【安全通报】Windows DNS Server远程代码执行漏洞 - Report Cyber Crime

Author:Source July 15, 2020

 Category Applications CERT-LatestNews VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesMicrosoft

Windows DNS是基础网络组件，通常安装在域控制器上，因此，本次DNS Server远程代码执行漏洞（CVE-2020-1350），可能导致严重的服务中断或获取高级域帐户。该漏洞源于Microsoft DNS服务器角色实现中的缺陷引起的，不是协议级缺陷，故不会影响任何其他非Microsoft DNS服务器或Windows DNS客户端。未经身份验证的攻击者可以通过给Windows DNS服务器发送恶意请求来利用此漏洞，成功利用此漏洞的攻击者，能够以本地系统账户的身份执行任意代码。 CVSS评分10，官方将此漏洞归类为可蠕虫攻击漏洞，可能通过恶意软件在易受攻击的计算机之间传播，无需用户干预。 CVE编号.

Source link

Write a comment: Cancel reply

 Category Linux VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesGoogle VulnerabilitiesLinux VulnerabilitiesOS

Android 权限许可和访问控制问题漏洞

September 21, 2020

Android是美国谷歌（Google）和开放手持设备联盟（简称OHA）的一套以Linux为基础的开源操作系统。Kernel是其中的一个系统内核组件。Framework是其中的一个Android框架组件。System是其中的一个系统组件。VPN是其中的一个VPN（虚拟专用网络）组件。Bluetooth是其中的一个蓝牙组件。Email是其中的一个电子邮件组件。 Android-11 版本存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞导致无线数据的本地信息公开。来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-0316 来源:vigilance. Source link

 Tags Android, Operating Systems Vulnerabilities, 权限许可和访问控制问题漏洞

 Category CERT-LatestNews Microsoft ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns

September 21, 2020

Washington, DC – In August 2019 and August 2020, a federal grand jury in Washington,...

 Tags Actors, APT41, California, Campaigns, Charged, Computer, connection, Cyber, Defendants, Imperial, Including, International, Intrusion, latest, News, Operating Systems Vulnerabilities, Press, Valley

vamtam-theme-circle-post

 Category CERT-LatestNews Malware Microsoft ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Hacker Groups Taking a Bipartisan Interest in the 2020 US Election, Making Hundreds of Attempts on Both Trump and Biden Campaigns

September 21, 2020

Election meddling has been a sore subject in the United States since 2016, with numerous...

 Tags Attempts, Biden, Bipartisan, Campaigns, Election, groups, hacker, Hundreds, Interest, making, Operating Systems Vulnerabilities, Trump

vamtam-theme-circle-post

 Category CERT-LatestNews Microsoft ThreatsActivists ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesMicrosoft VulnerabilitiesNetwork

New vulnerabilities allow hackers to bypass MFA for Microsoft 365

September 21, 2020

Critical vulnerabilities in multi-factor authentication (MFA) implementation in cloud environments where WS-Trust is enabled could...

 Tags Bypass, Hackers, MFA, Microsoft, Operating Systems Vulnerabilities, vulnerabilities

vamtam-theme-circle-post

 Category AVGNews FSecureNews KasperskyNews Malware Microsoft TrendMicroNews VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS

Bitdefender Total Security (2021) review: An already capable suite gets an incremental update

September 21, 2020

Don’t call it Bitdefender 2021, but the popular Windows antivirus suite has added several new...

 Tags bitdefender, capable, incremental, Operating Systems Vulnerabilities, Review, Security, Suite, Total, update

vamtam-theme-circle-post

 Category CERT-LatestNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Zerologon-Lücke in Windows Server: US-Regierung hat vier Tage Zeit zum Patchen

September 21, 2020

Admins der US-Regierung haben eine Anweisung erhalten, Windows Server in US-Regierungsstellen innerhalb von vier Tagen...

 Tags CVE-2020-1472, hat, Operating Systems Vulnerabilities, patchen, Server, Sicherheitslücken, Tage, USRegierung, vier, Windows, Windows Server, Zeit, Zerologon, ZerologonLücke, zum

 Category Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork

US CISA: Agencies Must Patch Zerologon Bug by Monday – Security news

September 21, 2020

US CISA: Agencies Must Patch Zerologon Bug by MondayThe US Department of Homeland Security (DHS)...

 Tags agencies, bug, CISA, Monday, News, Operating Systems Vulnerabilities, Patch, Security, Zerologon

vamtam-theme-circle-post

 Category CERT-LatestNews Microsoft ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesNetwork VulnerabilitiesOS

US CISA: Agencies Must Patch Zerologon Bug by Monday

September 21, 2020

The US Department of Homeland Security (DHS) has issued an emergency directive designed to force...

 Tags agencies, bug, CISA, Monday, Operating Systems Vulnerabilities, Patch, Zerologon

vamtam-theme-circle-post

 Category CERT-LatestNews Hardware ThreatsCybercrime ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare

You’re going to be using confidential computing sooner rather than later

September 21, 2020

Hardly a day goes by without news of yet another major data breach. Every day–every...

 Tags Computing, Confidential, Operating Systems Vulnerabilities, sooner, Youre

 Category Applications CERT-LatestNews ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications

Multiple vulnerabilities in Moodle

September 21, 2020

Risk Medium Patch available YES Number of vulnerabilities 5 CVE ID CVE-2020-25627CVE-2020-25628CVE-2020-25629CVE-2020-25630CVE-2020-25631 CWE ID CWE-79CWE-285CWE-264...

 Tags Improper Neutralization of Input During Web Page Generation (, Multiple vulnerabilities in Moodle, Stored cross-site scripting



Windows Server: Sigred ist eine wurmartige kritische Lücke in Windows DNS Microsoft устранила баг отказа LSASS и внезапной перезагрузки Windows 10