Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2024-7533: Chromium: CVE-2024-7534 Heap buffer overflow in Layout

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

Microsoft Security Response Center
Open in Source
#microsoft#buffer_overflow#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2024-7532: Chromium: CVE-2024-7533 Use after free in Sharing

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-7550: Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

Microsoft CBC Padding Oracle In Azure Blob Storage Encryption Library

The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. This is Google's proof of concept exploit.

Dark Reading News Desk Live From Black Hat USA 2024

The Dark Reading team once again welcomes the world's top cybersecurity experts to the Dark Reading News Desk live from Black Hat USA 2024. Tune into the livestream.

Windows Firewall Control 6.11.0 Unquoted Service Path

Windows Firewall Control version 6.11.0 suffers from an unquoted service path vulnerability.

Building an Effective Strategy to Manage AI Risks

As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can't expect to achieve strong AI governance while working in isolation.

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky

SaaS Apps Present an Abbreviated Kill Chain for Attackers

Black Hat presentation reveals adversaries don't need to complete all seven stages of a traditional kill chain to achieve their objectives.

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302