![]() CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability Let’s take a closer look at some of the more interesting updates for this month, starting with the kernel bug that’s listed as under active attack: For those wondering, this month does include patches for the recently released Windows 11 operating system. This is in addition to two of the Chromium bugs that were listed as under active attack when Chrome patched on September 30. ![]() Three of today’s patches are listed as publicly known, while one is listed as being under active attack at the time of release. ![]() Of the 71 CVEs patched today, two are rated Critical, 68 are rated Important, and one is rated Low in severity. A total of 11 of these bugs were submitted through the ZDI program. This is in addition to the eight CVEs patched by Microsoft Edge (Chromium-based) earlier this month and three previously released OpenSSL patches, which brings the October total to 82 CVEs – slightly down from last month. NET Core and Visual Studio, Microsoft Office Services and Web Apps, SharePoint Server, Microsoft Dynamics, InTune, and System Center Operations Manager. None of the bugs fixed this month by Adobe are listed as publicly known or under active attack at the time of release.įor October, Microsoft released patches today for 71 new CVEs in Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server. ![]() The final Adobe patch for October fixes a Critical-rated deserialization bug in Ops- CLI, which is a python wrapper for Terraform, Ansible, and SSH for cloud automation. The other bug is more a more severe Critical-rated deserialization vulnerability that could allow remote code execution. The patch for Ad ob e Connect fixes two bugs, one of which is a reflective XSS. The fix for Adobe Com merce addresses a stored XSS. The patch for Camp aign Standard fixes a DOM-based XSS. Several cross-site scripting (XSS) bugs receive patches this month. All require some form of user interaction, such as browsing to a web page or opening a PDF. The update for Reader for A ndroid fixes a single path traversal bug that could lead to code execution. The Critical-rated bugs could allow remote code execution while the Moderate-rated bugs could allow a privilege escalation. Two of these bugs were submitted through the ZDI program. The update for Adobe Acro bat fixes four bugs in total – two rated Critical and two rated Moderate in severity. Take a break from your regularly scheduled activities and join us as we review the details for their latest security offerings.įor October, Adobe released six patches covering 10 CVEs in Adobe Reader, Acrobat Reader for Android, Adobe Campaign Standard, Commerce, Ops-CLI, and Adobe Connect. The second Tuesday of the month is here, and that means the latest security updates from Adobe and Microsoft have arrived. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |