CVE-2020-6262

Full details of security vuln plus proof-of-concept exploits revealed We spent way too long on this Microsoft, Intel, Adobe, SAP, Red Hat Patch Tuesday article. Just click on it, pretend to read it, apply updates

We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details. SEC Consult will today, we're told, reveal the nitty-gritty of the flaw on its website, giving miscreants the info they need to exploit any vulnerable systems they can find. The infosec biz's Alexander Meier and Fabian Hag found the security hole and reported it to SAP in April. It was patched in ...

Nothing too scary. Plus updates from SAP, Adobe, VMware One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

Patch Tuesday The May edition of Patch Tuesday landed this week. And there are scores of security fixes to install. A total of 111 fixes were released by Microsoft, though on the bright side none are being actively exploited, as far as we know. Sixteen earned Microsoft's top rating of critical, and range from remote code execution to elevation of privilege. One standout programming blunder was CVE-2020-1067, a remote-code execution (RCE) vulnerability in all supported versions of Windows. Anyone...