Jump to content
  • Sign Up
×
×
  • Create New...

Patch Tuesday: Windows Server 2008 receives emergency security patch

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted



Patch Tuesday: Windows Server 2008 receives emergency security patch

This is the hidden content, please
’s latest Patch Tuesday for April 2024 covers 155 vulnerabilities, three of which are classified as critical. The update includes 145 classified as “important severity”.

There is also an

This is the hidden content, please
for the Proxy Driver Spoofing Vulnerability (
This is the hidden content, please
), which impacts
This is the hidden content, please
and server operating systems.
This is the hidden content, please
has released security patches for end-of-life versions of the operating system including Windows Server 2008, where support ended on 14th January 2020.

This is the hidden content, please
that when it originally published the advisory for CVE-2024-26234,
This is the hidden content, please
did not indicate it was aware of in-the-wild exploitation or public exploit disclosure. However, late on the day of publication,
This is the hidden content, please
updated the advisory to acknowledge awareness of both in-the-wild exploitation and public disclosure.

This is the hidden content, please
Defender for IoT, the Azure-deployable agentless tool for monitoring internet of things (IoT) and operational technology (OT) devices has three critical vulnerabilities addressed in the latest Patch Tuesday update.

The update patches three critical remote code ********** (RCE) vulnerabilities in the tool. The first exploitation requires the attacker to have existing administrative access to the Defender for IoT web application.  

In a blog discussing the

This is the hidden content, please
s, Qualys stated that for the
This is the hidden content, please
vulnerability, an attacker must be an administrator of the web application to exploit the vulnerability. Successful exploitation of the vulnerability may lead to remote code ********** on target systems.
This is the hidden content, please
also requires admin access.

Qualys said that successful exploitation of this path traversal vulnerability requires an authenticated attacker, with access to the file upload feature, to upload malicious files to sensitive locations on the server.

Like the other two ******* vectors, the third critical vulnerability in

This is the hidden content, please
Defender for IoT,
This is the hidden content, please
, requires admin rights. Qualysy said an attacker must send a tar (tape archive) file to the Defender for IoT sensor. This is a file format used to compress data.

After the extraction process, where the file is uncompressed, the attacker may send unsigned update packages and overwrite any file they choose. The attacker must first authenticate themselves and gain the necessary permissions to initiate the update process, Qualys explained in the blog post.

Along with the critical vulnerabilities in Defender for IoT, the Patch Tuesday update includes a patch for

This is the hidden content, please
. This fixes a security bypass vulnerability for SmartScreen. Defender SmartScreen is a feature in Windows that helps protect users from online threats like malware and phishing.

It does this by checking websites and downloaded files against a database of unsafe websites.

This is the hidden content, please
covering CVE-2024-29988 reported that to exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that has no user interface.

“CVE-2024-29988 has a CVSS score of 8.8 and

This is the hidden content, please
lists it as one of the vulnerabilities that is more likely to be exploited,” Lansweep stated in the blog post.





This is the hidden content, please

#Patch #Tuesday #Windows #Server #receives #emergency #security #patch

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept