Microsoft Addresses Dangerous DNSSEC Flaws
Microsoft recently addressed a dangerous DNSSEC zero-day flaw, CVE-2023-50868, affecting a third-party DNSSEC mechanism called NSEC3. The delay in releasing a fix raised questions about Microsoft’s response time. Researchers also discovered another serious DNSSEC flaw, ‘KeyTrap’ (CVE-2023-50387), capable of impacting up to 31% of all DNS servers. Both vulnerabilities allow attackers to overload DNS resolvers’ CPU cycles, leading to unresponsiveness and facilitating DNS cache poisoning.
Microsoft Releases Windows 11 KB5039212 Cumulative Update with Thirty-Seven Improvements
Microsoft has released the latest KB5039212 cumulative update for Windows 11 version 23H3, featuring thirty-seven improvements including enhanced drag-and-drop support in File Explorer. This update, part of Microsoft’s June 2024 Patch Tuesday, includes security updates and can be accessed through Windows Update or direct download. Key highlights of the update include preventing accidental closure of Windows share window, introduction of Linked devices page in Settings, and ability to create QR codes for URLs and cloud files.
New Zero-Day Vulnerability Discovered in Windows Operating Systems
Cybersecurity experts have identified a new zero-day vulnerability in Windows operating systems, known as CVE-2024-30051, that could lead to privilege escalation. A patch was released by Microsoft on May 14, 2024, following the discovery of an exploit for this vulnerability. Users are advised to update their systems to prevent potential attacks.
Microsoft Releases April 2024 Patch Tuesday with Fixes for 150 Security Flaws
Microsoft’s April 2024 Patch Tuesday addresses 150 security flaws, including 67 remote code execution vulnerabilities and two zero-day vulnerabilities. The update also covers non-security updates and fixes for various other vulnerabilities, including those in Microsoft SQL drivers and Secure Boot bypasses.