News for Admins

Tech News

Article from ADMIN 49/2019
New Zero-day Vulnerability in Windows Systems, New Systemd Vulnerability Affects Most Mainstream Linux Distributions, SQLite Database Vulnerable, Microsoft Can't Catch a Break from Vulnerabilities, Hacks Abound

New Zero-day Vulnerability in Windows Systems

Security researcher John Page has found a zero-day vulnerability in Windows that could allow a remote attacker to compromise Windows machines and execute arbitrary code.

"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows," wrote Page.

However, there is a catch. "User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file," he further added.

The flaw exists in the processing of vCard files, but a hacker can disguise anything in the vCard to embed a compromised link. If any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.

For those who don't know, vCard is a VCF file format used for storing contact information. Microsoft Outlook supports vCard.


New Systemd Vulnerability Affects Most Mainstream Linux Distributions

Security researchers at Qualys have discovered three new vulnerabilities in systemd, the init system for Linux-based operating systems.

The vulnerabilities (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866) resides in the systemd-journald service and could allow an attacker to gain root access on the targeted systems.

"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on AMD64, on average," the researchers wrote.

Qualys said that all systemd-based

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus