patched

Enterprise Vulnerabilities

5 things to know about the bugs patched in OpenSSL version 3.0.7

The first: This isn’t Heartbleed redux [298 words]. What bugs were fixed: OpenSSL version 3.0.7 fixes two “high” severity vulnerabilities in OpenSSL versions 3.0.0 to 3.0.6. The vulnerabilities are CVE-2022-3786 an X.509 Email Address Variable Length Buffer Overflow and CVE-2022-3602, an X.509 Email Address 4-byte Buffer Overflow. The bugs are tied to a punycode decoding […]

Read More
Breaches Vulnerabilities

Zscaler releases technical details—and PoC—for now-patched Windows 0-day

Microsoft has rated the previously exploited CVE-2022-37969 as being of high-severity, so now might be a good time to patch (264 words). What: New technical details and proof-of-concept code have become available on a zero-day bug in the Windows Common Log File System Driver (CLFS.sys) that Microsoft addressed in its September 2022 security update (CVE-2022-37969) […]

Read More
Enterprise Vulnerabilities

Here are the highlights of Microsoft’s October 2022 Security Update

Microsoft released fixes for a total of 84 CVEs across its products [300 words]. One of the vulnerabilities that Microsoft patched today is a zero-day that is being actively exploited: Windows COM+ Event System Service Elevation of Privilege Vulnerability (CVE-2022-41033):  An attacker could gain system level privileges. Two other recently disclosed zero-days (CVE-2022-41040 and CVE-2022-41082) […]

Read More