Microsoft & Apple Patch Severe Security Vulnerabilities
Microsoft 365 and Apple have released crucial security updates to address several severe vulnerabilities. Microsoft patched over 100 bugs, including four already being exploited, while Apple tackled two zero-day flaws, one of which is actively exploited. Notably, Microsoft addressed a severe HTTP/2 protocol vulnerability that can amplify DDoS attacks.
Microsoft's latest updates include fixes for a critical remote code execution vulnerability in the Message Queuing (MSMQ) service (CVE-2023-35349). Additionally, they patched a vulnerability in Exchange Server that allows code execution with valid credentials (CVE-2023-36778). Amazon, Cloudflare, and Google have also addressed a severe vulnerability in the HTTP/2 protocol (CVE-2023-44487) in their cloud environments.
Apple's emergency updates for iOS include fixes for two zero-day bugs. One of these, CVE-2023-42724, is actively exploited in the wild. Another notable fix is for CVE-2023-5217, a zero-day flaw in the libvpx video codec library previously patched by Google and Microsoft 365. This is the 17th zero-day flaw patched by Apple this year.
Organizations are advised to apply these updates promptly to protect against potential security threats. Microsoft 365 and Apple's swift response to these vulnerabilities demonstrates their commitment to user security. Meanwhile, cloud service providers like Amazon, Cloudflare, and Google have also taken steps to secure their environments against the HTTP/2 protocol vulnerability.
