September 20, 2024 at 03:08PM Microsoft has announced the public preview of Hotpatching for Windows Server 2025, allowing the installation of security updates without requiring a system restart. Hotpatching aims to reduce workload impact, improve security protection, and minimize the need for system reboots. This feature is expected to simplify change control and provide shorter … Read more
September 19, 2024 at 06:57PM CISA added five flaws to its Known Exploited Vulnerabilities catalog, including a critical remote code execution (RCE) flaw in Apache HugeGraph-Server (CVE-2024-27348). It urges users to apply mitigations or discontinue use by October 9, 2024. The product is vital for various sectors and has older vulnerabilities added for documentation purposes. … Read more
September 16, 2024 at 02:06PM Microsoft has released Office LTSC 2024 for commercial and government customers, designed for devices without internet connectivity and requiring long-term support. It offers improved performance, security, and accessibility, with new features in Excel, Outlook, and Microsoft Teams. Unlike previous versions, it doesn’t include Microsoft Publisher and is available via device-based … Read more
September 12, 2024 at 10:50AM GitLab has released critical updates to address multiple vulnerabilities, including the most severe CVE-2024-6678, allowing an attacker to trigger pipelines as arbitrary users. The release encompasses versions 17.3.2, 17.2.5, and 17.1.7 for both CE and EE, and addresses a total of 18 security issues. GitLab urges immediate upgrading to the … Read more
September 11, 2024 at 06:57AM Ivanti announced security updates for Endpoint Manager, Cloud Service Appliance, and Workspace Control, addressing multiple high-severity vulnerabilities. Patches for Endpoint Manager resolve 16 flaws, including CVE-2024-29847, a critical-severity bug allowing remote code execution. Cloud Service Appliance patch resolves an OS command injection flaw. Workspace Control patches address six high-severity vulnerabilities. … Read more
September 10, 2024 at 01:37PM Today, Microsoft’s September 2024 Patch Tuesday addresses 79 flaws, including four zero-days. Seven critical vulnerabilities were fixed, with details on each category of flaws provided. Notably, one of the zero-days, CVE-2024-38014, allows attackers to gain SYSTEM privileges. The update also includes vulnerabilities in various Microsoft products and services, along with … Read more
September 5, 2024 at 10:23AM Veeam has released a security bulletin addressing 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and ONE. The most severe is a remote code execution vulnerability on Veeam Backup & Replication, posing a high risk of ransomware exploitation. Multiple critical vulnerabilities have also been … Read more
September 5, 2024 at 12:58AM Cisco has issued security updates to address critical flaws in its Smart Licensing Utility and Identity Services Engine (ISE). Affecting versions 2.0.0, 2.1.0, and 2.2.0, the flaws could enable unauthenticated, remote attackers to elevate privileges or access sensitive information. Additionally, a command injection vulnerability in ISE versions 3.2 and 3.3 … Read more
September 3, 2024 at 04:51AM Two Chrome browser updates, 128.0.6613.113/.114 and 128.0.6613.119/.120, addressed eight vulnerabilities last week. Four high-severity memory safety flaws, including issues in the V8 JavaScript engine, were resolved. The security patches also covered a heap buffer overflow in Skia. Google urges prompt updates, but no evidence of exploitation in the wild has … Read more
August 23, 2024 at 02:08PM Microsoft provided a workaround for Linux boot issues caused by August security updates on dual-boot systems with Secure Boot enabled. It sounds like Microsoft provided a workaround for the Linux boot issues caused by the August security updates on dual-boot systems with Secure Boot enabled. Full Article