Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

- patch shutterstock - Microsoft changes DHCP to ‘Dammit! Hacked! Compromised! Pwned!’ Big bunch of security fixes land for Windows –

Credits: The Register

Patch Tuesday It’s the second Tuesday of the month, and you know what that : a fresh dump of security fixes from Microsoft, Adobe and others.

The March edition of Patch Tuesday includes fixes for 64 CVE-listed vulnerabilities, while Adobe addressed a pair of bugs in Photoshop and Digital Editions. Even SAP has got in on the game.

DHCP flaws headline Patch Tuesday priorities

Of the 64 bugs squashed in Redmond’s March update, researchers are pointing to five particular bugs as being especially noteworthy.

First, there are the trio of CVE-2019-0697CVE-2019-0698, and CVE-2019-0726, all covering holes present in the DHCP server component for . Each of the flaws would potentially allow an attacker on the local network to achieve remote code execution on a targeted machine simply by sending a malformed DHCP network packet.

“These bugs are particularly impactful since they require no user interaction – an attacker sends a specially crafted response to a client – and every OS has a DHCP client,” explained Dustin Childs of the Trend Micro Zero Day Initiative.

“There would likely need to be a man-in-the-middle component to properly execute an , but a successful exploit would have wide-ranging consequences.”

There’s no indication that the DHCP flaws being exploited in the wild but two other patches in this month’s bundle are already being used by online criminals. CVE-2019-0797 and CVE-2019-0808 are a pair of elevation of privilege flaws that have been detected in active use.

Childs also recommends admins make sure to test and install CVE-2019-0603, a remote code execution flaw in WDS TFTP server, and CVE-2019-0757, a package tampering flaw in NuGet.

Four of the flaws, CVE-2019-0683CVE-2019-0754CVE-2019-0757, and CVE-2019-0809, had already been publicly exposed. Only CVE-2019-0809, an input validation flaw in Visual Studio C++, would allow for remote code execution and should be tackled as soon as possible.

As is usually the case, Microsoft’s browser scripting engines accounted for the lion’s share of the critical fixes. The scripting engines in Edge, Internet Explorer, and VBScript (also used for ActiveX extensions in IE and Office) each received patches for vulnerabilities that would allow remote code execution simply by convincing the mark to visit a poisoned web page or open an Office Doc.

Devs and admins using Windows Subsystem for Linux will want to pay attention to CVE-2019-0682CVE-2019-0689CVE-2019-0692CVE-2019-0693CVE-2019-0694, five elevation of privilege flaws that could be exploited through poisoned applications.

Adobe touches up Photoshop, Digital Editions

Just two updates were kicked out from Adobe today, covering only one flaw. The problem is it appears in two separate apps..

For Photoshop CC on Windows and MacOS, the update will close up CVE-2019-7095, a heap corruption bug that would allow for arbitrary code execution on a vulnerable machine.

The same flaw is also present in Digital Editions, prompting Adobe to update that suite as well.

SAP stands for Significantly Annoying Pwnage

Those admins running SAP are going to have a bit more to deal with today, as the computing giant dropped 15 of its own security notes.

Just two of those, an XML External Entity bug in HANA Extended Application Services and a cross-site scripting flaw in NetWeaver Java Application Server, were serious enough to warrant ‘high’ severity ratings but the rest should be fixed as soon as possible.

- logo16 - Microsoft changes DHCP to ‘Dammit! Hacked! Compromised! Pwned!’ Big bunch of security fixes land for Windows –

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India

Source link


Please enter your comment!
Please enter your name here