In June 2020 Microsoft’s Patch Tuesday fixes a record 129 defects and vulnerabilities in its software – with a further 19 patches in the June Microsoft Office patch bundle. This continues a recent trend of ever-increasing numbers of patches included in the monthly updates from Microsoft (the two previous highest number of patches were in […]
Record breaking June Patch Tuesday Read More »
April’s patch Tuesday release from Microsoft includes fixes for three zero-day vulnerabilities in Windows that are under active attack. CVE-2020-1020 is a flaw in the Windows Adobe Type Manager Library. According to Microsoft: For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10,
Microsoft patches zero-day flaws Read More »
Microsoft warns that attackers are targeting two zero-day remote code execution vulnerabilities that exist in all versions of Windows – and a fix is not expected until the April patch Tuesday. The vulnerabilities exist in the Adobe Type Manager library which is a standard Windows component used primarily by Windows Explorer to display previews of
Windows zero day RCE vulnerabilities under attack Read More »
Microsoft has released a patch to fix a remote code execution flaw in the SMB protocol affecting Windows 10 PC and their servers. SMB is used by Active Directory, for network file sharing and some printers. Microsoft have published a security advisory which details the scope of the flaw. The problem is the way the SMBv3
Microsoft patches critical SMB flaw Read More »
A remote code execution vulnerability has been discovered in all version of the Point-to-Point Protocol included on Linux systems for the last 17 years. The vulnerability allows an unauthenticated attacker to send a specially crafted packet to the PPP daemon (pppd), force a buffer overflow and execute arbitrary code. The PPP protocol is used for
Linux PPP RCE vulnerability Read More »
A serious vulnerability, dubbed Ghostcat, has been discovered in Apache Tomcat and criminals are already trying to exploit it. Tomcat is one of the most popular Java application servers, with over 800k active installations visible on the web. According to the researchers who discovered the bug at Chaitin Tech: Due to a flaw in the
Ghostcat leaves Tomcat vulnerable Read More »
Kr00k is a serious Wi-Fi vulnerability which can trick a device to retransmit the last 32k of encrypted traffic with an encryption key of all zeros. The flaw affects devices using Wi-Fi chips from Broadcom and Cypress including Apple devices, Amazon Echo and Google Nexus devices. The bug can be triggered when a device disconnects
Kr00k Wi-Fi vulnerability affects a billion devices Read More »
Microsoft has released a patch to a remote code execution vulnerability in Exchange server which is being actively targeted. CVE-2020-0688 is a flaw in the installation procedure resulting in all Exchange Servers using the same cryptographic keys for ASP.NET ViewState data. A detailed write-up by the Zero Day Initiative demonstrates the flaw in action. In summary:
Exchange Server RCE exploited in the wild Read More »
A bug has been found in the SUDO command which can allow an attacker to gain root privilege on Linux and Unix systems, even for users that do not have permission to run SUDO. SUDO is a security tool used daily in most organisations. SUDO allows users to execute a specific command with escalated privilege
SUDO bug allows privilege escalation Read More »
A remote code execution vulnerability in the Zigbee protocol allowed researchers to hack a Hue smart bulb and use that as a beachhead to compromise an entire network. Security Researchers at Check Point have demonstrated how to exploit a vulnerability in a Philips Hue smart bulb (CVE-2020-6007) and then pivot to compromise the Hue hub
Hue smart bulb RCE vulnerability patched Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.