Microsoft's monthly Patch Tuesday already occurred this month, so you know what that means - more disclosed vulnerabilities. This iteration of patches included fixes for a combined 70 vulnerabilities, including one zero-day. Thankfully, none of these fall into Microsoft’s “critical” category. However, there are four Elevation of Privilege vulnerabilities targeting the Windows … [Read more...]
VMware Vulnerability: CVE-2019-5540
VMware recently released a patch on November 12th for CVE-2019-5540, an identified vulnerability within vmnetdhcp. When first reading this, I didn’t think much of it considering the “dhcp” inclusion. However, when reading the summary of the vulnerability on VMware’s website, my opinion of this changed and I thought it’d be important to briefly discuss this further. Per … [Read more...]
DNSMasq Vulnerabilities Affect Network Devices, Microservices, and More
On October 2nd, the Google security blog announced several vulnerabilities in a piece of software called DNSMasq, which offers DNS forwarding and DHCP services for small computer networks. Days before, IT Briefcase published an article I wrote about indicators of compromise in DNS logs. The article explains that an exploited DNS server may offer the path from an external to an … [Read more...]