Today’s Security Advisories

The page contains today’s important security advisories and news bulletins that are critical to me in my daily work as an SQL Server Database Developer.

 

 

 

 

• 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
• 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
• 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
• 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
• 4025685 - Guidance related to June 2017 security update release - Version: 1.0
• 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
• 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
• 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
• 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
• 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0

 

 

 

 
See also: US CERT Alerts.

• VU#806555: A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
• VU#282450: Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
• VU#211341: A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
• VU#760160: libexpat library is vulnerable to DoS attacks through stack overflow
• VU#722229: Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
• VU#360686: Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default
• VU#667211: Various GPT services are vulnerable to two systemic jailbreaks, allows for bypass of safety guardrails
• VU#252619: Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
• VU#726882: Paragon Software Hard Disk Manager product line contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks
• VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)
• VU#733789: ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit"
• VU#199397: Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
• VU#952657: Rsync contains six vulnerabilities
• VU#529659: Howyar Reloader UEFI bootloader vulnerable to unsigned software execution
• VU#164934: PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement