Af Eskil Sørensen, 27/07/21
Microsoft deler oplysninger om afhjælpning af ny PetitPotam NTLM-angreb
Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers.
https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-new-petitpotam-ntlm-relay-attack/
Kritisk sårbarhed i Hyper-V har tilladt angriber at udnytte Azureoit Azure
The vulnerability lies in vmswitch.sys – Hyper-V’s network switch driver. It is triggered by sending a specially crafted packet from a guest virtual machine to the Hyper-V host and can be exploited to obtain both DoS and RCE. The security flaw first appeared in a build from August 2019, suggesting that the bug was in production for more than a year and half. It affected Windows 7, 8.1 and 10 and Windows Server 2008, 2012, 2016 and 2019.
Apple retter nul-dagssårbarhed der påvirker iPhone og Mac
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher.