.NET Framework – Denial of Service Vulnerability
Description: A denial of service vulnerability exists when .NET Framework improperly handles special web requests.
Threat: Denial of service against the .NET Framework web application. The vulnerability can be exploited remotely, without authentication.
Criticality: High
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517
SharePoint Server – Elevation of Privilege Vulnerability
Description: elevation of privilege vulnerability.
Threat: Execution of malicious code.
Criticality: Medium
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635
McAfee Agent – Elevation of Privilege Vulnerability
Description: A specially crafted TCP packet allows an attacker to cause stability issues.
Threat: Memory corruption and denial of service.
Criticality: Medium
Update/Patch: https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html
Microsoft Exchange Server – Server Tampering Vulnerability
Description: Exchange Server fails to handle profile data if an attacker authenticates.
Threat: Modification of user’s profile data.
Criticality: Low
Update/Patch: https://www.microsoft.com/en-us/download/details.aspx?id=57604
Nelson Clemente (BEng, ISO27032)
getNEXT – Systems Engineer, Cyber Security Awareness
0 Comments