8 matches found
Exploit for Authentication Bypass by Spoofing in Microsoft
CVE-2024-20674 This is my take at an exploit of the public CV...
Patch now! First patch Tuesday of 2024 is here
Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. With a relatively low number of patches—and only two of them critical—this makes it a relatively quiet month, which is certainly not the norm in January. The Common Vulnerabilities and Exposures CVE...
Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at...
CVE-2024-20674 Windows Kerberos Security Feature Bypass Vulnerability
...
CVE-2024-20674
CVE-2024-20674 is a Windows Kerberos security feature bypass vulnerability. The connected exploit doc describes a logic bug in the client-side handling of Kerberos U2U TGT-REP that can enable authentication bypass via a network MITM and spoofing, potentially allowing an attacker to impersonate th...
KB5034134: Windows 10 LTS 1507 Security Update (January 2024)
The remote Windows host is missing security update 5034134. It is, therefore, affected by multiple vulnerabilities - Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2024-20654 - BitLocker Security Feature Bypass Vulnerability CVE-2024-20666 - Windows Kerberos Security Feature Bypass...
KB5034119: Windows 10 Version 1607 and Windows Server 2016 Security Update (January 2024)
The remote Windows host is missing security update 5034119. It is, therefore, affected by multiple vulnerabilities - Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2024-20654 - BitLocker Security Feature Bypass Vulnerability CVE-2024-20666 - Windows Kerberos Security Feature Bypass...
KB5034184: Windows Server 2012 Security Update (January 2024)
The remote Windows host is missing security update 5034184. It is, therefore, affected by multiple vulnerabilities - Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2024-20654 - Windows Kerberos Security Feature Bypass Vulnerability CVE-2024-20674 - Windows Group Policy Elevation of...