Kowatek Solar LTD
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site

Microsoft Patches Two Zero Days This Month

Microsoft fixed over 80 vulnerabilities in this month’s Patch Tuesday Update round. This includes two zero days being actively exploited in the wild.

One of them is CVE-2023-23397, a critical privilege escalation bug in Outlook with a CVSS score of 9.8.

“This attack can be carried out without user interaction by sending a specially crafted email. This email is automatically triggered once it is retrieved by the email server. Emails can be exploited before they even appear in the preview pane,” explains Mike Walters, VP of Vulnerability and Threat Research at Action1.

“A successful exploit would give an attacker access to the user’s Net-NTLMv2 hash, which could be used to perform a pass-the-hash attack on another service to authenticate as the user. ”

This bug was reported by the Ukraine Computer Emergency Response Team (CERT-UA) and suggests it was being actively exploited by Russian threat actors.

Read more about Russian cyberattacks in Ukraine: Microsoft: Russia Launches Hundreds of Cyberattacks in Ukraine

The second zero-day CVE-2023-24880 is a Windows SmartScreen security feature bypass.

According to Microsoft, attackers can craft malicious files that can bypass Mark-of-the-Web (MOTW) defenses in features such as Protected View in Office.

“This CVE affects all currently supported versions of the Windows OS,” explains Chris Goettl, Ivanti’s vice president of security products. “With a CVSS score of only 5.4, and likely evading notice by many organizations, this CVE by itself may not be very threatening, but it could have been used in an attack chain with additional exploits. Yes, prioritizing OS updates this month reduces risk to your organization.”

Of the nine critical CVEs listed this month, CVE-2023-21708 is also a priority for security teams, claims Gal Sadeh, head of data and security research at Silverfort. This refers to a remote code execution bug in the remote procedure call runtime that allows an unauthenticated attacker to execute remote commands on the target machine.

“Attackers can use this to attack domain controllers that are open by default,” he added. “To mitigate, we recommend that the domain controller only allow RPCs from authorized networks and limit his RPC traffic to unnecessary endpoints and servers.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us