Threat Report 12/10/24
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. Below are the vulnerabilities that remediated with the VMware-provided patches:
Affected Systems:
Remediation Recommendations
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.
Affected Systems:
Risk
Remediation Recommendations
References
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
Risk
Remediation Recommendations
References
Akamai this morning released a report describing "a new privilege escalation technique affecting Active Directory (AD) environments that leverages the DHCP administrators' group." The researchers explain, "In cases where the DHCP server role is installed on a Domain Controller (DC), this could enable them to gain domain admin privileges." Akamai notes, "The technique is based on abuse of legitimate features and doesn’t rely on any vulnerability. Therefore, a fix for it doesn’t exist."
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Multiple vulnerabilities have been discovered in Google Android...
Critical Patches Issued for Microsoft Products Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could...
Multiple Vulnerabilities in Microsoft Edge (Chromium-Based) Could Allow for Arbitrary Code Execution Multiple vulnerabilities have been discovered...