Plus, a POC to make it extra easy for attackers
A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency .extravaganza, and while it wasn't listed as exploited or publicly known at the time, Redmond did note that exploitation was"more likely."
"An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," according to the July 9out there, so the risk of miscreants finding and abusing this bug is even greater — and now they don't even need to write the code themselves.
Now that it's been added to Uncle Sam's KEV, all Federal Civilian Executive Branch agencies must apply the Microsoft fix no later than November 12. Although this mandate only applies to FCEB agencies,"CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation" of CVEs listed in the catalog., in its September Patch Tuesday event.
Singapore Latest News, Singapore Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Doomsday '9.9 RCE bug' could hit every Linux systemNo fix yet plus criticalness plus uncertainty plus talk of example exploit equals nightmare
Read more »
'Patch yesterday': Zimbra mail servers under siege through RCE vulnAttacks began the day after public disclosure
Read more »
Microsoft cleans up hot mess of Patch Tuesday previewGo forth and install your important security fixes
Read more »
Germany To Keep Closer Eye On Microsoft Over Anti-Competitive PracticesThe German Federal Cartel Office (Bundeskartellamt) is intensifying its scrutiny of Microsoft, aiming to prevent anti-competitive practices in cloud computing and AI. This move comes after Microsoft was designated as a 'business of paramount significance' under German law, granting the cartel office increased authority to intervene in potential unfair behavior.
Read more »
Google Cloud Files Antitrust Complaint Against Microsoft Over Licensing PoliciesGoogle Cloud Platform has filed a complaint with the European Commission alleging that Microsoft's software licensing policies are anti-competitive. The complaint claims that customers are being charged four times more to run Windows Server in non-Azure clouds.
Read more »
Xbox Live outage now fixed, says MicrosoftMicrosoft has now fixed a major Xbox Live outage, which prevented players from signing in to the Xbox network and getting online. [updated]
Read more »