NCERT | National Computer Emergency Response Team Philippines

Microsoft Releases July 2024 Patch Tuesday Security Updates

Microsoft has released its July 2024 Patch Tuesday security updates to fix multiple vulnerabilities across its products. Based on the official Microsoft release notes, there are 139 Microsoft CVEs, of which two vulnerabilities (CVE-2024-38080 and CVE-2024-38112), classified as ‘Important,’ have been detected being exploited in the wild. _____________________________ A. List of the Vulnerabilities Kindly check continue reading : Microsoft Releases July 2024 Patch Tuesday Security Updates

regreSSHion, CVE-2024-6387 Remote Code Execution (RCE) vulnerability in OpenSSH’s server

The Qualys Threat Research Unit (TRU) discovered an unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems that grants full root access. It affects the default configuration and does not require user interaction.This vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, reported in 2006. Qualys Threat Researchers says that it continue reading : regreSSHion, CVE-2024-6387 Remote Code Execution (RCE) vulnerability in OpenSSH’s server

PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

Researchers at DEVCORE found a serious vulnerability in PHP that could allow attackers to remotely execute malicious code on affected servers. Due to PHP’s widespread use and the simplicity of exploiting this flaw, DEVCORE classified it as critical and swiftly reported it to the PHP development team. A fix was released on June 6th, 2024. continue reading : PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-5274)

Recently, after Google released a security update to fix CVE-2024-4671, another security update has been released: Chrome Version 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux to address a zero-day vulnerability tracked as CVE-2024-5274. Based on the official site for Chrome updates, “Google is aware that an exploit for CVE-2024-5274 exists in the wild”. continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-5274)

Microsoft Releases May 2024 Patch Tuesday Security Updates

Microsoft has released its May 2024 Patch Tuesday security updates to fix 60 vulnerabilities across its products, including two vulnerabilities that were detected being exploited in the wild. Tracked as CVE-2024-30051, the first exploited vulnerability is in the Windows DWM Core Library and could allow an adversary to gain SYSTEM-level privileges. Additionally, based on the continue reading : Microsoft Releases May 2024 Patch Tuesday Security Updates