News for Admins

Tech News

New Zero-day Vulnerability in Windows Systems

Security researcher John Page has found a zero-day vulnerability in Windows that could allow a remote attacker to compromise Windows machines and execute arbitrary code.

"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows," wrote Page.

However, there is a catch. "User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file," he further added.

The flaw exists in the processing of vCard files, but a hacker can disguise anything in the vCard to embed a compromised link. If any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.

For those who don't know, vCard is a VCF file format used for storing contact information. Microsoft Outlook supports vCard.

Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt

New Systemd Vulnerability Affects Most Mainstream Linux Distributions

Security researchers at Qualys have discovered three new vulnerabilities in systemd, the init system for Linux-based operating systems.

The vulnerabilities (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866) resides in the systemd-journald service and could allow an attacker to gain root access on the targeted systems.

"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on AMD64, on average," the researchers wrote.

Qualys said that all systemd-based

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia