Microsoft has released security updates to address 89 vulnerabilities in Microsoft products. The security updates include four critical vulnerabilities, two vulnerabilities that are under zero-day exploitation, and four vulnerabilities that are publicly disclosed.
Vulnerability details
CVE-2024-43451 – NTLM Hash Disclosure Spoofing Vulnerability CVE-2024-43451 is an ‘external control of file name or path’ vulnerability in Windows and Windows Server and has a CVSSv3 score of 6.5. Successful exploitation discloses a user’s NTLMv2 hash to the attacker, who could use the hash to authenticate as the user. This vulnerability is publicly known and is under active exploitation.
Read more…
Source: NHS Digital
Related:
- Siemens Patches Vulnerabilities in SIMATIC CP, XHQ
June 23, 2017
Siemens patched two vulnerabilities in products commonly found in industrial control system setups this week. If exploited the flaws could allow an attacker to perform administrative actions or gain read access to sensitive data on affected systems. Siemens patched one issue (.PDF) on Tuesday and the other on Thursday (.PDF) this week. ICS-CERT, the Department of ...
- Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month
June 14, 2017
As part of June’s Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month’s patch release also includes emergency patches for unsupported versions of Windows platform the company no longer officially supports to fix three Windows ...