Cybersecurity Help: The flaw (CWE-284) exists due to an IDOR issue. A threat actor could send a specially crafted request with the post ID to delete arbitrary posts.
UK NCSC experts: It’s the CVE-2020-16952. It can be exploited when a user uploads a specially crafted application package to an affected version of SharePoint.
The researcher Steven Seeley: It’s due to improper validation of cmdlet arguments. Exploitation requires an authenticated user in a certain role. Patches have been released.
Eclypsium: It’s a vulnerability in the GRUB2 bootloader, that hit devices using Secure Boot. Attackers can install persistent and stealthy bootkits or malware.
CyCognito experts: A Cross-Site Scripting (XSS) flaw gives cybercrime can take control of a router administrator’s web configuration utility. The issue has been fixed with a patch.
Yoroi-Cybaze Experts: An attacker can execute arbitrary code on the target device by taking control of it without authentication. In addition, there is currently no patch.
Brenden Meeder of Booz Allen Hamilton discovered the flaw that could led a remote attacker without credentials to install malware on the targeted device. Install the patch now!
Microsoft confirmed “limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library”. The cyber security experts: Today there’s not available fix.