Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2024-38146: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

Microsoft Security Response Center
#vulnerability#mac#windows#dos#Windows Layer-2 Bridge Network Driver#Security Vulnerability
CVE-2024-38145: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

CVE-2024-38126: Windows Network Address Translation (NAT) Denial of Service Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

CVE-2024-38132: Windows Network Address Translation (NAT) Denial of Service Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

Gentoo Linux Security Advisory 202408-33

Gentoo Linux Security Advisory 202408-33 - Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service. Versions greater than or equal to 1.4.1 are affected.

Gentoo Linux Security Advisory 202408-32

Gentoo Linux Security Advisory 202408-32 - Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. Versions greater than or equal to 8.1.29:8.1 are affected.

Gentoo Linux Security Advisory 202408-31

Gentoo Linux Security Advisory 202408-31 - A vulnerability has been discovered in protobuf and protobuf-python, which can lead to a denial of service. Versions greater than or equal to 3.20.3 are affected.

Ubuntu Security Notice USN-6926-3

Ubuntu Security Notice 6926-3 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity. "A signal handler in sshd(8) may call a logging function

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that, upon opening, activates the infection sequence, culminating in the deployment of malware such