CVE-2024-43468 (Last Update: 17.10.2024 23:17) - Products: Microsoft Configuration Manager - Info: Microsoft Configuration Manager Remote Code Execution Vulnerability || CVE-2024-38124 (Last Update: 17.10.2024 23:17) - Products: Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) - Info: Windows Netlogon Elevation of Privilege Vulnerability || CVE-2022-34722 (Last Update: 17.10.2024 17:48) - Products: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) - Info: Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability || CVE-2024-38175 (Last Update: 16.10.2024 01:53) - Products: Azure Managed Instance for Apache Cassandra - Info: Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability || CVE-2024-38109 (Last Update: 16.10.2024 01:53) - Products: Azure Health Bot - Info: Azure Health Bot Elevation of Privilege Vulnerability || CVE-2024-38140 (Last Update: 16.10.2024 01:53) - Products: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 Version 24H2 - Info: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability || CVE-2024-38063 (Last Update: 16.10.2024 01:53) - Products: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 Version 24H2 - Info: Windows TCP/IP Remote Code Execution Vulnerability || CVE-2024-38199 (Last Update: 16.10.2024 01:53) - Products: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) - Info: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability || CVE-2024-38160 (Last Update: 16.10.2024 01:53) - Products: Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) - Info: Windows Network Virtualization Remote Code Execution Vulnerability || CVE-2024-38159 (Last Update: 16.10.2024 01:53) - Products: Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation) - Info: Windows Network Virtualization Remote Code Execution Vulnerability || CVE-2024-38108 (Last Update: 16.10.2024 01:53) - Products: Azure Stack Hub - Info: Azure Stack Hub Spoofing Vulnerability || CVE-2024-45115 (Last Update: 10.10.2024 13:41) - Products: Adobe Commerce - Info: Adobe Commerce | Improper Authentication (CWE-287) || CVE-2024-21403 (Last Update: 09.10.2024 01:50) - Products: Azure Kubernetes Service - Info: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability || CVE-2024-21376 (Last Update: 09.10.2024 01:50) - Products: Azure Kubernetes Service - Info: Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability || CVE-2024-21364 (Last Update: 09.10.2024 01:50) - Products: Azure Site Recovery - Info: Microsoft Azure Site Recovery Elevation of Privilege Vulnerability || CVE-2024-21413 (Last Update: 09.10.2024 01:49) - Products: Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016 - Info: Microsoft Outlook Remote Code Execution Vulnerability || CVE-2024-21410 (Last Update: 09.10.2024 01:49) - Products: Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 13, Microsoft Exchange Server 2019 Cumulative Update 14 - Info: Microsoft Exchange Server Elevation of Privilege Vulnerability || CVE-2024-21401 (Last Update: 09.10.2024 01:49) - Products: Entra - Info: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability || CVE-2024-29990 (Last Update: 09.10.2024 01:41) - Products: Azure Kubernetes Service - Info: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability || CVE-2024-43491 (Last Update: 09.10.2024 01:26) - Products: Windows 10 Version 1507 - Info: Microsoft Windows Update Remote Code Execution Vulnerability ||

Sie sehen gerade einen Platzhalterinhalt von Spotify. Um auf den eigentlichen Inhalt zuzugreifen, klicken Sie auf die Schaltfläche unten. Bitte beachten Sie, dass dabei Daten an Drittanbieter weitergegeben werden.

Mehr Informationen

Weinempfehlung

Übertrag aus letzter Folge / Sonstiges

  • LÜKEX 2023
    • Aktuell sind keine Ergebnisse bekannt, Durchführung wurde medial begleitet
  • Sony Hack
    • Zweiter Angreifer proklamiert den Hack für sich und veröffentlicht weitere Infos / Details (z.B. Lizenzgeneratoren, Zertifikate)
  • Hochschule Furtwangen
    • AlphaV – Gruppe beansprucht den Hack für sich
  • Wir feiern den „Tag der Deutschen Einheit“, spannende Einblicke in die Hackerszene der DDR unter https://taz.de/Forscherin-ueber-fruehe-Hackerszene/!5762390/

Gehackte Unternehmen

Motel One

Stadt Essen

  • Abgewehrter Angriff auf die IT der Stadt Essen
  • In der IT der Stadt Essen gibt es laufende Umstellungen von Exchange 2013 und Server 2012 R2.
    • Hinweis: Support für Server 2012 R2 (und frühere Produkte) endet am 10. Oktober 2023, hier besteht akuter Handlungsbedarf, ab dann gibt es keine Sicherheitsupdates mehr!
  • Quelle: https://www.essen.de/meldungen/pressemeldung_1510229.de.html

Schwachstellen

CISCO IOS und IOS XE

Webp – Lücke

JFROG Artifactory

  • Schwachstelle erlaubt unauthentifizierten Benutzern, E-Mails mit manipuliertem Inhalt zu senden. Möglicher Angriffsvektor in Richtung privilegierter Accounts, da JFROG Artifactory in der Regel von Entwicklern verwendet wird.
  • CVSS: 5.8.
  • CVE: CVE-2023-42508.
  • Quelle: https://vuldb.com/?id.241159

Acronis Cyber Protect 15

EXIM (SMTP Server)

Microsoft Sharepoint