It Was A Light Patch Tuesday, But One Addresses A 9.8
The Wi-Fi RCE Is Also Somewhat Terrifying
Another Patch Tuesday has come and gone, or at least it has if you rebooted to install the updates. You should probably get on that if you haven’t already, as there is a somewhat mysterious 8.8 vulnerability addressed that anyone with a WiFi card will want ASAP. The bug hasn’t been leveraged yet, as far as we know, which is why the details are scarce but what we know is bad enough. An unauthenticated user on a network can send malicious networking packets to other machines on that network and trigger remote code execution over WiFi, without the victim being any the wiser.
The 9.8 is another RCE bug, this time leveraging the Microsoft Message Queuing service found on servers, again a malicious packet can trigger arbitrary code execution to allow an attacker to take over your server. Last, but not least is a patch addressing a DNSSEC validation issue that we’ve known about for a bit. It enables an attacker to send excessive resources to a DNS resolver, causing a CPU usage spike which can take down said DNS resolver.
Patch early, patch often … except when the patches break more than they fix!
There's also the scary-looking CVE-2024-30078, a Wi-Fi driver remote code execution hole rated 8.8 in severity. It's not publicly disclosed, not yet under attack, and exploitation is "less likely," according to Redmond.
More Tech News From Around The Web
- China State Hackers Infected 20,000 Fortinet VPNs, Dutch Spy Service Says @ Slashdot
- PC makers hopeful that Chromebook refresh cycles about to kick in @ The Register
- Microsoft deprecates Windows DirectAccess, recommends Always On VPN @ Bleeping Computer
- Apple Quietly Improves Mac Virtualization in macOS 15 Sequoia @ Slashdot
- Musk wants to ban Apple at his companies for cosying up to OpenAI @ The Register
- Exploring GIGABYTE’s AI Exhibition: Humanity X Art X Technology @ The FPS Review
- eufy S120 Solar Wall Light Cam Review @ NikKTech