6037 matches found
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager NTLM and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 202...
The vulnerability of the Task Scheduler in Windows operating systems allows a malicious individual to escalate their privileges.
The vulnerability of the Task Scheduler in Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker to increase their privileges, provided that a specially crafted application is executed. Additionally, updates from...
November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the four "critical" vulnerabilities is "less likely." CVE-2024-43639 ...
Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed...
Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review
Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide. From zero-day threats to key product patches, here’s what’s crucial to apply this month. Here’s a breakdown of the updates and how they impact you...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Execution of arbitrary code User Rights - Execution of arbitrary code System Rights - Obtaining...
CVE-2024-49039
Windows Task Scheduler Elevation of Privilege Vulnerability...
CVE-2024-49039
Windows Task Scheduler Elevation of Privilege Vulnerability...
CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability
...
CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability
...
CVE-2024-49039
CVE-2024-49039 is a Windows Task Scheduler privilege-escalation vulnerability. An authenticated local attacker can elevate privileges outside of AppContainer and access privileged RPC functions via the Task Scheduler, enabling local privilege escalation with high impact (CVE-2024-49039). There ar...
kernel: Revert "sched/fair: Make sure to try to detach at least one movable task"
In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.maxloop if all tasks examined to...
kernel: powerpc/smp: do not decrement idle task preempt count in CPU offline
A vulnerability was found in the Linux kernel's powerpc/smp architecture, where the idle task's preemption count was incorrectly decremented during the CPU offline process. This issue caused a "scheduling while atomic" error when a CPU was offlined and then onlined again, leading to potential...
kernel: io_uring/rsrc: don't lock while !TASK_RUNNING
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't lock while !TASKRUNNING There is a report of iorsrcrefquiesce locking a mutex while not TASKRUNNING, which is due to forgetting restoring the state back after ioruntaskworksig and attempts to break out of the...
kernel: drm/amdgpu: change vm->task_info handling
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm-taskinfo handling This patch changes the handling and lifecycle of vm-taskinfo object. The major changes are: - vm-taskinfo is a dynamically allocated ptr now, and its uasge is reference counted. - introduci...
kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
A vulnerability was found in the dotaskstat function in the Linux kernel, where due to excessive lock contention, a potential hard lockup could be created. This can create a performance bottleneck and lead to kernel unresponsiveness...
kernel: rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle()
A hung task warning issue was found in the RCU scaling test module. When the holdoff parameter exceeds hungtasktimeoutsecs, the kernel logs a hung task warning for the rcuscalewriter kthread...
kernel: perf: Fix event leak upon exec and file release
Linux kernel perf pending task work is never waited upon the matching event release; in the case of a child event, released via freeevent directly, this can potentially result in a leaked event...
kernel: perf: Fix event leak upon exit
A logical flaw exists in the Linux kernel. When a task is scheduled, pending sigtrap deliveries are deferred to the target task upon resuming to userspace via taskwork. However, failures are ignored while adding an event's callback to the taskwork engine. Since the last call for the event exit...
kernel: scsi: qedf: Make qedf_execute_tmf() non-preemptible
A vulnerability was found in the Linux kernel's qedf driver function qedfexecutetmf, where the function call smpprocessorid is done from preemptible code before acquiring a lock which can result in BUGON when running an RT kernel. This can result in system inconsistencies...