Kowatek Solar LTD
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site

Microsoft Patches Three Zero-Day Bugs This Month

Microsoft has released patches for over 70 CVEs this month. This includes three zero-day vulnerabilities currently being exploited.

The first is CVE-2023-23376, a privilege escalation flaw in the Common Log File System (CLFS) driver. Satnam Narang, senior staff researcher at Tenable, said Redmond patched two similar flaws in his CLFS driver in April 2022 and in September. Did.

The second zero-day is CVE-2023-21823. This is a remote code execution (RCE) bug in the Microsoft Windows Graphics Component that allows an attacker to execute commands with system privileges.

“It is important to be able to elevate privileges on the target system if an attacker wants to do more damage,” said Narang.

“These flaws are useful in a variety of situations, whether attackers launch attacks that exploit known vulnerabilities or via spear phishing or malware payloads. Releases of , we routinely see privilege escalation flaws being exploited in the wild.”

The final zero-day CVE-2023-21715 is a bypass of a security feature in Microsoft Office.

“A local, authenticated attacker can leverage social engineering techniques to exploit this vulnerability by tricking a potential victim into running a specially crafted file on their system, typically resulting in macro execution. It could bypass Microsoft Office security features that block .

Overall, the number of CVEs addressed in yesterday’s February Tuesday patch is lower than the January amount, but the presence of zero-day bugs has added even more urgency to system administrators, with the nine listed The same is true for critical RCE defects.

“February 2023 includes two significant RCEs: SQL Server ODBC Driver, iSCSI Discovery Service, .NET/Visual Studio, Network Authentication Framework PEAP, one for Word, and Visual Studio only. says Adam Barnett, Principal Software Engineer at Rapid7.

“Microsoft has not seen any actual exploits for these vulnerabilities, nor have any been marked as publicly disclosed. Microsoft has not confirmed that most of these have been exploited, except for the PEAP vulnerability I’m guessing it’s highly unlikely.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us