Analysts Warn of Potential Risks for Alphabet Amid Google Breakup Speculations, Despite Stock Gains
Latest News
Zaker Adham
17 August 2024
10 July 2024
|
Zaker Adham
Summary
Summary
Microsoft's July Patch Tuesday brings a significant update, addressing over 130 vulnerabilities, including two actively exploited bugs. Administrators should prioritize these critical updates to ensure system security.
The first critical vulnerability, CVE-2024-38080, is an elevation of privilege flaw in Windows Hyper-V, rated 7.8 out of 10 on the CVSS scale. Exploitation of this flaw could allow attackers to gain system privileges, posing a significant risk for ransomware attacks.
The second active exploit, CVE-2024-38112, is a spoofing vulnerability in the MSHTML platform. With a 7.5 CVSS score, this flaw requires user interaction to exploit, typically through a malicious file. Check Point Research's Haifei Li reported this issue to Microsoft.
Another critical update includes CVE-2024-35264, a remote code execution vulnerability in .NET and Visual Studio, requiring a race condition to be exploited. Additionally, CVE-2024-37985 is a side-channel attack affecting ARM-based systems, rated at 5.9 on the CVSS scale.
Among the five critical CVEs, three are 9.8-rated remote code execution bugs in Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077). Exploitation is considered less likely, but administrators should ensure these servers are not internet-facing.
Adobe's monthly patch addresses seven CVEs across three products, with six being critical. The updates focus on vulnerabilities in Adobe Premiere Pro, InDesign, and Adobe Bridge.
SAP's 18 new and updated patches include a high-priority fix for a missing authorization check vulnerability in SAP Product Design Cost Estimating (PDCE), rated at 7.7 CVSS.
Fortinet and Citrix have also released important security updates, addressing cross-site scripting vulnerabilities and privilege-escalation flaws, respectively. Google's Android patch fixes 27 CVEs, with the most critical being a local privilege escalation flaw in the Framework component.
Latest News
Zaker Adham
17 August 2024
Latest News
Zaker Adham
15 August 2024
Latest News
Zaker Adham
14 August 2024
Latest News
Zaker Adham
13 August 2024