Microsoft Releases January 2024 Patch Tuesday Security Updates

Microsoft has released its January 2024 Patch Tuesday security updates to fix multiple vulnerabilities across its products. Based on the official Microsoft release notes, there are 48 Microsoft CVEs, of which two are classified as ‘Critical’ and the rest are designated as Important’. Five non-Microsoft CVEs are also included. ____________________________ A. List of the Vulnerabilities continue reading : Microsoft Releases January 2024 Patch Tuesday Security Updates

Microsoft Releases December 2023 Patch Tuesday Security Updates

Microsoft has released its December 2023 Patch Tuesday security updates to fix multiple vulnerabilities across its products. Based on the official release notes from Microsoft, there are no zero-day vulnerabilities included in the patch. However, it’s important to note that there are four critical vulnerabilities addressed in this release. ____________________________ A. List of the Vulnerabilities continue reading : Microsoft Releases December 2023 Patch Tuesday Security Updates

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2023-6345)

Google has released Chrome Version 119.0.6045.199 for Mac and Linux, and Version 119.0.6045.199/200 for Windows to address seven security issues, including a zero-day vulnerability (CVE-2023-6345). Based on the official site for Chrome updates, “Google is aware of reports that an exploit for CVE-2023-6345 exists in the wild.”. _____________________________ A. Nature of Vulnerability CVE-2023-6348 CVE-2023-6347 CVE-2023-6346 continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2023-6345)

Critical Vulnerabilities in VMware vCenter Server and VMware Cloud Foundation

VMware has released security updates to address critical vulnerabilities (CVE-2023-34048 and CVE-2023-34056) in VMware vCenter Server and VMware Cloud Foundation. Based on the official advisory, “A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution”. _____________________________ A. Nature of Vulnerabilities CVE-2023-34048 CVE-2023-34056 _____________________________ B. Actions continue reading : Critical Vulnerabilities in VMware vCenter Server and VMware Cloud Foundation

Actively Exploited Zero-Day Vulnerability in Cisco IOS XE Software

Cisco has released a security advisory to address an actively exploited zero-day vulnerability(CVE-2023-20198 in the web user interface of Cisco IOS XE software.  Based on the evidence analyzed by Cisco, a suspicious activity was observed on September 28, 2023 which includes the creation of unauthorized account on a customer’s device. Additionally on October 12, Cisco continue reading : Actively Exploited Zero-Day Vulnerability in Cisco IOS XE Software