After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we’re sure is a welcome change to sysadmins.
Another eight of the 83 Microsoft CVEs are considered critical, and one of these – to quote Zero Day Initiative chief bug hunter Dustin Childs – is “fascinating.” Plus, it’s got an AI-attack component, so we’re going to start with it. CVE-2026-26144 is a critical-severity information disclosure vulnerability in Microsoft Excel.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 6 New Vulnerabilities Found on D-Link Home Routers
June 12, 2020
On February 28, 2020, Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware. The vulnerabilities were found in the DIR-865L model of D-Link routers, which is meant for home network use. The current trend towards working from home increases the likelihood of malicious attacks against home ...
- Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’
June 4, 2020
Cisco has disclosed four critical security flaws affecting router equipment that uses its IOS XE and IOS software. The four critical flaws are part of Cisco’s June 3 semi-annual advisory bundle for IOS XE and IOS networking software, which includes 23 advisories describing 25 vulnerabilities. The 9.8 out of 10 severity bug, CVE-2020-3227, concerns the authorization controls for the ...
- Severe Cisco DoS Flaw Can Cripple Nexus Switches
June 2, 2020
Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists (ACLs) configured on affected Nexus switches – and launch a denial of service (DoS) attacks on the devices. “A successful ...
- New cold boot attack affects seven years of LG Android smartphones
June 2, 2020
South Korean phone manufacturer LG has released a security update last month to fix a vulnerability that impacts its Android smartphones sold over the past seven years. The vulnerability, tracked under the identifier of CVE-2020-12753, impacts the bootloader component that ships with LG smartphones. Separate from the Android OS, the bootloader is a piece of firmware specific ...
- Hackers Compromise Cisco Servers Via SaltStack Flaws
May 28, 2020
Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that is running the vulnerable salt-master service. The first is Cisco Modeling Labs Corporate Edition (CML), ...
- Critical Cisco Bug in Unified CCX Allows Remote Code Execution
May 21, 2020
Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express (CCX). Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. The flaw (CVE-2020-3280), which has a CVSS score of 9.8 out ...