#windows

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php

Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.

4images version 1.9 suffers from a remote command execution vulnerability.

A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.

Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500.

Security leaders must maintain an effective cybersecurity strategy to help filter some of the noise on new vulnerabilities.

### Impact _What kind of vulnerability is it? Who is impacted?_ The [NMI](https://azure.github.io/aad-pod-identity/docs/concepts/nmi/) component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to [IMDS](https://learn.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=windows) allowing a pod in the cluster to access identities that it shouldn't have access to. ### Patches _Has the problem been patched? What versions should users upgrade to?_ - We analyzed this bug and determined that we needed to fix it. This fix has been included in AAD Pod Identity release [v1.8.13](https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13) - If using the [AKS pod-managed identities add-on](https://learn.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity), no action is required. T...