Ken's Automated News Feed Aggregator
By 07/14/2020.
Microsoft on Tuesday released July security patches , addressing a total of 123 common vulnerabilities and exposures (CVEs). This hefty patch bundle represents the fifth consecutive month this year in which the count exceeded 110 CVEs, …
Continue ReadingBackground. Today is July 2020 Patch Tuesday, and Microsoft has released updates/fixes for multiple vulnerabilities. One of them is a critical vulnerability with a CVSS score of 10. What is the issue? Windows DNS Server Remote Code Execution Vulnerabil…
Continue ReadingSummary. Microsoft released a patch to address CVE-2020-1350 , a remote code execution vulnerability in Windows DNS Server. Exploiting the vulnerability, dubbed “SIGRed,” could allow a threat actor to gain Domain Administrator rights over the server an…
Continue ReadingMicrosoft GIXnews today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this pa…
Continue ReadingExploit availability: No Description. CWE-444 – Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) The vulnerability allows a remote attacker to perform HTTP request smuggling attack. The vulnerability exists due to the way that HT…
Continue ReadingExploit availability: No Description. CWE-20 – Improper Input Validation The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. The vulnerability exists due to insufficient validation of user-supplied input within the ….
Continue ReadingExploit availability: No Description. CWE-20 – Improper Input Validation The vulnerability allows a remote attacker to execute arbitrary code on the system. The vulnerability exists due to insufficient validation of user-supplied input in the ESLint ex…
Continue ReadingExploit availability: No Description. CWE-20 – Improper Input Validation The vulnerability allows a remote attacker to compromise vulnerable system. The vulnerability exists due to insufficient validation of untrusted input within the Windows Remote De…
Continue ReadingMicrosoft today patched a critical and wormable remote code execution (RCE) vulnerability in the Windows DNS Server that affects Windows Server versions 2003 to 2019. The likelihood of exploitation is high, according to the Check Point researchers who …
Continue ReadingExploit availability: No Description. CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer The vulnerability allows a local user to escalate privileges on the system. The vulnerability exists due to a boundary error when Gr…
Continue Reading