#windows

One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol.

Intrasrv Simple Web Server version 1.0 suffers from a denial of service vulnerability.

AdvantechWeb/SCADA version 9.1.5U suffers from a post authentication remote SQL injection vulnerability.

Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of ‘access’ to the compromised host, or the ultimate delivery of ransomware payloads,” Securonix researchers

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. “These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly,

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation: * Systems that have disabled NTLM are not affected. * Apply the existing group policy to block NTLM hash. With this policy enabled, this issue for a remote SMB location client or server can be mitigated. To enable the policy: Select **Computer Configuration** > **Windows Settings** > \*\* Security Settings\*\* > **Local Policies** > **Security Options**. On the right pane, double-click the Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy per the options listed below in the Network security: **Restrict NTLM: Outgoing NTLM traffic to remote servers** documentation. **References**: * For customers running Windows Server 2008 or 2008 R2: Introducing the Restriction of NTLM Authentication * For customers runnin...

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.