Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Ivanti Squashes Critical Bugs: A Positive Step or Just Another Patch Day?
Ivanti has patched a critical vulnerability in its Endpoint Management software, preventing unauthenticated attackers from gaining remote code execution on core servers. The flaw, caused by deserialization of untrusted data, has been addressed in recent updates. No exploits have been reported so far.
Hot Take:
Looks like Ivanti is throwing a patch party, and everyone’s invited… except the hackers! With vulnerabilities being squashed like whack-a-moles, it’s a good day to be a sysadmin and a bad day to be a cybercriminal.
Key Points:
- Ivanti patches a severe vulnerability (CVE-2024-29847) in Endpoint Management software.
- The flaw allowed unauthenticated attackers to gain remote code execution on the core server.
- Ivanti has released hot patches and Service Update 6 (SU6) for Ivanti EPM 2022 to address the issue.
- Almost two dozen high and critical severity flaws across multiple Ivanti products were also fixed.
- Ivanti has increased internal scanning and testing capabilities to improve vulnerability detection and disclosure.
Already a member? Log in here