Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2024-35248: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?** While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#Dynamics Business Central#Security Vulnerability
CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.

CVE-2024-35255: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions.

CVE-2024-30072: Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

Microsoft Modifies 'Recall' AI Feature Amid Privacy, Security Failings

In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns?

Making Choices that Lead to Stronger Vulnerability Management

The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities.

Ubuntu Security Notice USN-6819-1

Ubuntu Security Notice 6819-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers

Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network traffic," the Microsoft Security Response Center (

A week in security (June 3 – June 9)

A list of topics we covered in the week of June 3 to June 9 of 2024