Mar 11, 2021
As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.
Microsoft rolled out updates to plug some security holes in its Windows operating systems and other software. A major concern for enterprises is a critical bug in the DNS service on Windows Server 2008 through 2019 that can be used to remotely install software of the attacker’s choice. CVE-2021-24078 earned a CVSS score of 9.8, which is as risky as they come.
This vulnerability can be exploited remotely by getting a vulnerable DNS server to query for a domain it has not come across before. For example, sending a phishing email with a link to a new domain or images embedded that call out to a new domain.
CVE-2021-24078 could let a cyber attacker steal lots of data by changing the destination for the web traffic of an organization. For instance, pointing internal appliances or outlook email access at a malicious server.
Latest Updates and Solutions
Prefer to listen instead? We got you covered 😏
CVE-2021-24078 could let a cyber attacker steal lots of data by changing the destination for the web traffic of an organization.
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)j00sean (https://twitter.com/j00sean) July 11, 2023
CVE-2021-38294: Apache Storm Nimbus Command InjectionZeyad Abdelazim June 20, 2023
CVE-2023-21931 & CVE-2023-21839 RCE via post-deserializationMohammad Hussam Alzeyyat June 19, 2023
Have you missed them? The new reports feature is here!Noa Machter May 14, 2023
CVE-2021-45456 Apache Kylin RCE ExploitMohammad Hussam Alzeyyat April 30, 2023