Google’s Pixel devices have already received the November update, along with some additional fixes. The November Android Security Bulletin has also started to roll out to some of Samsung’s Galaxy line.
Microsoft has a Patch Tuesday every month, but November’s is worth notice. The update fixes 59 vulnerabilities, two of which are already being exploited in real-life attacks. Tracked as CVE-2023-36033, the first is an elevation of privilege vulnerability in Windows DWM Core Library marked as important, with a CVSS score of 7.8. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said.
Meanwhile, CVE-2023-36036 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver with a CVSS score of 7.8. Also fixed in November’s update cycle is the already exploited libWep flaw previously fixed in Chrome and other browsers, which also impacts Microsoft’s Edge, tracked as CVE-2023-4863.
Another notable flaw is CVE-2023-36397, a remote code execution vulnerability in Windows Pragmatic General Multicast marked as critical with a CVSS score of 9.8. “When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code,” Microsoft said.
Enterprise software firm Cisco has issued fixes for 27 security flaws, including one rated as critical with a near maximum CVSS score of 9.9. Tracked as CVE-2023-20048, the vulnerability in the web services interface of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to execute unauthorized configuration commands on a Firepower Threat Defense device managed by the FMC Software.
However, to successfully exploit the vulnerability, an attacker would need valid credentials on the FMC Software, Cisco said.
A further seven of the flaws fixed by Cisco are rated as having a high impact, including CVE-2023-20086—a denial-of-service flaw with a CVSS score of 8.6—and CVE-2023-20063, a code-injection vulnerability with a CVSS score of 8.2.
Atlassian has released a patch to fix a serious flaw already being used in real-life attacks. Tracked as CVE-2023-22518, the improper-authorization vulnerability issue in Confluence Data Center and Server is being used in ransomware attacks. “As part of Atlassian’s ongoing monitoring and investigation of this CVE, we observed several active exploits and reports of threat actors using ransomware,” it said.
Security outfit Trend Micro reported the Cerber ransomware group is using the flaw in attacks. “This is not the first time that Cerber has targeted Atlassian—in 2021, the malware re-emerged after a period of inactivity and focused on exploiting remote code execution vulnerabilities in Atlassian’s GitLab servers,” Trend Micro said.
All versions of Confluence Data Center and Server are affected by the flaw, which allows an unauthenticated attacker to reset Confluence and create an administrator account. “Using this account, an attacker can perform all administrative actions available to a Confluence instance administrator, leading to a full loss of confidentiality, integrity and availability,” Atlassian said.
Enterprise software giant SAP has released its November Security Patch Day, fixing three new flaws. Tracked as CVE-2023-31403 and with a CVSS score of 9.6, the most serious issue is an improper access control vulnerability flaw in SAP Business One. As a result of exploiting the issue, a malicious user could read and write to the SMB shared folder, the software giant said.
4 Chinese citizens, 1 in US illegally, allegedly found with $22.5M worth of marijuana plants in Georgia
Owners announce Boris & Horton dog-friendly cafes will reopen in coming weeks
Mercedes Reportedly Axes That Weird SUV Sedan Mashup
Loud bang mistaken for a gunshot disrupts Metro transit hearing
Liam Gallagher doubles down on Rock and Roll Hall of Fame criticism
The Best Moisturizing Body Washes I’ve Tried for My Super Dry Skin
Beyoncé Revealed She’s Dealt With Scalp Psoriasis While Promoting Her New Hair Care Line
People Who Have Had COVID Face a Much Higher Risk of Chronic Fatigue, Study Says
Meghan Markle and Prince Harry Just Fired Back at Critics With 3 Words After Sussex Website Rebrand, Canada Trip
The 5 Best Skin Care Products You Can Buy at Costco, According to a Dermatologist
‘Little People, Big World’: Amy Roloff ‘Never Wanted to Have Anything to Do With’ Caryn Chandler, She Says
‘Little People, Big World’: Amy Roloff Doesn’t Believe Matt Roloff Will Leave Her Roloff Farms
Paul McCartney Felt He Could Be ‘Goofy’ When He Sang The Beatles’ ‘Michelle’ to the Obamas
An Artist Remixed Elvis Presley’s ‘Rubberneckin” Because He Didn’t Like It Much
Nathan Fillion Revealed Why He Preferred His ‘Rookie’ Character Over Richard Castle
Sport21 hours ago
I’m an ex-Prem ace who managed in Sudan & Oman, now my son’s more famous than me
Tech17 hours ago
Updates From The Mandalorian & Grogu, and More
News21 hours ago
Camilla takes the reigns as head of the Royal family: Confident-looking Queen steps up to represent the British monarchy at memorial service attended by whole host of European royals in Charles’ absence
News17 hours ago
Lawsuit alleges New York doctor died of allergic reaction after eating at Disney World restaurant
News22 hours ago
How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin
Lifestyle20 hours ago
Diddy Denies New $30 Million Sexual Assault Lawsuit By Producer
News21 hours ago
Athens taxis on a 48-hour strike that will coincide with a nationwide public sector stoppage
News20 hours ago
King Charles waves to the public as he arrives at Clarence House – after leaving Windsor Castle before memorial to his late second cousin King Constantine of Greece