Description
Quick recap summarising a few prolific Cybersecurity Incidents and Events during the month of October 2023:
Security Advisories
- Oct 1 – CVE Summary: Six 0day exploits were filed against Exim
- Oct 1 – CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
- Oct 3 – CVE-2023-4911: Local Privilege Escalation in the glibc’s ld.so
- Oct 10 – CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations
- Oct 10 – CVE-2023-38545: curl: SOCKS5 heap buffer overflow
- Oct 11 – CVE-2023-38546: curl: Cookie injection
- Oct 11 – CVE-2023-5631: XSS vulnerability in Roundcube webmail
Operating Systems
Other
- Oct 5 – Microsoft Teams switches from Electron Framework to its in-house Webview2 Framework used in Edge!
- What this means?
- Microsoft Teams Client no longer available for Linux Distributions?
- Script injection less likely with removal of Electron Framework (a framework with some very well known attack vectors).
- New Microsoft Teams Client rolled out to Windows and MacOS.
- Ability to login to multiple accounts/tenants (no need more multi container instances anymore!).
- Inability to de-auth or faciliate a logout when clicking “Sign Out” (this is possibly a new issue/feature introduced with the credential storage location on MacOS. Hint: Keychain)
- What this means?