XPost: alt.comp.os.windows-11

https://cybersecuritynews.com/openvpn-vulnerabilities-rce-attack/
The affected versions include all releases of OpenVPN prior to
OpenVPN 2.6.10 and OpenVPN 2.5.10

To verify if your OpenVPN installation is up-to-date

openvpn.exe --version

The key vulnerabilities are:

CVE-2024-27459: A stack overflow vulnerability in openvpnserv that can lead
to denial-of-service (DoS) and LPE on Windows systems.
CVE-2024-24974: Unauthorized access vulnerability allowing remote
interaction with the \\openvpn\\service named pipe on Windows.
CVE-2024-27903: A flaw in the plugin mechanism that can result in RCE on Windows and LPE and data manipulation on Android, iOS, macOS, and BSD. CVE-2024-1305: A memory overflow vulnerability in the Windows TAP driver causing DoS.

Microsoft reported these vulnerabilities to OpenVPN in March 2024 through Coordinated Vulnerability Disclosure. OpenVPN has since released patches to address these issues. Users are strongly urged to update to the latest versions, 2.6.10 or 2.5.10, to mitigate potential risks.

https://openvpn.net/community-downloads/ https://swupdate.openvpn.org/community/releases/OpenVPN-2.6.12-I001-amd64.msi Name: OpenVPN-2.6.12-I001-amd64.msi
Size: 5423104 bytes (5296 KiB)
SHA256: 525759FE9E52A77A7D2CAD99F5AF1923D7D3027CAB775CCFB7469CE0FD2B1758

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)