Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories

Intel, AMD, Zoom and Splunk released security advisories on Patch Tuesday to inform customers about vulnerabilities found in their products.

Intel, AMD, Zoom and Splunk have each released security advisories on the first Patch Tuesday of 2024 to inform customers about vulnerabilities found in their products.

Intel has published three new advisories announcing patches. Two of them describe a total of six high-severity and one medium-severity local privilege escalation vulnerabilities in NUC BIOS firmware.

The chip giant has also informed customers about four privilege escalation and denial-of-service (DoS) vulnerabilities in NUC software. All of the flaws require local access for exploitation.

AMD has published one new advisory this Patch Tuesday to announce that no mitigation is planned for a low-severity issue involving SEV-SNP.  

“A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled,” the company explained. “For example, a software-based debugger generating hardware-based exceptions for the purpose of debugging may not see the exceptions delivered to the VM guest.”

Splunk has released four new advisories. One of them informs customers about seven critical- and high-severity vulnerabilities patched in Splunk Enterprise Security with third-party package updates. 

Another advisory covers six high-severity flaws patched in User Behavior Analytics with third-party package updates. 

The company has also patched two medium-severity vulnerabilities in Enterprise Security. The flaws allow an authenticated attacker to cause a DoS condition to an investigation.

Advertisement. Scroll to continue reading.

Zoom has published one advisory to inform customers that Zoom Desktop, VDI Client and SDKs for Windows are affected by a high-severity flaw that could allow an authenticated attacker to escalate privileges via local access. Patches have been released. 

Related: Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024

Related: SAP’s First Patches of 2024 Resolve Critical Vulnerabilities

Related: Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.