Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry.
For the third month in a row, Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. Today sees the publication of 16 critical remote code execution (RCE) vulnerabilities, which is more than usual. Two browser vulnerabilities have already been published separately this month, and are not included in the total.
Read more…
Source: Rapid7
Related:
- Atlassian update: “Take immediate action” to patch your Confluence Data Center and Server instances
November 2, 2023
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if your Confluence site is accessed via an atlassian.net domain, it is not ...
- Update now! Apple patches a raft of vulnerabilities
October 27, 2023
Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation ...
- Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
October 18, 2023
Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities. In past operations, Diamond ...
- Government-backed actors exploiting WinRAR vulnerability
October 18, 2023
In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still ...
- Remediation for Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)
October 17, 2023
On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023. Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication ...
- Update now! Atlassian Confluence vulnerability is being actively exploited
October 12, 2023
Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defenders had “zero days” to patch the flaw. The vulnerability has since ...