![]() ![]() ![]() “It is crucial for organizations to apply the latest patches and updates from their web server vendors to mitigate this vulnerability and protect against such attacks,” Silva said. Natalie Silva, lead security engineer at Immersive Labs, said this flaw’s impact to enterprise customers could be significant, and lead to prolonged downtime. “This lets attackers skip waiting for responses, resulting in a more efficient attack,” Menscher explained. Google’s Damian Menscher wrote on Twitter/X that the exploit - dubbed a “ rapid reset attack” - works by sending a request and then immediately cancelling it (a feature of HTTP/2). This weakness is not specific to Windows but instead exists within the HTTP/2 protocol used by the World Wide Web: Attackers have figured out how to use a feature of HTTP/2 to massively increase the size of distributed denial-of-service (DDoS) attacks, and these monster attacks reportedly have been going on for several weeks now.Īmazon, Cloudflare and Google all released advisories today about how they’re addressing CVE-2023-44487 in their cloud environments. For anyone keeping count, this is the 17th zero-day flaw that Apple has patched so far this year.įortunately, the zero-days affecting Microsoft customers this month are somewhat less severe than usual, with the exception of CVE-2023-44487. However, as Bleeping Computer pointed out, this flaw is caused by a weakness in the open-source “ libvpx” video codec library, which was previously patched as a zero-day flaw by Google in the Chrome browser and by Microsoft in Edge, Teams, and Skype products. The patch fixes CVE-2023-42724, which attackers have been using in targeted attacks to elevate their access on a local device.Īpple said it also patched CVE-2023-5217, which is not listed as a zero-day bug. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.Īpple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 in response to active attacks. Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |