#microsoft

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.

Google is making passkeys, the emerging passwordless login technology, the default option for users as it moves to make passwords “obsolete.”

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms. "This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, simplifying your future sign-ins," Google's Sriram Karra and Christiaan

By Deeba Ahmed As the conflict escalates on the ground, hacktivists are gearing up for cyberwar. This is a post from HackRead.com Read the original post: Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

**What can cause this vulnerability?** The vulnerability occurs due to improper validation of cmdlet arguments. **Does the attacker need to be in an authenticated role in the Exchange Server?** Yes, the attacker must be authenticated.

**The following mitigating factors might be helpful in your situation:** Exploitation of this vulnerability requires an attacker to trick or convince the victim into connecting to their malicious server. If your environment only connects to known, trusted servers and there is no ability to reconfigure existing connections to point to another location (for example you use TLS encryption with certificate validation), the vulnerability cannot be exploited.

The following workarounds might be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave either of these workarounds in place: **Disable the HTTP/2 protocol on your web server by using the Registry Editor** **Note** Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. 1. Click **Start**, click **Run**, type **Regedit** in the **Open** box, and then click **OK**. 2. Locate and then click the following registry subkey: HKLM\SYST...