[월:] 2021년 10월

No Image

USN-5121-1: Mailman vulnerabilities

2021-10-22 KENNETH 0

USN-5121-1: Mailman vulnerabilities Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery (CSRF) tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. (CVE-2021-42097) Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman’s cross-site request forgery (CSRF) tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. (CVE-2021-42096) Source: USN-5121-1: Mailman vulnerabilities

No Image

The Urgency of Modernizing in the Age of Application Capital

2021-10-22 KENNETH 0

The Urgency of Modernizing in the Age of Application Capital We’re in the midst of a fourth industrial revolution. In today’s digital economy, the vital role of applications makes every company a technology company. Just one poor experience with an app can cause a customer to abandon that app and switch to a competitor. With cyberattacks on the rise, it’s crucial for every team member and stakeholder, in each stage of the application development process, to embrace agility and maintain a security‑first mindset. With this mindset comes modernization. Customers and stakeholders expect certain digital experiences and, without a modern application strategy, losses are inevitable. Therefore, the call to modernize is urgent. Enterprises are required to continuously shift, innovate, and sharpen their competitive edge in this modern age of application capital. Gartner Inc. predicts that global enterprise spending on cloud‑based software [ more… ]

No Image

USN-5116-2: Linux kernel vulnerabilities

2021-10-22 KENNETH 0

USN-5116-2: Linux kernel vulnerabilities It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information (WiFi network traffic). (CVE-2020-3702) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198) It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the Linux kernel could report pointer addresses in some situations. An attacker could use this information to ease the exploitation of another vulnerability. (CVE-2021-38205) [ more… ]

No Image

USN-5120-1: Linux kernel (Azure) vulnerabilities

2021-10-22 KENNETH 0

USN-5120-1: Linux kernel (Azure) vulnerabilities It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not ensure enough processing time was given to perform cleanups of large SEV VMs. A local attacker could use this to cause a denial of service (soft lockup). (CVE-2020-36311) It [ more… ]

Preparing the Windows 10 November 2021 Update for Release

2021-10-22 KENNETH 0

Preparing the Windows 10 November 2021 Update for Release Hello Windows Insiders! We are preparing the Windows 10 November 2021 Update (Windows 10, version 21H2) for release. We believe that Build 19044.1288 is the final build for the November 2021 Update, and the ISO for this build can be downloaded here. We will continue to improve the overall experience of the November 2021 Update on customers’ PCs through our usual servicing cadence. We are now offering the Windows 10 November 2021 Update to all Windows Insiders in the Release Preview Channel on Windows 10 via our “seeker” experience in Windows Update. This means Insiders currently on Windows 10, version 21H1 (or lower) in the Release Preview Channel will need to go to Settings > Update & Security > Windows Update and choose to download and install Windows 10, version 21H2. Once an Insider updates their PC [ more… ]