Wednesday , February 5 2025
Microsoft

Microsoft patched for 48 CVEs on Tuesday January 2024

infosecbulletin Wednesday , January 10 2024 International

Microsoft disclosed 48 vulnerabilities in its products and services in 2024. 46 of them are considered “important” severity.

A critical security vulnerability, known as CVE-2024-20674, was fixed on Tuesday. This vulnerability affects the Windows Kerberos authentication protocol. By carrying out a man-in-the-middle attack, an attacker could exploit this vulnerability to pretend to be the Kerberos authentication server and bypass the authentication process.

CISA Adds 4 Actively Exploited Vuls to KEV Catalog

By infosecbulletin / Wednesday , February 5 2025
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, noting they are actively being exploited. The list...
Read More
CISA Adds 4 Actively Exploited Vuls to KEV Catalog

AMD Patches CPU Vulnerability

By infosecbulletin / Wednesday , February 5 2025
AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially...
Read More
AMD Patches CPU Vulnerability

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

By infosecbulletin / Wednesday , February 5 2025
Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants...
Read More
Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

By infosecbulletin / Wednesday , February 5 2025
Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8)...
Read More
Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability

By infosecbulletin / Tuesday , February 4 2025
Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow...
Read More
CVE-2025-21415 Microsoft Patches Critical Azure AI Face Service Vulnerability

Daily Security Update Dated:4.02.2025

By infosecbulletin / Tuesday , February 4 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated:4.02.2025

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

By infosecbulletin / Tuesday , February 4 2025
In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in...
Read More
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

.Gov Domains Weaponized in Phishing Surge

By infosecbulletin / Monday , February 3 2025
A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to...
Read More
.Gov Domains Weaponized in Phishing Surge

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

By infosecbulletin / Sunday , February 2 2025
The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...
Read More
RedSentry presents Hacked 101 Seminar Successfully Ended at UITS

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...
Read More
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

Microsoft believes that the vulnerability is more likely to be exploited because Keberos is present on many popular operating systems.

Another important issue is CVE-2024-20700, which allows for remote code execution in Windows Hyper-V. An attacker needs to win a race condition and gain access to a restricted network for the exploit to work.

Two more remote code execution vulnerabilities are important: CVE-2024-21307 in Windows Remote Desktop Client and CVE-2024-21318 in SharePoint Server.

CVE-2024-21307 is a vulnerability that can be exploited when an authenticated user connects to a malicious remote desktop server. The server sends a specially designed Server RDP Preconnection that targets the remote client’s drive redirection virtual channel. This can result in remote code execution on the victim’s machine.

CVE-2024-21318 can be exploited by attackers with relative ease. They only need to write and inject specific code to SharePoint Server.
The Windows Kernel has a vulnerability called CVE-2024-20698, which allows an attacker to gain SYSTEM privileges. There are no details on how the attacker can exploit this vulnerability.

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.

Check Also

Malware Trends Review 2024: Ever Recorded Cyber Threats

Last year saw a significant rise in cyber threats, with malware becoming more advanced and …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin