It Was A Light Patch Tuesday, But One Addresses A 9.8

Source: The Register It Was A Light Patch Tuesday, But One Addresses A 9.8

The Wi-Fi RCE Is Also Somewhat Terrifying

Another Patch Tuesday has come and gone, or at least it has if you rebooted to install the updates.  You should probably get on that if you haven’t already, as there is a somewhat mysterious 8.8 vulnerability addressed that anyone with a WiFi card will want ASAP.  The bug hasn’t been leveraged yet, as far as we know, which is why the details are scarce but what we know is bad enough.  An unauthenticated user on a network can send malicious networking packets to other machines on that network and trigger remote code execution over WiFi, without the victim being any the wiser.

The 9.8 is another RCE bug, this time leveraging the Microsoft Message Queuing service found on servers, again a malicious packet can trigger arbitrary code execution to allow an attacker to take over your server.   Last, but not least is a patch addressing a DNSSEC validation issue that we’ve known about for a bit.  It enables an attacker to send excessive resources to a DNS resolver, causing a CPU usage spike which can take down said DNS resolver.

Patch early, patch often … except when the patches break more than they fix!

There's also the scary-looking CVE-2024-30078, a Wi-Fi driver remote code execution hole rated 8.8 in severity. It's not publicly disclosed, not yet under attack, and exploitation is "less likely," according to Redmond.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!