Tag: flaws
Nintendo Switch Joy-Con Drift Caused by Fundamental Design Flaws, Says Consumer Group
Patch Tuesday: Two zero-day flaws in Windows need immediate attention
Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).
Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)
Patch Tuesday: Two zero-day flaws in Windows need immediate attention
Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).
Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)
Google says Google and other Android manufacturers haven’t patched security flaws
Google has disclosed several security flaws for phones that have Mali GPUs, such as those with Exynos SoCs. The company’s Project Zero team says it flagged the problems to ARM (which designs the GPUs) back in the summer. ARM resolved the issues on its end in July and August. However, smartphone manufacturers including Samsung, Xiaomi, Oppo and Google itself hadn’t deployed patches to fix the vulnerabilities as of earlier this week, Project Zero said.
Researchers identified five new issues in June and July and promptly flagged them to ARM. “One of these issues led to kernel memory corruption, one led to physical memory addresses being disclosed to userspace and the remaining three led to a physical page use-after-free condition,” Project Zero’s Ian Beer wrote in a blog post. “These would enable an attacker to continue to read and write physical pages after they had been returned to the system.”
Beer noted that it would be possible for a hacker to gain full access to a system as they’d be able to bypass the permissions model on Android and gain “broad access” to a user’s data. The attacker could do so by forcing the kernel to reuse the afore-mentioned physical pages as page tables.
Project Zero found that, three months after ARM fixed these issues, all of the team’s test devices were still vulnerable to the flaws. As of Tuesday, the issues were not mentioned “in any downstream security bulletins” from Android manufacturers.
Engadget has contacted Google, Samsung, Oppo and Xiaomi to ask when they will deploy the fixes to their Android devices and why it has taken so long for them to do so. As SamMobile notes, Samsung’s Galaxy S22 series devices and the company’s Snapdragon-powered handsets aren’t affected by these vulnerabilities.
Patch Tuesday includes 6 Windows zero-day flaws; patch now!
Microsoft on Tuesday released a tightly focused but still significant update that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a new record: six zero-day flaws affecting Windows. As a result, we have added both the Windows and Exchange Server updates to our “Patch Now” schedule. Microsoft also published a “defense in depth” advisory (ADV220003) to help secure Office deployments. And there are a small number of Visual Studio, Word, and Excel updates to add to your standard patch release schedule.
Microsoft’s November 2022 Patch Tuesday fixes 6 zero-day security flaws
Every second Tuesday of the month for the last 20 years or so, Microsoft has released a new salvo of security updates for its widely popular (and still supported) software products. The November 2022 Patch Tuesday is a rather important one, as it includes individual patches for six zero-day security…
Zero-day flaws mean it’s time to patch Exchange and Windows
This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
Zero-days flaws mean it’s time to patch Exchange and Windows
This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.