No Image

Announcing Windows 11 Insider Preview Build 23486

2023-06-23 KENNETH 0

Announcing Windows 11 Insider Preview Build 23486 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 23486 to the Dev Channel. What’s new in Build 23486 Passwordless Improvements Microsoft believes that the future is passwordless. Passkeys will allow you to replace passwords when you sign into a web site or application that supports them. Passkeys represent a future where bad actors will have a much harder time stealing and using your credentials when signing into a web site or application. Passkeys are phish-resistant, recoverable, and faster for users. Enroll and use passkey to sign into apps and websites: We are improving the passkey experience for Windows users. They can now go to any app or website that supports passkeys to create and sign in using passkeys with the Windows Hello native experience. Once a passkey is created, [ more… ]

No Image

USN-6188-1: OpenSSL vulnerability

2023-06-22 KENNETH 0

USN-6188-1: OpenSSL vulnerability Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Source: USN-6188-1: OpenSSL vulnerability

No Image

USN-6184-1: CUPS vulnerability

2023-06-22 KENNETH 0

USN-6184-1: CUPS vulnerability It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or possibly obtain sensitive information. Source: USN-6184-1: CUPS vulnerability

No Image

USN-6187-1: Linux kernel (IBM) vulnerabilities

2023-06-22 KENNETH 0

USN-6187-1: Linux kernel (IBM) vulnerabilities William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269) It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1076) It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1077) It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access [ more… ]

No Image

USN-6186-1: Linux kernel vulnerabilities

2023-06-22 KENNETH 0

USN-6186-1: Linux kernel vulnerabilities Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom [ more… ]