October 10, 2024 at 11:19AM GitLab has issued security updates for vulnerabilities in Community and Enterprise Editions, notably a critical flaw (CVE-2024-9164) that allows unauthorized pipeline execution. Patches are available in versions 17.4.2, 17.3.5, and 17.2.9. Users are urged to upgrade promptly; dedicated customers need not take action. **Meeting Takeaways:** 1. **Security Update Release**: GitLab … Read more
October 10, 2024 at 12:57AM Mozilla has disclosed a critical vulnerability (CVE-2024-9680) affecting Firefox, exploited in the wild. This use-after-free bug in the Animation timeline component allows attackers to execute code. Users are urged to update to the latest versions (Firefox 131.0.2, ESR 128.3.1, and 115.16.1) to mitigate risks. **Meeting Takeaways – October 10, 2024** … Read more
October 9, 2024 at 03:03PM Palo Alto Networks urged customers to patch critical vulnerabilities in its Expedition solution, which could allow attackers to hijack PAN-OS firewalls and access sensitive data. The flaws involve command injection, XSS, and SQL injection, with proof-of-concept exploits available. Users should upgrade to Expedition 1.2.96 and rotate credentials. ### Meeting Takeaways … Read more
October 9, 2024 at 03:27AM Microsoft has issued security updates for 118 vulnerabilities, including two under active exploitation. Key vulnerabilities include CVE-2024-43572 and CVE-2024-43573, both related to remote code execution and spoofing. The U.S. CISA has added these to its catalog, mandating fixes by October 29, 2024. ### Meeting Takeaways – Microsoft Security Updates (Oct … Read more
October 8, 2024 at 05:17PM Multiple editions of Windows 11 22H2 and 21H2 have reached their end of servicing, including Home, Pro, Pro Education, Pro for Workstations, and SE editions released on September 20, 2022. The last security update for these editions will be in October 2024. Windows 11 2024 Update is rolling out, and … Read more
October 8, 2024 at 03:29PM Microsoft released security updates to address vulnerabilities in multiple products. CISA advises users and administrators to review and apply necessary updates from the Microsoft Security Update Guide for October to mitigate potential cyber threats. Based on the meeting notes, the key takeaway is that Microsoft has released security updates to … Read more
October 8, 2024 at 03:10PM Microsoft’s October 2024 Patch Tuesday addresses a known issue in Windows servers disrupting Remote Desktop connections post-July security updates. It may affect legacy protocol usage. Temporary fixes include firewall customization and registry edits. Notably, this follows previous instances of connectivity problems after security updates. The update addresses 118 vulnerabilities, including … Read more
October 8, 2024 at 12:12PM Ivanti released security updates to address three new Cloud Services Appliance (CSA) zero-day vulnerabilities being actively exploited. These flaws impact CSA 5.0.1 and earlier, with the company advising affected customers to upgrade to version 5.0.2 and monitor for signs of compromise. Ivanti pledged a focus on Secure by Design and … Read more
October 8, 2024 at 12:42AM Qualcomm has released security updates addressing around 20 vulnerabilities in proprietary and open-source components. Among them, CVE-2024-43047 is a high-severity user-after-free bug in the DSP Service, under active exploitation. CVE-2024-33066, a critical flaw in WLAN Resource Manager, has also been patched. The updates aim to mitigate potential targeted exploitation and … Read more
September 30, 2024 at 08:08AM Microsoft issued the KB5043145 preview update for Windows 11, offering fixes for various issues. However, the update is causing reboot loops and freezes, prompting the company to advise users to report boot issues through the Feedback Hub. Microsoft is currently investigating the problem and has also been addressing other known … Read more