CERT-In identifies multiple vulnerabilities in Microsoft and Red Hat Linux Kernel products

0

CERT-In issued alerts on Wednesday for several vulnerabilities in Microsoft products, including Microsoft Exchange, Microsoft Windows Support Diagnostic Tool, and Red Hat Linux Kernel. The vulnerabilities are said to be used by remote attackers to access sensitive information and execute arbitrary code on Microsoft products, while in Red Hat Linux Kernel they can be exploited to gain elevated privileges and access sensitive information.

CERT-In issued alerts on Wednesday for several vulnerabilities in Microsoft products, including Microsoft Exchange, Microsoft Windows Support Diagnostic Tool, and Red Hat Linux Kernel. The vulnerabilities are said to be used by remote attackers to access sensitive information and execute arbitrary code on Microsoft products, while in Red Hat Linux Kernel they can be exploited to gain elevated privileges and access sensitive information.

In Microsoft products

Microsoft products include Windows, Microsoft Office, Microsoft Exchange Server, Azure, System Center Operations Manager, and Visual Studio, which can be exploited by an attacker to access sensitive information, bypass security restrictions, perform denial of services and impersonation or execute arbitrary code on targeted systems.

(Sign up for our technology newsletter, Today’s Cache, for insights into emerging themes at the intersection of technology, business and politics. Click here to subscribe for free.)

On Microsoft Windows and Office, the vulnerabilities can be used by remote attackers to gain elevated privileges, disclose information by bypassing security restrictions, and cause denial of service.

In Microsoft Exchange Server and Azure, vulnerabilities can be used by attackers to disclose information by gaining elevated privileges on the targeted system. The Microsoft Exchange High Severity Vulnerability can be used by an attacker to read email messages on targeted systems.

The vulnerability in Exchange exists due to inappropriate access restrictions and attackers have been known to exploit this by tricking victims into opening specially crafted content.

And while System Center Operations Manager vulnerabilities can allow attackers to gain elevated privileges, in Visual Studio attackers can remotely execute code to perform spoofing attacks.

High severity vulnerabilities have also been reported in Microsoft Windows Support Diagnostic Tool (MSDT) that could allow a remote attacker to execute arbitrary code on the targeted system.

According to CERT-In, this vulnerability exists due to a cross-path weakness and has been used by remote attackers by sending specially crafted requests to targeted systems.

Applying appropriate software updates has been recommended to fix the vulnerabilities.

In the Red Hat Linux kernel

The medium-severity vulnerabilities in Red Hat Linux Kernel exist due to an information leak in scsiioctIO); use-after-free in the new tfilter) in net/sched/cls_api.c; Incomplete cleanup of multi-core shared buffers (aka SBDR), microarchitectural padding buffers (aka BDS), and specific special register write operations (aka DRP.

These vulnerabilities have been reported to be exploited by sending specially crafted requests to gain elevated privileges in the targeted systems.

Successful exploitation of these vulnerabilities may allow attackers to obtain sensitive information or gain elevated privileges.

The application of appropriate software patches has been suggested to fix these vulnerabilities.

Share.

Comments are closed.