#microsoft

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild: 🔻 EoP – Windows Common Log File System Driver (CVE-2024-49138). There are no details about this vulnerability yet. Strictly speaking, there was another vulnerability that was exploited in the wild: EoP – […]

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Foxboro DCS Core Control Services Vulnerabilities: Out-of-bounds Write, Improper Validation of Array Index, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a loss of system functionality or unauthorized access to system functions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: EcoStruxure Foxboro DCS Core Control Services: Versions 9.8 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 An out-of-bounds write vulnerability exists that could cause local denial of service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. CVE-2024-5679 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vect...

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition during the execution of a specific operation that recurs in a low frequency on the target system. This might require an attacker to invest a significant amount of time to exploit the vulnerability if the race condition is not won.

**What privileges would an attacker gain by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could load a non-Microsoft DLL into an enclave, potentially leading to code execution within the context of the target enclave.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.