Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix
A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.
“Our goal is simple: Get our customers secure and keep them secure,” Microsoft Chief Executive Steve Ballmer said: “Our commitment is to protect our customers from the growing wave of criminal attacks.”
It was October 2003: The second Iraq war was seven months old. Your humble scribe was hosting house parties to a soundscape of Spacek and D’Angelo. Concorde was still flying. And Stevie B was launching Patch Tuesday. Yes, Patch Tuesday is 20* this month. Here’s what it brings:
October Patch Tuesday, 2023
First up, that patch for curl and libcurl bug CVE-2023-38545 has landed, with the release of 8.4.0.