Security
Headlines
HeadlinesLatestCVEs

Headline

Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday

October 2021’s Patch Tuesday includes some patches to block potentially dangerous vulnerabilities. We made a selection of the most “promising” ones.

Categories: Exploits and vulnerabilities

Tags: microsoft patch tuesday patches vulnerabilities

( Read more… ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/patch-now-microsoft-fixes-71-windows-vulnerabilities-in-october-patch-tuesday/ ) )

The post Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday appeared first on Malwarebytes Labs.

Malwarebytes
#Exploits and vulnerabilities#microsoft#patch tuesday#patches#vulnerabilities

Related news

Update now! Mozilla fixes security vulnerabilities in Firefox 94

Mozilla has issued patches for several vulnerabilities in the Firefox browser. We discuss some of the high impact issues. Categories: Exploits and vulnerabilities Tags: cloud clipboard cve-2021-38504 cve-2021-38505 cve-2021-38506 cve-2021-38507 firefox memory safety bugs mozilla QR code xslt *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/update-now-mozilla-fixes-security-vulnerabilities-in-firefox-94/ ) )* The post Update now! Mozilla fixes security vulnerabilities in Firefox 94 appeared first on Malwarebytes Labs.

Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs

Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.

Backdoor.Win32.Prorat.lkt Hardcoded Password

Backdoor.Win32.Prorat.lkt malware suffers from a weak hardcoded password vulnerability.

Azure Active Directory Brute Forcer

This code is a proof-of-concept of the recently revealed Azure Active Directory password brute-forcing vulnerability announced by Secureworks.

SonicWall warns users to patch critical vulnerability “as soon as possible”

SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access. Categories: Exploits and vulnerabilities Tags: cve-2021-20034 sma-100 snwlid-2021-0021 sonicwall *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/ ) )* The post SonicWall warns users to patch critical vulnerability “as soon as possible” appeared first on Malwarebytes Labs.

Apple Patches Zero-Days in iOS, Known Vuln in macOS

One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.

CVE-2021-33693: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

CVE-2021-33694: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

Apple Patches Zero-Days in iOS 14.8 Update

An important security update addresses vulnerabilities in CoreGraphics and WebKit that may have been actively exploited.

CVE-2019-3588: McAfee Security Bulletin - VirusScan Enterprise update fixes three vulnerabilities (CVE-2019-3585, CVE-2019-3588, and CVE-2020-7280)

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

CVE-2019-3585: McAfee Security Bulletin - VirusScan Enterprise update fixes three vulnerabilities (CVE-2019-3585, CVE-2019-3588, and CVE-2020-7280)

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.