AI vulnerabilities Archives

Winsage

December 11, 2024

Microsoft fixes zero-day security flaw in latest Windows update

Microsoft addressed 71 vulnerabilities in its December Patch Tuesday update, including a critical zero-day flaw. Of these, 59 vulnerabilities affect various versions of Windows, including Windows 10, Windows 11, and Windows Server. CVE-2024-49138 is a high-risk buffer overflow issue that allows privilege escalation and could enable full control over affected systems. Microsoft classified 16 Remote Code Execution (RCE) vulnerabilities as critical, with nine related to the Remote Desktop service. CVE-2024-49112 affects the Lightweight Directory Access Protocol (LDAP) and could allow code injection without user login. CVE-2024-49117 affects Hyper-V, allowing code execution from a guest system on the host system. Additionally, eight security vulnerabilities in Microsoft Office were resolved, including three RCE vulnerabilities. CVE-2024-49063 is the first identified security flaw in Microsoft's open-source AI project, Muzic. The next Patch Tuesday is scheduled for January 14, 2025.

Tech Optimizer

June 13, 2024

AI internet security is coming for AI PCs says Trend – Pickr

AI applications are vulnerable in ways that other applications are not, including risks where prompts cause AI applications to "misbehave" or have their behavior changed by tampering. Trend Micro plans to launch a security solution for consumer AI PCs that will safeguard AI applications and use neural processing units to handle email security. The company aims to protect AI from being tampered with and improve security for emails. Trend Micro believes that securing AI is crucial for the value of the AI era and plans to address both enterprise and individual consumer security needs. Traditional device security solutions can still be used on regular PCs or AI PCs to protect against traditional vulnerabilities and new risks from using local AI applications.