Patch Tuesday, Not So Hot for Hackers

Microsoft rolled out patches for 49 vulnerabilities, one critical, one concerning Wi-Fi, and another publicly known.

NSEC3-encloser Bug Still Haunts Us (CVE-2023-50868)

This known vulnerability in DNSSEC implementations (since February) allows attackers to exhaust CPU resources, causing denial-of-service (DoS)

 Critical RCE in Microsoft Message Queuing (CVE-2024 30080)

This critical flaw allows attackers to remotely execute code by sending a malicious packet. Patch immediately!

Scary Wi-Fi RCE Flaw (CVE-2024-30078)

This unauthenticated attacker exploit can take over a nearby Windows PC via Wi-Fi. Patch as soon as possible!

Adobe Plugs Holes (166 CVEs)

Adobe addressed a whopping 166 vulnerabilities, including critical ones in Photoshop, FrameMaker, and Creative Cloud Desktop.

PHP RCE Exploited by TellYouThePass Ransomware (CVE-2024-4577)

Update PHP immediately! A critical RCE flaw is being actively exploited to deliver ransomware.

Arm Patches Exploited GPU Driver Flaw (CVE-2024-4610)

This local privilege escalation vulnerability affects Arm-powered devices. Update drivers to fix the exploit.

Apple VisionOS 1.2 Plugs 21 Holes, Android Patches 37

Both Apple and Google addressed vulnerabilities in their respective mobile operating systems.

SolarWinds Fixes Critical Serv-U Directory Traversal Bug

Upgrade Serv-U to patch this critical flaw that grants attackers read access to sensitive files.