304 North Cardinal St.
Dorchester Center, MA 02124
The high severity vulnerabilities can be exploited to gain escalated privileges in Windows Defender Credential Guard and VMware, while the critical vulnerability in GitLab can be exploited to execute remote commands.
The vulnerability notes were released by the Computer Emergency Response Team (CERT-In) on Wednesday.
In Windows Defender Credential Guard
A very serious vulnerability reported in Windows Defender could be exploited by a local authenticated attacker by escalating their privileges to bypass security restrictions.
Successful exploitation can compromise the security of affected systems.
A vulnerability in Windows Defender exists because of a flaw in the Credential Protection component.
Windows Defender Credential Protection is a critical piece of software that secures the operating system by isolating user credentials from the rest of the operating system.
In VMware Tools
High-severity vulnerabilities have been found in VMware tools that affect versions of Windows and Linux.
This vulnerability can reportedly be used by a local authenticated attacker to escalate privileges as the root user. This escalation can allow attackers to gain access to critical operating system components, thereby compromising their security.
This vulnerability reportedly exists in VMware tools due to incorrect security restrictions, allowing attackers to escalate their privileges on affected systems.
A critical remote command execution vulnerability has been reported in GitLab, an open source code repository and software development platform.
A vulnerability in GitLab exists due to improper input validation as part of an import from the GitHub API endpoint.
A remote user can exploit it to pass specially crafted data to an application and execute arbitrary commands, compromising the security of affected systems.
To fix this vulnerability, it is recommended that you apply the security patch that is available in Microsoft’s security bulletin, on the VMware website, and on GitLab.