Microsoft Launches Phase 2 Mitigation for Zerologon Flaw

Subscribe to Newsletters

Communications & Collaboration: 2024 (March 9-10)

More Informa Tech Live Events

White Papers

Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

Balancing Hybrid Storage as Part of a Hybrid Cloud Data Management Strategy

2021 Top Enterprise IT Trends – Network Computing

7 Experts on Implementing Microsoft Defender for Endpoint

More White Papers

Video

All Videos

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-27184
PUBLISHED: 2021-02-11

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to…

CVE-2021-27191
PUBLISHED: 2021-02-11

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.

CVE-2021-22652
PUBLISHED: 2021-02-11

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

CVE-2021-22654
PUBLISHED: 2021-02-11

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

CVE-2021-22656
PUBLISHED: 2021-02-11

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

The post Microsoft Launches Phase 2 Mitigation for Zerologon Flaw appeared first on Malware Devil.

https://malwaredevil.com/2021/02/11/microsoft-launches-phase-2-mitigation-for-zerologon-flaw/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-launches-phase-2-mitigation-for-zerologon-flaw