Geek-Guy.com

Tag: outofband

AI, Apps, Exploits, Global Security News, Risk Management

CVE-2026-40372: Critical ASP.NET Core Flaw May Let Attackers Gain SYSTEM Privileges

Microsoft has released out-of-band updates for CVE-2026-40372, a high-impact ASP.NET Core privilege-escalation vulnerability tied to the platform’s Data Protection cryptographic APIs. Public reporting says the flaw carries a CVSS score of 9.1 and could allow an unauthenticated attacker to forge authentication material and ultimately obtain SYSTEM privileges on affected systems. The issue stands out not…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability

Microsoft has released an out-of-band update to fix an ASP.NET Core vulnerability that could allow attackers to take full control of affected systems.  The flaw enables unauthenticated privilege escalation, increasing risk for enterprises running .NET workloads.  “Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network,” said…

Read more →

Global Security News

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw. “Improper verification of…

Read more →

AI, Exploits, Global Security News

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. “An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Cisco fixes critical IMC auth bypass present in many products

Cisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances. The flaw allows unauthenticated remote attackers to gain admin access to the Cisco Integrated Management Controller (IMC), which gives administrators remote control over servers even when the main OS is shut down. The vulnerability,…

Read more →

Exploits, Global Security News

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)

Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but has urged customers to apply the updates or provided mitigations as soon as possible. About CVE-2026-21992 CVE-2026-21992…

Read more →

AI, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Microsoft Issues Hotpatch for Windows 11 RRAS RCE Bugs

Microsoft has issued an out-of-band security update to address several critical vulnerabilities in Windows 11 that could allow attackers to execute malicious code through the system’s remote access management tools.  The patch targets flaws in the Windows Routing and Remote Access Service (RRAS) and is being delivered as a hotpatch, allowing systems to receive the…

Read more →