News

Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.

Edward Targett

11 oct. 2023 — 2 min read

“Our goal is simple: Get our customers secure and keep them secure,” Microsoft Chief Executive Steve Ballmer said: “Our commitment is to protect our customers from the growing wave of criminal attacks.”

It was October 2003: The second Iraq war was seven months old. Your humble scribe was hosting house parties to a soundscape of Spacek and D’Angelo. Concorde was still flying. And Stevie B was launching Patch Tuesday. Yes, Patch Tuesday is 20* this month. Here’s what it brings:

October Patch Tuesday, 2023

First up, that patch for curl and libcurl bug CVE-2023-38545 has landed, with the release of 8.4.0.

UN accused of AI 'power grab' and 'bureaucratic empire building'

Can the UN make space for globally inclusive AI regulation?

SPL trials airborne 5G connectivity system

"Our commitment...will revolutionize how the world stays connected..."

Understanding the latest AMD data centre chips and what they mean

Test content above the preview

Subscribe-testimonial

Gavin WhatrUp Company NameAffiliation It's my 'go to' place for beyond the headline information. There's always something extra in the reporting and analysis, which helps decide if this is relevant to me or not. Not just informative, but useful.