Patch/Configuration Management

Such a vulnerability — which stems from a USB Video Class driver out-of-bounds write issue that could be exploited for privilege escalation — may have been used by forensic data extraction tools, according to the GrapheneOS development team.

The vulnerability affects Veeam Backup for Salesforce, AWS, Microsoft Azure, Google Cloud and more.

The UK’s cybersecurity regulator has pitched a plan that would see the elimination of vulnerability ratings.

"A new certificate has already been deployed in OCS, and any server that is updated to any Exchange Server Cumulative Update or Security Update newer than March 2023 will continue to be able to check for new EEMS mitigations," the Exchange Team said.

Apple fixes multimedia flaw with improved CoreMedia memory management.

Small and midsize companies tend not to check for NAS updates, so customers advised to patch right away.

Such lagging vulnerability remediation for ProxyLogon significantly contrasts patching activities for a pair of Ivanti flaws also leveraged in Salt Typhoon attacks, tracked as CVE-2023-46805 and CVE-2024-21887, which have been addressed in over 92% of affected Ivanti devices, findings from Tenable revealed.