this post was submitted on 15 Jul 2023
12 points (100.0% liked)

Operating Systems

3799 readers
1 users here now

All things operating system related, from Windows to Mac to Linux distros and the more obscure.

Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS
 

Microsoft has released security updates for 130 vulnerabilities, including four that are known to be actively exploited.

The four actively exploited vulnerabilities are:

  • CVE-2023-32049: A Windows SmartScreen Security Feature Bypass vulnerability.
  • CVE-2023-35311: A Microsoft Outlook Security Feature Bypass vulnerability.
  • CVE-2023-32046: A Windows MSHTML Platform Elevation of Privilege (EoP) vulnerability.
  • CVE-2023-36874: A Windows Error Reporting Service Elevation of Privilege vulnerability.

Other vendors have also released security updates, including Adobe, Apple, Cisco, Fortinet, Google, MOVEit, Mozilla, SAP, and VMware. These updates are important to install as soon as possible to protect your systems from attack.

Other details:

  • The CVE-2023-32049 vulnerability can be exploited by tricking users into clicking on a malicious link. Once clicked, the link will bypass the Windows SmartScreen security warning and allow the attacker to execute arbitrary code on the victim's computer.
  • The CVE-2023-35311 vulnerability can be exploited by tricking users into opening a malicious Microsoft Outlook email. Once opened, the email will bypass the Microsoft Outlook security warning and allow the attacker to execute arbitrary code on the victim's computer.
  • The CVE-2023-32046 vulnerability can be exploited by tricking users into opening a malicious file. Once opened, the file will exploit the vulnerability and allow the attacker to gain elevated privileges on the victim's computer.
  • The CVE-2023-36874 vulnerability can be exploited by attackers who have local access to a victim's computer. Once exploited, the vulnerability will allow the attacker to gain administrator privileges on the victim's computer.
top 1 comments
sorted by: hot top controversial new old
[–] garam@lemmy.my.id 5 points 1 year ago

Ugh windows..