November 20, 2024 at 05:36AM Oracle announced patches for a critical information disclosure vulnerability (CVE-2024-21287) in Agile Product Lifecycle Management (PLM), which has been actively exploited. The flaw allows remote, unauthenticated attackers to access files under PLM application privileges. Users are urged to apply the updates promptly, as support for Agile PLM will end in … Read more
November 19, 2024 at 10:09AM Microsoft is introducing a “Quick Machine Recovery” feature for Windows to enable IT administrators to remotely recover unbootable systems via targeted fixes. This initiative follows a significant outage in July 2024 caused by a faulty update. Additionally, new security measures will prevent future risks from kernel-level drivers. ### Meeting Highlights: … Read more
November 18, 2024 at 02:00PM Broadcom has warned that two VMware vCenter Server vulnerabilities, CVE-2024-38812 (a critical remote code execution flaw) and CVE-2024-38813 (a privilege escalation flaw), are being actively exploited. Customers are urged to apply new security updates to mitigate risks, as no workarounds are available for these vulnerabilities. ### Meeting Takeaways 1. **Active … Read more
November 15, 2024 at 06:00PM Microsoft has retracted its November 2024 Exchange security updates due to email delivery issues reported by admins. The update disrupted mail flow rules and data loss protection for Exchange users. Microsoft advises affected customers to uninstall the updates while investigating a permanent fix, with the rollout paused until resolved. **Meeting … Read more
November 14, 2024 at 06:10AM NIST reported that all known exploited CVEs in the backlog have been addressed, but acknowledged that completely clearing the backlog by October was overly optimistic. **Meeting Takeaways:** 1. **Status of CVE Backlog**: NIST has addressed all known exploited CVEs but acknowledges that clearing the entire backlog by October was an … Read more
November 13, 2024 at 01:03PM Google Cloud will begin assigning CVE identifiers to significant cloud vulnerabilities, including those that do not necessitate immediate patching. This move aims to improve transparency and accountability in addressing security issues within its cloud services. **Meeting Takeaways:** 1. **CVE Assignment**: Google Cloud will now assign Common Vulnerabilities and Exposures (CVE) … Read more
November 13, 2024 at 12:42PM Microsoft has addressed significant issues affecting Windows 11 24H2 and Windows Server 2025 in its KB5046617 security update. This includes fixing a Task Manager reporting error and resolving installation delays on certain hardware. The update also mitigates upgrade issues for Windows Server, improving overall system functionality for users. **Meeting Takeaways:** … Read more
November 13, 2024 at 11:36AM Microsoft’s November 2024 Patch Tuesday addressed 89 vulnerabilities, including four zero-days, with two actively exploited. Key fixes involve critical flaws in remote code execution and privilege escalation. Other notable updates were shared by Adobe, Cisco, and Google. Comprehensive vulnerability details are outlined in the full report. ### Meeting Takeaways – … Read more
November 13, 2024 at 08:03AM Ivanti has addressed numerous vulnerabilities by releasing fixes for Endpoint Manager, Avalanche, Connect Secure, Policy Secure, and Secure Access Client, enhancing security across these products. **Meeting Takeaways:** 1. **Release of Fixes:** Ivanti has issued fixes addressing multiple vulnerabilities. 2. **Affected Products:** The vulnerabilities were found in the following products: – … Read more
November 12, 2024 at 02:04PM Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical flaws and two actively exploited zero-days. Notable vulnerabilities include NTLM Hash Disclosure and Windows Task Scheduler issues. The update also highlights fixes for other major products and features from various vendors, ensuring enhanced security across systems. ### Meeting Takeaways … Read more