CERT-In issues alerts for vulnerabilities in Microsoft Windows Defender, VMware tools and GitLab

Applying security patches present on Microsoft’s security bulletin, VMware, and GitLab’s website is recommended to secure user systems

August 25, 2022 03:08 pm | Updated 04:57 pm IST

CERT-In issues alerts for vulnerabilities in Microsoft Windows Defender, VMware tools and GitLab

CERT-In issues alerts for vulnerabilities in Microsoft Windows Defender, VMware tools and GitLab | Photo Credit: Reuters

High severity vulnerabilities can be exploited to gain escalated privileges in Windows Defender Credential Guard, and VMware while a critical vulnerability in GitLab can be exploited to execute remote commands.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

The vulnerability notes were released by the Computer Emergency Response Team (CERT-In) on Wednesday.

In Windows Defender Credential Guard

The high severity vulnerability reported in Windows Defender can be exploited by a local authenticated attacker by escalating their privileges, thereby bypassing security restrictions.

Successful exploitation can compromise the security of the affected systems.

The vulnerability in Windows Defender exists due to a flaw in the credential guard component.

Windows Defender credential guard is a critical component of the software that secures the operating system by isolating users’ login information from the rest of the OS.

In VMware tools

High severity vulnerabilities have been detected in VMware tools that affect Windows and Linux versions.

The vulnerability can reportedly be used by a local authenticated attacker to escalate privileges as a root user. This escalation can allow attackers to gain access to critical components of the OS, thereby compromising their security.

The vulnerability reportedly exists in VMware tools due to improper security restrictions, allowing attackers to escalate their privileges on the affected systems.

In GitLab

A critical remote command execution vulnerability has been reported in GitLab, an open-source code repository and software development platform.

The vulnerability in GitLab exists due to improper input validation within the import from GitHub API endpoint.

It can be exploited by a remote user to pass specially crafted data to the application and execute arbitrary commands, thereby compromising the security of affected systems.

Application of security patch available on Microsoft’s security bulletin, VMware, and GitLab’s website is suggested to fix the vulnerability.

Top News Today

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.