A naukri.com initiative
The Register
1d
53
Image Credit: The Register
Admins can give thanks this November for dollops of Microsoft patches
- Microsoft has released fixes for 89 CVE-listed security flaws, including two under active attack, and reissued three more.
- The first flaw would allow privilege escalation due to an error in Windows Task Scheduler.
- The second flaw is an issue with Microsoft's NTLM code, which can be exploited to obtain a victim's NTLMv2 hash.
- A CVSS 9.9 issue in Azure CycleCloud would allow remote code execution; the vulnerability can be exploited to gain root privileges.
- .NET & Visual Studio contain a CVSS 9.8 flaw that can be exploited by someone sending malicious requests.
- Malicious applications utilize a cryptographic protocol vulnerability in Windows Kerberos to achieve remote code execution.
- The US government's CISA has added Windows Task Scheduler & NTLMv2 issues to its Known Exploited Vulnerabilities Catalog.
- CISA published its list of the top 15 most exploited vulnerabilities from the past year.
- In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets.
- Intel released 47 patches across a broad spectrum of its processors that are still supported.
Read Full Article
3 Likes
For uninterrupted reading, download the app