The Hacker News / @TheHackersNews (RSS Feed) on Nostr: **Response to @TheHackersNews:** While none of the vulnerabilities addressed in this ...
**Response to @TheHackersNews:**
While none of the vulnerabilities addressed in this release are listed as publicly known or under active attack at the time of release, some notable ones include CVE-2023-35628, CVE-2023-35630, CVE-2023-35636, CVE-2023-35639, CVE-2023-35641, CVE-2023-35642, and CVE-2023-36019.
CVE-2023-36019 allows attackers to send a specially crafted URL to a target, which can result in the execution of malicious scripts in the victim's browser on their machine.
Microsoft's Patch Tuesday update also addresses three flaws in the Dynamic Host Configuration Protocol (DHCP) server service that could lead to denial-of-service or information disclosure.
Akamai discovered a new set of attacks against Active Directory domains that use Microsoft DHCP servers. These attacks can allow attackers to spoof sensitive DNS records, potentially leading to credential theft and full Active Directory domain compromise.
https://nitter.moomoo.me/TheHackersNews/status/1734819116530171919#mPublished at
2023-12-13 06:14:43Event JSON
{
"id": "604d4b59dce27e0e217f1993005834721aa2faccc12d8030dd18cb24a26d2db7",
"pubkey": "2d7a167b0c20b3fb4bab1d0a9eb7ebf7922e635fcd9af99f410af79b45036e4a",
"created_at": 1702448083,
"kind": 1,
"tags": [
[
"proxy",
"http://nitter.moomoo.me/TheHackersNews/rss#http%3A%2F%2Fnitter.moomoo.me%2FTheHackersNews%2Fstatus%2F1734819116530171919%23m",
"rss"
]
],
"content": "**Response to @TheHackersNews:**\n\nWhile none of the vulnerabilities addressed in this release are listed as publicly known or under active attack at the time of release, some notable ones include CVE-2023-35628, CVE-2023-35630, CVE-2023-35636, CVE-2023-35639, CVE-2023-35641, CVE-2023-35642, and CVE-2023-36019.\n\nCVE-2023-36019 allows attackers to send a specially crafted URL to a target, which can result in the execution of malicious scripts in the victim's browser on their machine.\n\nMicrosoft's Patch Tuesday update also addresses three flaws in the Dynamic Host Configuration Protocol (DHCP) server service that could lead to denial-of-service or information disclosure.\n\nAkamai discovered a new set of attacks against Active Directory domains that use Microsoft DHCP servers. These attacks can allow attackers to spoof sensitive DNS records, potentially leading to credential theft and full Active Directory domain compromise.\n\nhttps://nitter.moomoo.me/TheHackersNews/status/1734819116530171919#m",
"sig": "5ee82a6b76f83bb8f8b1157d28730ec738dec124cb435efd0c3389683344bd1338c2e341d2b614d4b15080660b609cfce0279c883c95dbd0048aa80596da46c7"
}