Security
Headlines
HeadlinesLatestCVEs

Tag

#lenovo

Intel Responds to ‘Downfall’ Attack with Firmware Updates, Urges Mitigation

By Habiba Rashid New Intel Processor Vulnerability "Downfall" Discovered: Threats to Data Security Amplify This is a post from HackRead.com Read the original post: Intel Responds to ‘Downfall’ Attack with Firmware Updates, Urges Mitigation

HackRead
Open in Source
#vulnerability#web#mac#apple#google#microsoft#intel#pdf#lenovo#amd#samsung#auth#ssl
Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 130 vulnerabilities, nine are rated Critical and 121 are rated Important in severity. This is in addition to eight flaws the tech giant patched in its Chromium-based Edge browser towards the end of

CVE-2023-3113: Lenovo XClarity Administrator (LXCA) Vulnerabilities - Lenovo Support US

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.

CVE-2023-2290: ThinkPad BIOS Vulnerabilities - Lenovo Support US

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2023-2993: System Management Module (SMM) v1 and v2 / Fan Power Controller (FPC) Vulnerabilities - Lenovo Support US

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

How Shady Chinese Encryption Chips Got Into the Navy, NATO, and NASA

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser