Urgent Update: Microsoft Patch Tuesday Fixes Critical MSMQ Bug Microsoft has rolled out fixes for 49 vulnerabilities in the latest Patch Tuesday security update, including a critical bug in Microsoft Message Queuing -MSMQ- technology. This vulnerability - with a CVSS score of 9.8 out of 10 - could allow remote code execution -RCE- and potentially enable server takeover. The bug is remotely exploitable, requires no user interaction, and has high impacts on confidentiality, integrity, and availability. Attackers can exploit this by sending a specially crafted MSMQ packet. To check for vulnerability, ensure the 'Message Queuing' service is not running and that TCP port 1801 is closed. The vulnerability impacts all versions of Windows from Windows Server 2008 and Windows 10. Given the potential threat this bug poses, it's crucial to apply these patches immediately. Are your systems up-to-date with this critical fix? CVSS - Common Vulnerability Scoring System: A standard for assessing the severity of computer system security vulnerabilities. RCE - Remote Code Execution: A type of attack that allows attackers to run arbitrary code on a remote device. #CyberSecurity, #MicrosoftUpdate, #PatchTuesday, #MSMQ, #RCE, #ServerSecurity, #TechNews, #WindowsUpdate, #CyberThreats, #Infosec Source: https://lnkd.in/e9YXEKfu, Jai Vijayan, Contributing Writer
Ahmed Al Araimi, M.A.’s Post
More Relevant Posts
-
LotL - Linux /UNIX Environments In a Linux environment, identifying Living off the Land attacks involves monitoring specific logs for suspicious activity. As with any system these logs should be sent to a central location for analysis and alerting depending upon your specific needs. Key logs to review include: 1. /var/log/auth.log: This log records authentication-related events, including successful and failed login attempts. Unusual or frequent logins, especially from unexpected locations or times, can indicate malicious activity. 2. /var/log/secure: On some Linux distributions, this log captures security-related events, including authentication attempts and sudo command usage. Monitoring for unusual sudo activities or privilege escalations is crucial. 3. /var/log/messages: This log contains general system messages and can provide insights into system operations and potential security events. Watch for unusual or unexpected system messages that might indicate malicious activity. 4. /var/log/syslog: Similar to /var/log/messages, syslog captures various system events. Abnormal entries or frequent log modifications can indicate tampering or exploitation. 5. /var/log/audit/audit.log: This log, if auditing is enabled, records detailed audit events including file access, process execution, and system calls. Look for anomalies in system call patterns or unexpected file access. 6. /var/log/cron: Tracks cron job executions. Unexpected or unauthorized cron jobs may indicate persistence mechanisms or scheduled malicious activities. 7. /var/log/kern.log: Contains kernel-related messages. Unusual kernel messages or errors may indicate exploits or kernel-level manipulations. 8. /var/log/lastlog: Provides a summary of the last login times for all users. Abnormal login times or unexpected user activity can be a sign of compromise. By monitoring these logs, you can detect and investigate activities associated with Living off the Land techniques, such as unauthorized access, privilege escalation, or the use of legitimate system tools for malicious purposes. The next post will be discussing indicators of attack. #Cybersecurity #LotL #GrrCON
To view or add a comment, sign in
-
🚨 Microsoft Warns of Six Actively Exploited Zero-Day Vulnerabilities 🚨 Microsoft’s security response team has just flagged six critical zero-day vulnerabilities in Windows, all of which are being actively exploited in the wild. In their latest patch release, Microsoft disclosed nearly 90 vulnerabilities across Windows and OS components. Among these, the six zero-days are drawing immediate concern: 1️⃣ CVE-2024-38178: Memory corruption in Windows Scripting Engine allows for remote code execution via malicious links. (CVSS 7.5/10) 2️⃣ CVE-2024-38189: Remote code execution flaw in Microsoft Project exploited through malicious Office Project files. (CVSS 8.8/10) 3️⃣ CVE-2024-38107: Privilege escalation vulnerability in Windows Power Dependency Coordinator. (CVSS 7.8/10) 4️⃣ CVE-2024-38106: Exploitation of a Windows kernel elevation of privilege flaw. (CVSS 7.0/10) 5️⃣ CVE-2024-38213: Windows Mark of the Web security feature bypass, exploited to bypass SmartScreen. 6️⃣ CVE-2024-38193: Elevation of privilege flaw in Windows Ancillary Function Driver for WinSock. 📢 Call to Action: Sysadmins, prioritize patching these vulnerabilities to protect against remote code execution, privilege escalation, and security feature bypass attacks. Stay vigilant! #CyberSecurity #Microsoft #ZeroDay #ThreatIntelligence #SysAdmin #VulnerabilityPatching
To view or add a comment, sign in
-
This #PatchTuesday fixed 18 #RCE flaws but only one critical vulnerability, a remote code execution vulnerability in #Microsoft Message Queuing (MSMQ). The number of bugs in each vulnerability category is listed below: 25 Elevation of Privilege Vulnerabilities 18 Remote Code Execution Vulnerabilities 3 Information Disclosure Vulnerabilities 5 Denial of Service Vulnerabilities #BleepingComputer #cybersecurity #infosec #informationsecurity #vulnerabilityManagement #PatchManagement #Windows https://lnkd.in/gJfCn8kS
To view or add a comment, sign in
-
🚨 Critical 0-Click Remote Code Execution Vulnerability in Windows TCP/IP Stack – Urgent Security Update Released🚨 Microsoft has released an important security update to address a Remote Code Execution (RCE) vulnerability in the Windows TCP/IP stack, identified as CVE-2024-38063. This vulnerability affects all supported Windows and Windows Server versions, including Server Core installations. Key Details: - Vulnerability Severity: Critical (CVSSv3 score of 9.8) - Exploitation Method: No user interaction required (0-click vulnerability) - Attack Vector: Specially crafted IPv6 packets sent remotely to a target host - Affected Systems: All versions of Windows and Windows Server, including Server Core Why It’s Critical ? This vulnerability allows an attacker to execute arbitrary code on the target system with SYSTEM privileges , potentially gaining complete control of the affected machine. Microsoft has rated this flaw as “Exploitation More Likely,” indicating a higher chance of exploitation in the near future. Actions to Take: 1. Apply Microsoft’s latest security updates immediately to all affected systems. 2. Disable IPv6 if not required, as the vulnerability can only be exploited via IPv6 traffic. 3. Monitor your network for suspicious IPv6 activity, especially traffic targeting Windows devices. 4. Prioritize patching internet-facing systems that are most at risk. 5. Implement network segmentation to limit lateral movement in the event of an attack. Additional Mitigations: - Microsoft has released patches to address this vulnerability in all supported versions of Windows and Windows Server. Organizations should ensure these updates are installed promptly. - Along with this patch, Microsoft also addressed 6 Zero-Day vulnerabilities that are currently being exploited in the wild. Given the critical nature of this vulnerability, organizations should treat addressing CVE-2024-38063 as a top priority to mitigate the risk of a widespread cyber attack. Disabling IPv6 where not necessary and applying the latest security updates are key steps in safeguarding your systems. #Cybersecurity #WindowsSecurity #ZeroDay #MicrosoftPatch #RemoteCodeExecution #RCE #VulnerabilityManagement
To view or add a comment, sign in
-
CERT-In advisories an advisory on the possible multiple vulnerabilities in Microsoft products like Windows, Office, Azure, Developer Tools, and SQL Server. The maliciousness may give a chance for an attacker to overcome security, access sensitive data, execute a remote code, or initiate denial of service attacks; it directs users to apply the security update. The other advisory states that flaws exist in the Microsoft Edge Chromium-based versions prior to 129.0.2792.79 wherein remote attackers can bypass security as Mojo, V8, and Layout have their vulnerabilities exploited for arbitrary code execution. CERT-In asks users to update the affected software to prevent exploitation. https://lnkd.in/g8jjsG2w
Government issues ‘high risk’ warning for Microsoft Windows users - Times of India
timesofindia.indiatimes.com
To view or add a comment, sign in
-
𝐀 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥 0-𝐝𝐚𝐲 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 has been discovered in Windows TCP/IP. This flaw allows attackers to remotely execute code on your system without any user interaction. The implications are 𝐬𝐞𝐯𝐞𝐫𝐞, demanding 𝐢𝐧𝐬𝐭𝐚𝐧𝐭 𝐚𝐭𝐭𝐞𝐧𝐭𝐢𝐨𝐧 and proactive measures to safeguard your organization from potential breaches and system compromises. Learn more about this 𝐬𝐞𝐫𝐢𝐨𝐮𝐬 𝐭𝐡𝐫𝐞𝐚𝐭 and how it could impact you. Follow Matisoft Cyber Security Labs for more insights and updates on this and related topics. #MatisoftLabs #CyberSecurity #WindowsSecurity #RCE #Vulnerability #TechNews #CVE202438063
⚠️𝐍𝐞𝐰 𝐓𝐂𝐏/𝐈𝐏 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐏𝐮𝐭𝐬 𝐒𝐲𝐬𝐭𝐞𝐦𝐬 𝐚𝐭 𝐑𝐢𝐬𝐤⚠️ A high-severity security flaw, tracked as 𝐂𝐕𝐄-2024-38063, has been identified in the 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐓𝐂𝐏/𝐈𝐏 𝐬𝐭𝐚𝐜𝐤, affecting all supported 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 and 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐒𝐞𝐫𝐯𝐞𝐫 versions. This vulnerability, with a CVSSv3 score of 9.8, enables remote attackers to execute arbitrary code on affected systems without any user interaction—making it a severe“0-𝐜𝐥𝐢𝐜𝐤” 𝐫𝐢𝐬𝐤. 𝐊𝐞𝐲 𝐃𝐞𝐭𝐚𝐢𝐥𝐬: 1️⃣ 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲: CVE-2024-38063 2️⃣ 𝐈𝐦𝐩𝐚𝐜𝐭: Allows remote code execution with SYSTEM privileges, granting full control over the compromised machine. 3️⃣ 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐌𝐞𝐭𝐡𝐨𝐝: Attackers can exploit this flaw by sending specially crafted IPv6 packets. 4️⃣ 𝐌𝐢𝐭𝐢𝐠𝐚𝐭𝐢𝐨𝐧 𝐑𝐞𝐜𝐨𝐦𝐦𝐞𝐧𝐝𝐚𝐭𝐢𝐨𝐧𝐬: Immediately apply Microsoft’s security patches, consider disabling IPv6 if unnecessary, and monitor for unusual IPv6 traffic. Microsoft has issued patches for all affected versions, and it’s crucial to act swiftly to protect your systems from potential exploitation. For detailed information and guidance on mitigating this vulnerability, check out the full article here: https://lnkd.in/gnRHRPvz Stay informed and ensure your systems are updated to safeguard against this critical threat. Follow Matisoft Cyber Security Labs for more updates and cybersecurity insights. #MatisoftLabs #CyberSecurity #WindowsSecurity #RCE #Vulnerability #NetworkSecurity #TechNews #CVE202438063 #MatisoftInsights
Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems
https://cybersecuritynews.com
To view or add a comment, sign in
-
⚠️𝐍𝐞𝐰 𝐓𝐂𝐏/𝐈𝐏 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐏𝐮𝐭𝐬 𝐒𝐲𝐬𝐭𝐞𝐦𝐬 𝐚𝐭 𝐑𝐢𝐬𝐤⚠️ A high-severity security flaw, tracked as 𝐂𝐕𝐄-2024-38063, has been identified in the 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐓𝐂𝐏/𝐈𝐏 𝐬𝐭𝐚𝐜𝐤, affecting all supported 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 and 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐒𝐞𝐫𝐯𝐞𝐫 versions. This vulnerability, with a CVSSv3 score of 9.8, enables remote attackers to execute arbitrary code on affected systems without any user interaction—making it a severe“0-𝐜𝐥𝐢𝐜𝐤” 𝐫𝐢𝐬𝐤. 𝐊𝐞𝐲 𝐃𝐞𝐭𝐚𝐢𝐥𝐬: 1️⃣ 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲: CVE-2024-38063 2️⃣ 𝐈𝐦𝐩𝐚𝐜𝐭: Allows remote code execution with SYSTEM privileges, granting full control over the compromised machine. 3️⃣ 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐚𝐭𝐢𝐨𝐧 𝐌𝐞𝐭𝐡𝐨𝐝: Attackers can exploit this flaw by sending specially crafted IPv6 packets. 4️⃣ 𝐌𝐢𝐭𝐢𝐠𝐚𝐭𝐢𝐨𝐧 𝐑𝐞𝐜𝐨𝐦𝐦𝐞𝐧𝐝𝐚𝐭𝐢𝐨𝐧𝐬: Immediately apply Microsoft’s security patches, consider disabling IPv6 if unnecessary, and monitor for unusual IPv6 traffic. Microsoft has issued patches for all affected versions, and it’s crucial to act swiftly to protect your systems from potential exploitation. For detailed information and guidance on mitigating this vulnerability, check out the full article here: https://lnkd.in/gnRHRPvz Stay informed and ensure your systems are updated to safeguard against this critical threat. Follow Matisoft Cyber Security Labs for more updates and cybersecurity insights. #MatisoftLabs #CyberSecurity #WindowsSecurity #RCE #Vulnerability #NetworkSecurity #TechNews #CVE202438063 #MatisoftInsights
Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems
https://cybersecuritynews.com
To view or add a comment, sign in
-
On Patch Tuesday, June 11, 2024, Microsoft fixed numerous flaws, including a remote code execution vulnerability in Microsoft Message Queuing (MSMQ) affecting various Windows and Windows Server versions, even those at end of life. No exploitation has been detected yet, but it’s likely only a matter of time. Critical MSMQ RCE Vulnerability Fixed In the second Patch Tuesday of July 2024, Microsoft fixed 51 vulnerabilities. Notably, a flaw in MSMQ with a CVSS rating of 9.8 affects many Windows and Windows Server versions, starting from Windows Server 2008. CVE-2024-30080 exposes a vulnerability in the MSMQ server’s message handling process, allowing malicious actors to execute arbitrary code by manipulating memory during request handling. MSMQ is a Windows messaging protocol facilitating inter-application communication across networked machines. This flaw enables attackers to embed executable code within specially crafted messages, triggering its execution upon receipt by the MSMQ service. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gASNZN5G #patchtuesday #microsoft #flaws #RCE #vulnerability #msmq #windowsserver #exploitation #critical #cvss #malicious #arbitrarycode #attackers #messaging #cyberattack #cybersecurity #cybernews #fhn #firsthackersnews #informationsecurity #latestnews
Microsoft Patches Critical MSMQ Flaw - First Hackers News
https://firsthackersnews.com
To view or add a comment, sign in
-
In Linux, privilege escalation is the process of gaining higher-level privileges or permissions than what is initially granted to a user. This allows users to perform tasks that would normally be restricted to privileged accounts, such as accessing sensitive resources, modifying system settings, or executing commands with elevated privileges. Privilege escalation can occur through various vulnerabilities or misconfigurations in the system. Here are a few common techniques used for privilege escalation in Linux: 1. Exploiting software vulnerabilities: An attacker may exploit a vulnerability in a specific software component or kernel to gain elevated privileges on the system. This can involve executing malicious code, injecting shell commands, or exploiting insecure configurations. 2. Misconfigured or weak permissions: Poorly configured file or directory permissions can allow regular users to access or modify sensitive files that are normally restricted. By exploiting these misconfigurations, an attacker can gain elevated privileges. Common misconfigurations include world-writable files, directories with lax permissions, or insecurely configured services. 3. Exploiting weak or default passwords: If a user or administrator has chosen weak or easily guessable passwords, attackers can gain unauthorized access to user accounts and escalate their privileges. This highlights the importance of using strong passwords and enforcing proper password policies. 4. SUID/SGID binaries: Setuid (SUID) and setgid (SGID) are file permission attributes that allow users to execute a program with the permissions of the file's owner or group, respectively. If an attacker can find a vulnerable SUID or SGID binary, they can execute it to gain elevated privileges. 5. Kernel exploits: Exploiting vulnerabilities in the Linux kernel itself can provide unauthorized access and privilege escalation. Kernel exploits can be complex and require in-depth knowledge of the target system's kernel version and configuration. To prevent privilege escalation attacks, it is important to keep all software components, including the kernel, up to date with the latest security patches. Properly configuring and hardening file and directory permissions, enforcing strong passwords, and following best practices for system administration also help reduce the risk of privilege escalation. Regular security audits and monitoring can help detect and prevent potential privilege escalation attempts on a Linux system.
To view or add a comment, sign in
-
On December 10, 2024, Microsoft disclosed a critical vulnerability in its Windows Remote Desktop Services, tracked as CVE-2024-49115. This security flaw allows attackers to execute remote code on affected systems, posing a severe threat to confidentiality, integrity, and availability. The vulnerability has been classified as critical, with a CVSS score of 8.1. #Windows #RDP #vulnerabilities #security
Windows Remote Desktop Services Vulnerability Let Attackers Execute Remote Code
https://cybersecuritynews.com
To view or add a comment, sign in