CyberSecurityBoard
Sponsor Register Login

Microsoft patches 34 vulnerabilities, including one zero-day

December's Patch Tuesday is a relatively quiet one on the Microsoft front.
Redmond has patched 34 vulnerabilities with only four rated as critical.
One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units, was shifted by AMD to software developers.
Then ensure that no privileged data is used in division operations prior to changing privilege boundaries, AMD adds, which is about as hard as it sounds.
We're not sure how Microsoft solved it, but the company noted that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.
MSHTML is a core component of Windows that is used to render browser-based content.
An attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client.
This could lead to exploitation even before the email is viewed in the Preview Pane.
This could result in the attacker executing remote code on the victim's machine.
In other words, they could install or trigger malware on the target's machine.
Other vendors have synchronized their periodic updates with Microsoft.
Here are few major ones that you may find in your environment.
Adobe has released security updates to address multiple vulnerabilities in Adobe software.
Roid: Google released the Android December 2023 security updates with a fix for a critical zero-day.
Apache released security updates to address a vulnerability in Struts 2.
A remote attacker could exploit this vulnerability to take control of an affected system.
Apple issued emergency updates including patches for older iOS devices concerning two actively used zero-day vulnerabilities.
WordPress released version 6.4.2 that addresses a remote code execution vulnerability.
Cybersecurity risks should never spread beyond a headline.
Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.


This Cyber News was published on www.malwarebytes.com. Publication date: Wed, 13 Dec 2023 17:43:24 +0000


Cyber News related to Microsoft patches 34 vulnerabilities, including one zero-day

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
6 months ago Securityaffairs.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
11 months ago Techtarget.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
10 months ago Darkreading.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
7 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
11 months ago Darkreading.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
10 months ago Techtarget.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
10 months ago Darkreading.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
5 months ago Securityaffairs.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
7 months ago Bleepingcomputer.com
At a Glance: The Year in Cybersecurity 2023 - From a surge in zero-day attacks to a need to consolidate security stacks for safety, we've seen some notable challenges, trends, and threats. In this post, we'll take a quick, non-comprehensive look at trends and news from 2023, and see what ...
1 year ago Securityboulevard.com
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
10 months ago Bleepingcomputer.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
7 months ago Bleepingcomputer.com
Google fixes first actively exploited Chrome zero-day of 2024 - Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide ...
11 months ago Bleepingcomputer.com
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
1 year ago Bleepingcomputer.com
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
9 months ago Feeds.dzone.com
Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
7 months ago Bleepingcomputer.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
6 months ago Securityaffairs.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
11 months ago Techtarget.com
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)