Critical Zero-Click RCE Vulnerability Discovered in Microsoft Outlook Applications
Discover the critical vulnerability CVE-2024-38021 impacting Microsoft Outlook applications, allowing zero-click remote code execution. Learn about the risks posed, the timeline of events, and the importance of immediate action to deploy patches and enhance email security measures.
Millions of OpenSSH Servers at Risk Due to Newly Disclosed Vulnerability
Millions of OpenSSH servers are at risk of a newly disclosed vulnerability, regreSSHion (CVE-2024-6387), allowing unauthenticated remote code execution. Exploiting a signal handler race condition in ‘sshd’, attackers can gain root privileges on glibc-based Linux systems. With over 14 million potentially vulnerable instances, organizations must address this critical threat promptly to prevent system takeovers and malware installations.
Microsoft Addresses Dangerous DNSSEC Flaws
Microsoft recently addressed a dangerous DNSSEC zero-day flaw, CVE-2023-50868, affecting a third-party DNSSEC mechanism called NSEC3. The delay in releasing a fix raised questions about Microsoft’s response time. Researchers also discovered another serious DNSSEC flaw, ‘KeyTrap’ (CVE-2023-50387), capable of impacting up to 31% of all DNS servers. Both vulnerabilities allow attackers to overload DNS resolvers’ CPU cycles, leading to unresponsiveness and facilitating DNS cache poisoning.
Cisco Reports Critical Vulnerability in Widely-Used Software
Cisco has reported a critical vulnerability in some of its widely-used software, urging users to patch their endpoints immediately. The flaw, tracked as CVE-2024-20253, carries a severity score of 9.9/10 and was first discovered by security researcher Julien Egloff of…