Daily Archives: November 12, 2024

Advisories

USN-7105-1: .NET vulnerabilities

Read Time:23 Second

It was discovered that the NrbfDecoder component in .NET did not properly
handle an instance of a type confusion vulnerability. An authenticated
attacker could possibly use this issue to gain the privileges of another
user and execute arbitrary code. (CVE-2024-43498)

It was discovered that the NrbfDecoder component in .NET did not properly
perform input validation. An unauthenticated remote attacker could possibly
use this issue to cause a denial of service. (CVE-2024-43499)

Read More

News

Microsoft Patch Tuesday, November 2024 Edition

Read Time:2 Minute, 45 Second

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.

The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine. Microsoft credits Google’s Threat Analysis Group with reporting the flaw.

The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that could reveal Net-NTLMv2 hashes, which are used for authentication in Windows environments.

Satnam Narang, senior staff research engineer at Tenable, says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day so far this year.

“Attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes, as they can be used to authenticate to systems and potentially move laterally within a network to access other systems,” Narang said.

The two other publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Active Directory Certificate Services (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Exchange Server.

Ben McCarthy, lead cybersecurity engineer at Immersive Labs, called special attention to CVE-2024-43602, a remote code execution vulnerability in Windows Kerberos, the authentication protocol that is heavily used in Windows domain networks.

“This is one of the most threatening CVEs from this patch release,” McCarthy said. “Windows domains are used in the majority of enterprise networks, and by taking advantage of a cryptographic protocol vulnerability, an attacker can perform privileged acts on a remote machine within the network, potentially giving them eventual access to the domain controller, which is the goal for many attackers when attacking a domain.”

McCarthy also pointed to CVE-2024-43498, a remote code execution flaw in .NET and Visual Studio that could be used to install malware. This bug has earned a CVSS severity rating of 9.8 (10 is the worst).

Finally, at least 29 of the updates released today tackle memory-related security issues involving SQL server, each of which earned a threat score of 8.8. Any one of these bugs could be used to install malware if an authenticated user connects to a malicious or hacked SQL database server.

For a more detailed breakdown of today’s patches from Microsoft, check out the SANS Internet Storm Center’s list. For administrators in charge of managing larger Windows environments, it pays to keep an eye on Askwoody.com, which frequently points out when specific Microsoft updates are creating problems for a number of users.

As always, if you experience any problems applying any of these updates, consider dropping a note about it in the comments; chances are excellent that someone else reading here has experienced the same issue, and maybe even has found a solution.

Read More

News

The AI Fix #24: Where are the alien AIs, and are we being softened up for superintelligence?

Read Time:37 Second

In episode 24 of The AI Fix, Mark makes an unforgivable error about the Terminator franchise, our hosts wonder if a “seductive” government chatbot will make it easier to talk about tax, a radio station abandons its three month AI experiment after a week, and OpenAI parks its tanks on Google’s lawn.

Graham gets cosmic and wonders why we aren’t surrounded by advanced alien AIs, our hosts argue about whether the moon landings or the invention of the cheese sandwich were more consequential events in human history, and Mark tells Graham that artificial superintelligence is just around the corner.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Read More

Advisories

ghostscript-10.02.1-13.fc40

Read Time:15 Second

FEDORA-2024-b1877232ce

Packages in this update:

ghostscript-10.02.1-13.fc40

Update description:

CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space (fedora#2325237)

2325240 – CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956 ghostscript: various flaws

Read More

Advisories

ghostscript-10.03.1-4.fc41

Read Time:15 Second

FEDORA-2024-69af78a508

Packages in this update:

ghostscript-10.03.1-4.fc41

Update description:

CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space (fedora#2325238)

2325241 – CVE-2024-46952 CVE-2024-46953 CVE-2024-46954 CVE-2024-46955 CVE-2024-46956 ghostscript: various flaws [fedora-41]

Read More

Advisories

USN-7103-1: Ghostscript vulnerabilities

Read Time:44 Second

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956)

It was discovered that Ghostscript incorrectly handled parsing certain PDF
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
(CVE-2024-46952)

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly bypass file path validation.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2024-46954)

Read More

Advisories

USN-7100-2: Linux kernel vulnerabilities

Read Time:5 Minute, 7 Second

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in
the Linux kernel for x86 platforms did not properly handle 32-bit
emulation on TDX and SEV. An attacker with access to the VMM could use
this to cause a denial of service (guest crash) or possibly execute
arbitrary code. (CVE-2024-25744)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– MIPS architecture;
– PowerPC architecture;
– RISC-V architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Block layer subsystem;
– Android drivers;
– Serial ATA and Parallel ATA drivers;
– ATM drivers;
– Drivers core;
– Null block device driver;
– Character device driver;
– ARM SCMI message protocol;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I3C subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Input Device (Miscellaneous) drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– ISDN/mISDN subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– VMware VMCI Driver;
– MMC subsystem;
– Network drivers;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– Device tree and open firmware driver;
– Parport drivers;
– PCI subsystem;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– QCOM SoC drivers;
– Direct Digital Synthesis drivers;
– Thunderbolt and USB4 drivers;
– TTY drivers;
– Userspace I/O drivers;
– DesignWare USB3 driver;
– USB Gadget drivers;
– USB Host Controller drivers;
– USB Type-C Connector System Software Interface driver;
– USB over IP driver;
– VHOST drivers;
– File systems infrastructure;
– BTRFS file system;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– NTFS3 file system;
– Proc file system;
– SMB network file system;
– Core kernel;
– DMA mapping infrastructure;
– RCU subsystem;
– Tracing infrastructure;
– Radix Tree data structure library;
– Kernel userspace event delivery library;
– Objagg library;
– Memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– Ethtool driver;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– KCM (Kernel Connection Multiplexor) sockets driver;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Network traffic control;
– SCTP protocol;
– Sun RPC protocol;
– TIPC protocol;
– TLS protocol;
– Wireless networking;
– AppArmor security module;
– Landlock security;
– Simplified Mandatory Access Control Kernel framework;
– FireWire sound drivers;
– SoC audio core drivers;
– USB sound devices;
(CVE-2024-42288, CVE-2024-41098, CVE-2024-43849, CVE-2024-46689,
CVE-2024-44987, CVE-2024-40915, CVE-2024-46844, CVE-2024-45009,
CVE-2024-46780, CVE-2024-41081, CVE-2024-43817, CVE-2024-44965,
CVE-2024-46832, CVE-2024-41072, CVE-2024-45011, CVE-2024-46814,
CVE-2024-45026, CVE-2024-44982, CVE-2024-46723, CVE-2024-46771,
CVE-2024-46759, CVE-2024-41063, CVE-2024-46673, CVE-2023-52889,
CVE-2024-41020, CVE-2024-46677, CVE-2024-46798, CVE-2024-45021,
CVE-2024-46676, CVE-2024-47668, CVE-2024-42289, CVE-2024-45018,
CVE-2024-46724, CVE-2024-41090, CVE-2024-43853, CVE-2024-42272,
CVE-2024-43828, CVE-2024-42292, CVE-2024-26800, CVE-2024-43871,
CVE-2024-46758, CVE-2024-36484, CVE-2024-46755, CVE-2024-46782,
CVE-2024-43889, CVE-2024-46763, CVE-2024-41015, CVE-2024-43858,
CVE-2024-41012, CVE-2024-44960, CVE-2024-46747, CVE-2024-42311,
CVE-2024-47660, CVE-2024-42267, CVE-2024-44998, CVE-2024-43839,
CVE-2024-43914, CVE-2024-46783, CVE-2024-47659, CVE-2024-46725,
CVE-2024-46840, CVE-2024-43873, CVE-2024-46737, CVE-2024-44946,
CVE-2024-43841, CVE-2024-26669, CVE-2024-42306, CVE-2024-26661,
CVE-2024-42259, CVE-2024-41011, CVE-2024-46822, CVE-2024-42287,
CVE-2024-46746, CVE-2024-43860, CVE-2024-42246, CVE-2024-46800,
CVE-2024-45007, CVE-2024-42296, CVE-2024-47669, CVE-2024-44983,
CVE-2024-43880, CVE-2024-42284, CVE-2022-48666, CVE-2024-44990,
CVE-2024-43894, CVE-2024-44989, CVE-2023-52918, CVE-2024-42295,
CVE-2024-43869, CVE-2024-42277, CVE-2024-46818, CVE-2024-42270,
CVE-2024-45025, CVE-2024-42301, CVE-2024-43883, CVE-2024-46714,
CVE-2024-46815, CVE-2024-41073, CVE-2024-43905, CVE-2024-43882,
CVE-2024-46719, CVE-2024-42286, CVE-2024-44952, CVE-2024-42297,
CVE-2024-41022, CVE-2024-46743, CVE-2024-43829, CVE-2024-43909,
CVE-2024-42265, CVE-2024-44944, CVE-2024-46807, CVE-2024-46739,
CVE-2024-43867, CVE-2024-44958, CVE-2024-44969, CVE-2024-42271,
CVE-2024-46745, CVE-2024-42299, CVE-2024-45006, CVE-2024-43908,
CVE-2024-44966, CVE-2024-41065, CVE-2024-46777, CVE-2024-42309,
CVE-2024-38602, CVE-2024-44947, CVE-2024-43884, CVE-2024-43902,
CVE-2024-47667, CVE-2024-46750, CVE-2024-41070, CVE-2024-26893,
CVE-2024-41017, CVE-2024-46810, CVE-2024-46828, CVE-2024-43893,
CVE-2024-41077, CVE-2024-46756, CVE-2024-46740, CVE-2024-42269,
CVE-2024-43890, CVE-2024-45008, CVE-2024-46795, CVE-2024-43854,
CVE-2024-46713, CVE-2024-47663, CVE-2024-46702, CVE-2024-46781,
CVE-2024-46722, CVE-2024-42114, CVE-2024-44948, CVE-2024-44988,
CVE-2024-42302, CVE-2024-41019, CVE-2024-46731, CVE-2024-46819,
CVE-2024-44995, CVE-2024-41059, CVE-2024-43856, CVE-2024-44954,
CVE-2024-43863, CVE-2024-38577, CVE-2024-43870, CVE-2024-41068,
CVE-2024-41071, CVE-2024-38611, CVE-2024-46761, CVE-2024-42304,
CVE-2024-42310, CVE-2024-46707, CVE-2024-42290, CVE-2024-42276,
CVE-2024-44935, CVE-2024-46721, CVE-2024-46817, CVE-2024-46791,
CVE-2024-44934, CVE-2024-45028, CVE-2024-46757, CVE-2024-43879,
CVE-2024-43907, CVE-2024-43846, CVE-2024-42280, CVE-2024-44999,
CVE-2024-43861, CVE-2024-42126, CVE-2024-26607, CVE-2024-46752,
CVE-2024-42305, CVE-2024-43835, CVE-2024-41042, CVE-2024-46675,
CVE-2024-46804, CVE-2024-41091, CVE-2024-41060, CVE-2024-46744,
CVE-2024-47665, CVE-2024-39472, CVE-2024-46829, CVE-2024-42285,
CVE-2024-42281, CVE-2024-43830, CVE-2024-42274, CVE-2024-46679,
CVE-2024-44985, CVE-2024-46805, CVE-2024-42312, CVE-2024-42283,
CVE-2024-45003, CVE-2024-44971, CVE-2024-42313, CVE-2024-46685,
CVE-2024-46738, CVE-2024-44986, CVE-2024-43834, CVE-2024-46732,
CVE-2024-43875, CVE-2024-42318, CVE-2024-41064, CVE-2024-44974,
CVE-2024-43892, CVE-2024-41078)

Read More