vulnerabilities in its Virtual Apps and Desktop technology that could allow privilege escalation or remote code execution by attackers. Discovered by watchTowr, the flaws affect the Session Recording Manager. Citrix assigned a medium severity score, which watchTowr disputes, deeming the threat more critical. ### … Read more
November 12, 2024 at 11:14AM Researchers have revealed a proof of concept for a serious vulnerability in Citrix’s Virtual Apps and Desktops, allowing unauthenticated remote code execution through HTTP requests. This flaw lets attackers gain system privileges and impersonate users. Citrix disputes the severity and has issued hotfixes, urging customers to apply them immediately. ### … Read more
November 12, 2024 at 10:25AM A zero-day vulnerability in Citrix’s Session Recording Manager permits unauthenticated remote code execution, enabling potential data theft and desktop takeover. It stems from insecure BinaryFormatter use and an exposed MSMQ service. As of now, there’s no known exploitation, but Citrix remains a prime target for cybercriminals. **Meeting Takeaways: Citrix Session … Read more
November 12, 2024 at 10:15AM Researchers revealed vulnerabilities in Citrix Virtual Apps and Desktop, potentially allowing unauthenticated remote code execution through misconfigured permissions in the Session Recording component. Citrix has issued hotfixes for affected versions (CVE-2024-8068 and CVE-2024-8069). Microsoft warns against using BinaryFormatter due to its security risks related to deserialization. ### Meeting Takeaways – … Read more