Zero-click Vulnerability on Windows TCP/IP IPv6 (CVE-2024-38063)
An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
VMWare ESXi 7.0 and 8.0 Multiple Vulnerabilities
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-26192)
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
NetScaler ADC and NetScaler Gateway ‘sensitive information disclosure’ & DDoS vulnerability
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway has been discovered as an exploitable target of malicious attack.
End-of-the-month Security Alerts for September 2023
Here are newly identified product-alerts and cyber-security highlights for the last week of September: 1. Google Chrome Zero-Day Vulnerability; 2. Microsoft Internet Connection Sharing (ICS) Remote Code Execution Vulnerability; 3. Cisco Catalyst SD-WAN Manager Vulnerabilities
Cisco Security Advisory for Multiple Products
Cisco published two alerts for the following products. Please follow the steps to remediate them. For assistance, contact Patrick Boyd, Director of Operations by email, Patrick.Boyd@Cornerstone.IT or by phone at 646-530-8930