Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday

Mozilla has issued patches for several vulnerabilities in the Firefox browser. We discuss some of the high impact issues. Categories: Exploits and vulnerabilities Tags: cloud clipboard cve-2021-38504 cve-2021-38505 cve-2021-38506 cve-2021-38507 firefox memory safety bugs mozilla QR code xslt *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/update-now-mozilla-fixes-security-vulnerabilities-in-firefox-94/ ) )* The post Update now! Mozilla fixes security vulnerabilities in Firefox 94 appeared first on Malwarebytes Labs.

Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.

Backdoor.Win32.Prorat.lkt malware suffers from a weak hardcoded password vulnerability.

This code is a proof-of-concept of the recently revealed Azure Active Directory password brute-forcing vulnerability announced by Secureworks.

SonicWall is asking SMA 100 series customers to patch their appliances against a vulnerability that could give attackers administrator access. Categories: Exploits and vulnerabilities Tags: cve-2021-20034 sma-100 snwlid-2021-0021 sonicwall *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/sonicwall-warns-users-to-patch-critical-vulnerability-as-soon-as-possible/ ) )* The post SonicWall warns users to patch critical vulnerability “as soon as possible” appeared first on Malwarebytes Labs.

One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

An important security update addresses vulnerabilities in CoreGraphics and WebKit that may have been actively exploited.

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.